CVE Tools

pfsense

Security Productsoss-project

18

Cumulative CVEs

4

Monthly snapshots

#37

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting pfsense.

CVE-2025-69691Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally a...9.9May 8, 2026
CVE-2025-69690Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier dispute...9.1May 8, 2026
CVE-2025-34178Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting5.4Sep 9, 2025
CVE-2025-34177Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting5.4Sep 9, 2025
CVE-2025-34176Netgate pfSense CE Suricata Package v7.0.8_2 Directory Traversal Information Disclosure4.3Sep 9, 2025
CVE-2025-34175Netgate pfSense CE Suricata package v7.0.8_2 Reflected Cross-Site Scripting6.1Sep 9, 2025
CVE-2025-34174Netgate pfSense CE Status_Traffic_Totals Package v2.3.2_7 Stored Cross-Site Scripting5.4Sep 9, 2025
CVE-2025-34173Netgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information Disclosure4.3Sep 9, 2025
CVE-2025-34172Netgate pfSense CE HAProxy Package 0.63_10 Reflected Cross-Site Scripting6.1Sep 9, 2025
CVE-2025-53392In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that t...5.0Jun 28, 2025
CVE-2023-29975An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification.7.2Nov 9, 2023
CVE-2023-29974An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements.9.8Nov 8, 2023
CVE-2023-29973Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall.4.9Oct 24, 2023
CVE-2020-19678Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suric...7.5Apr 6, 2023
CVE-2023-27100Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force p...9.8Mar 22, 2023