Exploit for CVE-2025-69690

🔐 CVE-2025-69690 & CVE-2025-69691 Authenticated Remote Co...

📄 Netgate pfSense Community Edition 2.7.2 / 2.8.0 Remote Code Execution

Netgate pfSense Community Edition versions 2.7.2 and 2.8.0 appear to suffer from multiple authenticated remote code execution vulnerabilities that the vendor has written off as abusive administrator behavior but a non-issue. 🔐 CVE-2025-69690 & CVE-2025-69691 Authenticated Remote Code Execution in...

EUVD-2024-55005

Malicious code in bioql PyPI...

CVE-2025-34176

In pfSense CE /suricata/suricataipreputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the fi...

CVE-2025-34178

In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

PT-2025-36940

Name of the Vulnerable Software and Affected Versions: pfSense CE affected versions not specified Description: The iplist parameter in /usr/local/www/snort/snort ip reputation.php is not properly sanitized to prevent directory traversal attempts. This allows an authenticated attacker with “WebCfg...

CVE-2021-20729

Cross-site scripting vulnerability in pfSense CE and pfSense Plus pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier allows a remote attacker to inject an arbitrary script via a malicious URL...

Netgate pfSense CE Security Vulnerability

pfSense is a set of network firewalls based on FreeBSD Linux. A security vulnerability exists in Netgate pfSense Plus v.23.05.1 and earlier and pfSense CE v.2.7.0, which stems from an arbitrary code execution vulnerability in the file packetcapture.php...

CVE-2022-24299

Improper input validation vulnerability in pfSense CE and pfSense Plus pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01 allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command...

CVE-2022-26019

Improper access control vulnerability in pfSense CE and pfSense Plus pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01 allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result ...

Netgate pfSense CE 路径遍历漏洞

Netgate pfSense CE is a free and open source FreeBSD-based firewall and router software. A security vulnerability exists in Netgate pfSense CE, where an attacker with the right to change the NTP GPS settings could rewrite existing files on the file system, resulting in arbitrary command execution...