Pfsense
This hub aggregates every CVE we track for Pfsense, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.
80
CVEs tracked
7
Critical
23
High
0
In CISA KEV
Severity distribution
MEDIUM50HIGH23CRITICAL7
Monthly trend
0
0
0
1
0
0
0
0
0
0
3
1
0
0
7
0
1
0
0
0
0
0
2
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Pfsense.
- CVE-2025-69690Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier dispute...9.1
- CVE-2025-69691Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally a...9.9
- CVE-2025-12490Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability8.8
- CVE-2025-34178Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting5.4
- CVE-2025-34177Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting5.4
- CVE-2025-34176Netgate pfSense CE Suricata Package v7.0.8_2 Directory Traversal Information Disclosure4.3
- CVE-2025-34175Netgate pfSense CE Suricata package v7.0.8_2 Reflected Cross-Site Scripting6.1
- CVE-2025-34174Netgate pfSense CE Status_Traffic_Totals Package v2.3.2_7 Stored Cross-Site Scripting5.4
- CVE-2025-34173Netgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information Disclosure4.3
- CVE-2025-34172Netgate pfSense CE HAProxy Package 0.63_10 Reflected Cross-Site Scripting6.1
- CVE-2025-53392In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that t...5.0
- CVE-2024-54780Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the O...8.8
- CVE-2024-54779Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross Site Scripting (XSS) in widgets/log.widget.php.5.4
- CVE-2024-57273Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in the Automatic Configuration Backup (ACB) service, allowing remote attac...5.4
- CVE-2024-46538A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups...4.8
Product normalization is registry-driven with AI assist and human review. How it works