Lucene search
K

201 matches found

CNNVD
CNNVD
added 2025/06/28 12:0 a.m.4 views

Netgate pfSense CE 安全漏洞

Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate, Inc. that supports enterprise-class network security and network management features. A security vulnerability exists in Netgate pfSense CE version 2.8.0, which stems from diagcommand.php dlPath director...

6.5CVSS6.6AI score0.01766EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/06/28 12:0 a.m.3 views

PT-2025-27330 · Netgate · Pfsense Ce

Name of the Vulnerable Software and Affected Versions: Netgate pfSense CE version 2.8.0 Description: The issue arises from the "WebCfg - Diagnostics: Command" privilege, which improperly allows users to read arbitrary files on the system through a directory traversal attack targeting the diag...

5CVSS7.5AI score0.01766EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2025/06/28 12:0 a.m.3 views

CVE-2025-53392

In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diagcommand.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed throug...

5CVSS7.4AI score0.01766EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:19 a.m.9 views

CVE-2023-42325

Cross Site Scripting XSS vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the statuslogsfilterdynamic.php page...

5.4CVSS6.2AI score0.57918EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:19 a.m.10 views

CVE-2023-42327

Cross Site Scripting XSS vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page...

5.4CVSS6.2AI score0.55356EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:19 a.m.11 views

CVE-2023-42326

An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfacesgifedit.php and interfacesgreedit.php components...

8.8CVSS7.8AI score0.64021EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 2:26 a.m.9 views

CVE-2023-27253

A command injection vulnerability in the function restorerrddata of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml...

8.8CVSS7.9AI score0.90655EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:7 p.m.8 views

CVE-2020-19201

A Stored Cross-Site Scripting XSS vulnerability was found in statusfilterreload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier. The page did not encode output from the filter reload process, and a stored XSS was possible via the descr description...

5.4CVSS4.9AI score0.03451EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:19 p.m.8 views

CVE-2020-21487

Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acmecertificates.php...

9.6CVSS7.3AI score0.00666EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:18 p.m.9 views

CVE-2020-21219

Cross Site Scripting XSS vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acmecertificateedit.php page of the ACME package...

6.1CVSS6.3AI score0.00598EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/16 12:57 a.m.14 views

CVE-2024-54780

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting...

8.8CVSS7.5AI score0.11991EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/16 12:57 a.m.12 views

CVE-2024-54779

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross Site Scripting XSS in widgets/log.widget.php...

5.4CVSS6.1AI score0.03737EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/16 12:57 a.m.15 views

CVE-2024-57273

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross-site scripting XSS in the Automatic Configuration Backup ACB service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized...

5.4CVSS6.5AI score0.01181EPSS
Exploits1References1
NVD
NVD
added 2025/05/14 2:15 p.m.8 views

CVE-2024-54780

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting...

8.8CVSS0.11991EPSS
Exploits1References2
NVD
NVD
added 2025/05/14 2:15 p.m.12 views

CVE-2024-57273

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross-site scripting XSS in the Automatic Configuration Backup ACB service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized...

5.4CVSS0.01181EPSS
Exploits1References3
NVD
NVD
added 2025/05/14 2:15 p.m.14 views

CVE-2024-54779

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross Site Scripting XSS in widgets/log.widget.php...

5.4CVSS0.03737EPSS
Exploits1References3
OSV
OSV
added 2025/05/14 2:15 p.m.3 views

CVE-2024-54779

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross Site Scripting XSS in widgets/log.widget.php...

5.4CVSS5.8AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/14 12:0 a.m.7 views

CVE-2024-54780

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting...

9AI score0.11991EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/05/14 12:0 a.m.57 views

CVE-2024-54780

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting...

0.11991EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/05/14 12:0 a.m.12 views

CVE-2024-57273

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross-site scripting XSS in the Automatic Configuration Backup ACB service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized...

0.01181EPSS
Exploits1References3
Rows per page
Query Builder