VYPR

Core

by Opnsense

Source repositories

CVEs (4)

  • CVE-2026-2035MedFeb 20, 2026
    risk 0.37cvss 6.8epss 0.02

    Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. …

  • CVE-2025-13698MedDec 23, 2025
    risk 0.22cvss 4.5epss 0.00

    Deciso OPNsense diag_backup.php filename Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Deciso OPNsense. Authentication is required to exploit this…

  • CVE-2017-1000479HigJan 3, 2018
    risk 0.06cvss 8.8epss 0.33

    pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork…

  • CVE-2026-30868Mar 11, 2026
    risk 0.00cvss epss 0.00

    OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC API endpoints perform state‑changing operations but are accessible via HTTP GET requests without CSRF protection. The framework CSRF validation in ApiControllerBase only applies…