7 matches found
EUVD-2025-27468
Malicious code in bioql PyPI...
CVE-2025-34174
In pfSense CE /usr/local/www/statustraffictotals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all use...
CVE-2025-34174 Netgate pfSense CE Status_Traffic_Totals Package v2.3.2_7 Stored Cross-Site Scripting
In pfSense CE /usr/local/www/statustraffictotals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all use...
CVE-2025-34174 Netgate pfSense CE Status_Traffic_Totals Package v2.3.2_7 Stored Cross-Site Scripting
In pfSense CE /usr/local/www/statustraffictotals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all use...
CVE-2025-34174
The CVE affects pfSense CE in the Status Traffic Totals feature: /usr/local/www/status_traffic_totals.php processes the start-day parameter. The parameter is not validated as numeric nor sanitized for HTML, allowing the value to be saved as the default display for all users, which triggers stored...
Netgate pfSense CE 安全漏洞
Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate, Inc. that supports enterprise-class network security and network management features. A security vulnerability exists in Netgate pfSense CE that stems from the start-day parameter not validating as a...
PT-2025-36941
Name of the Vulnerable Software and Affected Versions: pfSense CE affected versions not specified Description: The start-day parameter in /usr/local/www/status traffic totals.php does not undergo proper validation to ensure it is a numeric value or sanitized of HTML-related characters before bein...