Fabien Maisonnette

**Name of the Vulnerable Software and Affected Versions** pfSense Plus software version 22.05.1 pfSense CE software version 2.6.0 **Description** The issue is related to improper restriction of excessive authentication attempts in the SSHGuard component, allowing attackers to bypass brute force protection mechanisms via crafted web requests. **Recommendations** For pfSense Plus software version 22.05.1, update to a version that includes a fix for this issue. For pfSense CE software version 2.6.0, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the SSHGuard component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** pfSense CE versions prior to 2.6.0 pfSense Plus versions prior to 22.01 **Description** The issue is related to the use of `$ REQUEST['pkg filter']` in a PHP echo call within the `/usr/local/www/pkg.php` file, leading to a potential XSS issue. **Recommendations** For pfSense CE versions prior to 2.6.0, update to version 2.6.0 or later. For pfSense Plus versions prior to 22.01, update to version 22.01 or later.