ipfire

Top products

The 15 most recently published vulnerabilities affecting ipfire.

• CVE-2019-25400IPFire 2.21 Core Update 127 Multiple XSS via fwhosts.cgi5.4Feb 18, 2026
• CVE-2019-25399IPFire 2.21 Core Update 127 Stored XSS via extrahd.cgi6.4Feb 18, 2026
• CVE-2019-25398IPFire 2.21 Core Update 127 Cross-Site Scripting via ovpnmain.cgi6.1Feb 18, 2026
• CVE-2019-25397IPFire 2.21 Core Update 127 Cross-Site Scripting via hosts.cgi6.1Feb 18, 2026
• CVE-2019-25396IPFire 2.21 Core Update 127 Reflected XSS via updatexlrator.cgi6.1Feb 18, 2026
• CVE-2025-34311IPFire < v2.29 Command Injection via Proxy Report Creation8.8Oct 28, 2025
• CVE-2025-34312IPFire < v2.29 Command Injection via URL Filter Blacklist8.8Oct 28, 2025
• CVE-2025-34304IPFire < v2.29 SQL Injection via OpenVPN Connection Logs6.5Oct 28, 2025
• CVE-2025-34307IPFire < v2.29 Stored XSS via Default Country Search5.4Oct 28, 2025
• CVE-2025-34306IPFire < v2.29 Stored XSS via Default IP Search Value5.4Oct 28, 2025
• CVE-2025-34308IPFire < v2.29 Stored XSS via Default Time Sync5.4Oct 28, 2025
• CVE-2025-34317IPFire < v2.29 Stored XSS via DNS Creation (dns.cgi)5.4Oct 28, 2025
• CVE-2025-34309IPFire < v2.29 Stored XSS via Dynamic DNS Host5.4Oct 28, 2025
• CVE-2025-34301IPFire < v2.29 Stored XSS via Location Group Creation5.4Oct 28, 2025
• CVE-2025-34316IPFire < v2.29 Stored XSS via Mail Server Settings5.4Oct 28, 2025