Netgate Pfsense Ce
7 CVEs affecting Netgate Pfsense Ce. Latest disclosed: 2025-09-09. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-34175 | Medium | 6.1 | 2025-09-09 | In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related cha… |
CVE-2025-34172 | Medium | 6.1 | 2025-09-09 | In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests… |
CVE-2025-34178 | Medium | 5.4 | 2025-09-09 | In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being direc… |
CVE-2025-34177 | Medium | 5.4 | 2025-09-09 | In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being direc… |
CVE-2025-34174 | Medium | 5.4 | 2025-09-09 | In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related… |
CVE-2025-34176 | Medium | 4.3 | 2025-09-09 | In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This… |
CVE-2025-34173 | Medium | 4.3 | 2025-09-09 | In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/string… |