Exploit for CVE-2025-69690

🔐 CVE-2025-69690 & CVE-2025-69691 Authenticated Remote Co...

📄 Netgate pfSense Community Edition 2.7.2 / 2.8.0 Remote Code Execution

Netgate pfSense Community Edition versions 2.7.2 and 2.8.0 appear to suffer from multiple authenticated remote code execution vulnerabilities that the vendor has written off as abusive administrator behavior but a non-issue. 🔐 CVE-2025-69690 & CVE-2025-69691 Authenticated Remote Code Execution in...

EUVD-2024-55005

Malicious code in bioql PyPI...

CVE-2025-34176

In pfSense CE /suricata/suricataipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the fi...

CVE-2025-34178

In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

PT-2025-36943

Name of the Vulnerable Software and Affected Versions: pfSense CE affected versions not specified Description: The iplist parameter in /suricata/suricata ip reputation.php is not properly sanitized to prevent directory traversal attempts. This allows an authenticated attacker with “WebCfg -...

PT-2025-36940

Name of the Vulnerable Software and Affected Versions: pfSense CE affected versions not specified Description: The iplist parameter in /usr/local/www/snort/snort ip reputation.php is not properly sanitized to prevent directory traversal attempts. This allows an authenticated attacker with “WebCfg...

CVE-2021-20729

Cross-site scripting vulnerability in pfSense CE and pfSense Plus pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier allows a remote attacker to inject an arbitrary script via a malicious URL...

Netgate pfSense CE Security Vulnerability

pfSense is a set of network firewalls based on FreeBSD Linux. A security vulnerability exists in Netgate pfSense Plus v.23.05.1 and earlier and pfSense CE v.2.7.0, which stems from an arbitrary code execution vulnerability in the file packetcapture.php...

CVE-2023-29974

An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements...

PT-2023-22499 · Unknown · Pfsense Ce

Name of the Vulnerable Software and Affected Versions: Pfsense CE version 2.6.0 Description: An issue in Pfsense CE allows attackers to compromise user accounts due to weak password requirements. Recommendations: For Pfsense CE version 2.6.0, consider strengthening password requirements to preven...

pfSense 安全漏洞

pfSense is a set of network firewalls based on FreeBSD Linux. A security vulnerability exists in Netgate pfSense Plus version v22.05.1 and pfSense CE version v2.6.0, which stems from an improper restriction on excessive authentication attempts, and can be exploited by an attacker to bypass the...

CVE-2022-26019

Improper access control vulnerability in pfSense CE and pfSense Plus pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01 allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result ...

CVE-2022-24299

Improper input validation vulnerability in pfSense CE and pfSense Plus pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01 allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command...

Netgate pfSense CE 路径遍历漏洞

Netgate pfSense CE is a free and open source FreeBSD-based firewall and router software. A security vulnerability exists in Netgate pfSense CE, where an attacker with the right to change the NTP GPS settings could rewrite existing files on the file system, resulting in arbitrary command execution...

CVE-2022-23993

/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $REQUEST'pkgfilter' in a PHP echo call, causing XSS...

Netgate pfSense CE 跨站脚本漏洞

Netgate pfSense CE is a free and open source FreeBSD-based firewall and router software. Netgate pfSense CE suffers from a cross-site scripting vulnerability that can be exploited by an attacker to trigger cross-site scripting via pfSense in order to run JavaScript code in the context of a websit...

Netgate pfSense CE Command Injection Vulnerability (CNVD-2018-26995)

Netgate pfSense CE is the United States Netgate company's set of free open source FreeBSD-based firewall and router software. A command injection vulnerability exists in the 'powerdacmode' POST parameter in Netgate pfSense CE version 2.4.4-RELEASE, which can be exploited by an attacker to execute...

PfSense Community Edition 2.2.6 CSRF / XSS / Command Injection

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. PfSense Community Edition Multiple Vulnerabilities Affected versions: PfSense Community Edition = 2.2.6 PDF:...