Vulnerabilidades en opnsense
17 resultadosCVE-2025-50989CRITICALOPNsense before 25.1.8 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint (interfaces_bridge_edEPSS 8.0%CVE-2026-44194CRITICALOPNsense: RCE on user managmentEPSS 6.4%CVE-2026-44193CRITICALOPNsense: RCE via XMLRPC endpoint using `opnsense.restore_config_section` methodEPSS 0.7%CVE-2026-45158CRITICALOPNsense: Command Injection via Attacker-Controlled DHCP ConfigEPSS 0.5%CVE-2026-34578HIGHOPNsense has an LDAP Injection via Unsanitized Username in AuthenticationEPSS 0.4%CVE-2019-25376MEDIUMOPNsense 19.1 Reflected XSS via proxy endpointEPSS 0.4%CVE-2019-25375MEDIUMOPNsense 19.1 Reflected XSS via monit interfaceEPSS 0.4%CVE-2019-25374MEDIUMOPNsense 19.1 Reflected XSS via vpn_ipsec_settings.phpEPSS 0.3%CVE-2026-44195MEDIUMOPNsense: Authentication lockout bypassEPSS 0.3%CVE-2019-25377MEDIUMOPNsense 19.1 Reflected XSS via system_advanced_sysctl.phpEPSS 0.2%CVE-2019-25371MEDIUMOPNsense 19.1 Reflected XSS via diag_ping.phpEPSS 0.2%CVE-2019-25372MEDIUMOPNsense 19.1 Reflected XSS via diag_traceroute.phpEPSS 0.2%CVE-2019-25370MEDIUMOPNsense 19.1 Reflected XSS via interfaces_vlan_edit.phpEPSS 0.2%CVE-2019-25373MEDIUMOPNsense 19.1 Stored XSS via firewall_rules_edit.phpEPSS 0.2%CVE-2019-25369MEDIUMOPNsense 19.1 Stored XSS via system_advanced_sysctl.phpEPSS 0.2%CVE-2026-30868MEDIUMCross-Site Request Forgery (CSRF) in opnsense/coreEPSS 0.1%CVE-2019-25368MEDIUMOPNsense 19.1 Reflected XSS via diag_backup.phpEPSS 0.1%