Netgate Pfsense Ce

7 CVEs affecting Netgate Pfsense Ce. Latest disclosed: 2025-09-09. Critical: 0, High: 0.

Top CVEs affecting Netgate Pfsense Ce
CVESeverityScorePublishedSummary
CVE-2025-34175Medium6.12025-09-09In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related cha…
CVE-2025-34172Medium6.12025-09-09In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests…
CVE-2025-34178Medium5.42025-09-09In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being direc…
CVE-2025-34177Medium5.42025-09-09In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being direc…
CVE-2025-34174Medium5.42025-09-09In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related…
CVE-2025-34176Medium4.32025-09-09In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This…
CVE-2025-34173Medium4.32025-09-09In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/string…