Known Vulnerabilities for PfSense CE by Netgate
Listed below are 1 of the newest known vulnerabilities associated with "PfSense CE" by "Netgate".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-69691 json | Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this becau... | Not Provided | 2026-05-08 | 2026-05-08 |
| CVE-2025-69690 json | Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object ... | Not Provided | 2026-05-08 | 2026-05-08 |
| CVE-2025-34178 json | In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related st... | Not Provided | 2025-09-09 | 2026-07-14 |
| CVE-2025-34177 json | In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related st... | Not Provided | 2025-09-09 | 2026-07-14 |
| CVE-2025-34176 json | In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversa... | Not Provided | 2025-09-09 | 2026-07-14 |
| CVE-2025-34175 json | In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed with... | Not Provided | 2025-09-09 | 2026-07-14 |
| CVE-2025-34173 json | In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory ... | Not Provided | 2025-09-09 | 2026-07-14 |
| CVE-2025-34172 json | In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after ... | Not Provided | 2025-09-09 | 2026-07-14 |
| CVE-2024-57273 json | Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in... | Not Provided | 2025-05-14 | 2026-07-05 |
| CVE-2023-48795 json | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote att... | Not Provided | 2023-12-18 | 2026-05-12 |