VYPR

Vendor CVEs

Opnsense

All CVEs

38 total · sorted by risk
  • CVE-2026-45158CriMay 13, 2026
    risk 0.52cvss 9.1epss 0.01

    OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, which is processed by a shell script, allowing remote code execution as root on the underlying operating system.…

  • CVE-2026-44194CriMay 13, 2026
    risk 0.52cvss 9.1epss 0.06

    OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution (RCE) vulnerability in the OPNsense core allows a user with user-management privileges to execute arbitrary system commands as root. An attacker can bypass input…

  • CVE-2026-44193CriMay 13, 2026
    risk 0.52cvss 9.1epss 0.01

    OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restore_config_section fails to sanitize user supplied input leading to Remote Code Execution. This vulnerability is fixed in 26.1.7.

  • CVE-2026-34578HigApr 9, 2026
    risk 0.46cvss 8.2epss 0.00

    OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldap_escape(). An unauthenticated attacker can inject LDAP filter metacharacters…

  • CVE-2026-2035MedFeb 20, 2026
    risk 0.37cvss 6.8epss 0.02

    Deciso OPNsense diag_backup.php filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deciso OPNsense. Authentication is required to exploit this vulnerability. …

  • CVE-2025-34182MedOct 1, 2025
    risk 0.33cvss epss 0.00

    In Deciso OPNsense before 25.7.4, when creating an "Interfaces: Devices: Point-to-Point" entry, the value of the parameter ptpid is not sanitized of HTML-related characters/strings. This value is directly displayed when visiting the page/interfaces_assign.php, which can result…

  • CVE-2026-44195MedMay 13, 2026
    risk 0.27cvss 5.3epss 0.00

    OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockout_handler allows an unauthenticated attacker to continuously reset the authentication failure counter for their IP address. By interjecting a crafted username…

  • CVE-2025-13698MedDec 23, 2025
    risk 0.22cvss 4.5epss 0.00

    Deciso OPNsense diag_backup.php filename Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Deciso OPNsense. Authentication is required to exploit this…

  • CVE-2017-1000479HigJan 3, 2018
    risk 0.06cvss 8.8epss 0.33

    pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork…

  • CVE-2020-23015May 3, 2021
    risk 0.01cvss epss 0.03

    An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website.

  • CVE-2026-30868Mar 11, 2026
    risk 0.00cvss epss 0.00

    OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC API endpoints perform state‑changing operations but are accessible via HTTP GET requests without CSRF protection. The framework CSRF validation in ApiControllerBase only applies…

  • CVE-2019-25377Feb 15, 2026
    risk 0.00cvss epss 0.00

    OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute…

  • CVE-2019-25376Feb 15, 2026
    risk 0.00cvss epss 0.00

    OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted payloads through the ignoreLogACL parameter. Attackers can send POST requests to the proxy endpoint with JavaScript code…

  • CVE-2019-25375Feb 15, 2026
    risk 0.00cvss epss 0.00

    OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. Attackers can send POST requests to the monit interface with JavaScript payloads in…

  • CVE-2019-25374Feb 15, 2026
    risk 0.00cvss epss 0.00

    OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthrough_networks parameter in vpn_ipsec_settings.php. Attackers can craft POST requests with JavaScript payloads in the…

  • CVE-2019-25373Feb 15, 2026
    risk 0.00cvss epss 0.00

    OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewall_rules_edit.php with script payloads in the…

  • CVE-2019-25372Feb 15, 2026
    risk 0.00cvss epss 0.00

    OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to…

  • CVE-2019-25371Feb 15, 2026
    risk 0.00cvss epss 0.00

    OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diag_ping.php endpoint…

  • CVE-2019-25370Feb 15, 2026
    risk 0.00cvss epss 0.00

    OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfaces_vlan_edit.php with script payloads in the tag, descr,…

  • CVE-2019-25369Feb 15, 2026
    risk 0.00cvss epss 0.00

    OPNsense 19.1 contains a stored cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and…

  • CVE-2019-25368Feb 15, 2026
    risk 0.00cvss epss 0.00

    OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag_backup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDrive_GDriveEmail, GDrive_GDriveFolderID, GDrive_GDriveBackupCount, Nextcloud_url,…

  • CVE-2025-50989Aug 27, 2025
    risk 0.00cvss epss 0.08

    OPNsense before 25.1.8 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint (interfaces_bridge_edit.php). The span POST parameter is concatenated into a system-level command without proper sanitization or escaping, allowing an…

  • CVE-2023-27152Oct 23, 2023
    risk 0.00cvss epss 0.01

    DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication.

  • CVE-2023-44276Sep 28, 2023
    risk 0.00cvss epss 0.01

    OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard.

  • CVE-2023-44275Sep 28, 2023
    risk 0.00cvss epss 0.01

    OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard.

  • CVE-2023-39000Aug 9, 2023
    risk 0.00cvss epss 0.01

    A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL path.

  • CVE-2023-39008Aug 9, 2023
    risk 0.00cvss epss 0.03

    A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands.

  • CVE-2023-38999Aug 9, 2023
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

  • CVE-2023-39005Aug 9, 2023
    risk 0.00cvss epss 0.01

    Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2.

  • CVE-2023-38998Aug 9, 2023
    risk 0.00cvss epss 0.01

    An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.

  • CVE-2023-39002Aug 9, 2023
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2023-39006Aug 9, 2023
    risk 0.00cvss epss 0.00

    The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization.

  • CVE-2023-39001Aug 9, 2023
    risk 0.00cvss epss 0.03

    A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file.

  • CVE-2023-39007Aug 9, 2023
    risk 0.00cvss epss 0.02

    /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php.

  • CVE-2023-38997Aug 9, 2023
    risk 0.00cvss epss 0.01

    A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive.

  • CVE-2021-42770Nov 8, 2021
    risk 0.00cvss epss 0.01

    A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester.

  • CVE-2018-18958Jun 17, 2019
    risk 0.00cvss epss 0.01

    OPNsense 18.7.x before 18.7.7 has Incorrect Access Control.

  • CVE-2019-11816May 20, 2019
    risk 0.00cvss epss 0.03

    Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.