VYPR
Vendor

Netgate

Products
6
CVEs
54
Across products
55
Status
Private

Products

6

Recent CVEs

54
View all 54 CVEs →
  • CVE-2025-69691CriMay 8, 2026
    risk 0.64cvss 9.9epss 0.01

    Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code.

  • CVE-2025-69690CriMay 8, 2026
    risk 0.59cvss 9.1epss 0.01

    Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are…

  • CVE-2025-12490HigNov 6, 2025
    risk 0.52cvss 8.8epss 0.19

    Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. Authentication is required to exploit this vulnerability. The specific flaw exists…

  • CVE-2016-20058HigApr 4, 2026
    risk 0.51cvss 7.8epss 0.01

    Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger…

  • CVE-2016-20057HigApr 4, 2026
    risk 0.51cvss 7.8epss 0.01

    NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the unquoted path and…

  • CVE-2019-25271HigFeb 5, 2026
    risk 0.51cvss 7.8epss 0.00

    NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific…

  • CVE-2023-48795MedDec 18, 2023
    risk 0.39cvss 5.9epss 0.93

    The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently…

  • CVE-2015-2295Apr 10, 2015
    risk 0.08cvss epss 0.66

    Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.

  • CVE-2023-42326Nov 14, 2023
    risk 0.07cvss epss 0.64

    An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.

  • CVE-2018-4019Dec 3, 2018
    risk 0.07cvss epss 0.49

    An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to…

  • CVE-2018-4020Dec 3, 2018
    risk 0.07cvss epss 0.49

    An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to…

  • CVE-2018-4021Dec 3, 2018
    risk 0.07cvss epss 0.72

    An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to…

  • CVE-2023-48123Dec 6, 2023
    risk 0.05cvss epss 0.68

    An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file.

  • CVE-2023-42327Nov 14, 2023
    risk 0.04cvss epss 0.55

    Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page.

  • CVE-2023-42325Nov 14, 2023
    risk 0.04cvss epss 0.58

    Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page.

  • CVE-2020-11457Apr 1, 2020
    risk 0.04cvss epss 0.09

    pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.

  • CVE-2014-4688Jul 2, 2014
    risk 0.04cvss epss 0.07

    pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php, or (3) the database value to status_rrd_graph_img.php.

  • CVE-2023-27100Mar 22, 2023
    risk 0.03cvss epss 0.10

    Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.

  • CVE-2023-27253Mar 17, 2023
    risk 0.02cvss epss 0.91

    A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.

  • CVE-2015-4029Aug 18, 2015
    risk 0.02cvss epss 0.20

    Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to services_captiveportal_zones.php.