GCVE - cpe:2.3:a:pfsense:pfsense_ce_and_pfsense

Approved changes feed: RSS · Atom

cpe:2.3:a:pfsense:pfsense_ce_and_pfsense_plus:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Pfsense (`16119953-645e-5c83-888a-eeb9b3a567ca`)
Product	Pfsense Ce And Pfsense Plus (`ea4af7d7-3629-5ee3-b11a-110c7551758c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-26019`	vulnerable	2026-06-08 05:41:50.007205	Details available Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution. Published: 2022-03-31T07:21:31.000Z Updated: 2024-08-03T04:56:37.518Z Open on db.gcve.eu Reference links https://jvn.jp/en/jp/JVN87751554/index.html https://docs.netgate.com/downloads/pfSense-SA-22_01.webgui.asc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-24299`	vulnerable	2026-06-08 05:41:00.065761	Details available Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command. Published: 2022-03-31T07:21:07.000Z Updated: 2024-08-03T04:07:02.366Z Open on db.gcve.eu Reference links https://jvn.jp/en/jp/JVN87751554/index.html https://docs.netgate.com/downloads/pfSense-SA-22_03.webgui.asc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-20729`	vulnerable	2026-06-08 05:29:10.430079	Details available Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL. Published: 2022-03-31T07:20:29.000Z Updated: 2024-08-03T17:53:21.921Z Open on db.gcve.eu Reference links https://docs.netgate.com/downloads/pfSense-SA-21_02.captiveportal.asc https://jvn.jp/en/jp/JVN87751554/index.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Pfsense Ce And Pfsense Plus

PURL mappings

Vulnerability references

Contribute