Disk Pulse Enterprise
by Flexense
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-34108 | Hig | 0.65 | — | 0.01 | Jul 15, 2025 | A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the… | ||
| CVE-2025-59901 | Hig | 0.55 | — | 0.00 | Jan 28, 2026 | Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitor_directory?sid=' endpoint, caused by insufficient validation of the 'monitor_directory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an… | ||
| CVE-2017-15663 | Hig | 0.53 | 7.5 | 0.13 | Jan 10, 2018 | In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120. | ||
| CVE-2017-15665 | Hig | 0.52 | 7.5 | 0.09 | Jan 10, 2018 | In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094. | ||
| CVE-2018-10568 | Med | 0.40 | 6.1 | 0.01 | May 2, 2018 | XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7. | ||
| CVE-2018-10565 | Med | 0.40 | 6.1 | 0.01 | May 2, 2018 | XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7. | ||
| CVE-2018-10564 | Med | 0.40 | 6.1 | 0.01 | May 2, 2018 | XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7. | ||
| CVE-2018-10294 | Med | 0.40 | 6.1 | 0.01 | May 2, 2018 | Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS. | ||
| CVE-2025-59900 | 0.00 | — | 0.00 | Jan 28, 2026 | Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient… | |||
| CVE-2025-59899 | 0.00 | — | 0.00 | Jan 28, 2026 | Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient… | |||
| CVE-2025-59898 | 0.00 | — | 0.00 | Jan 28, 2026 | Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient… | |||
| CVE-2025-59897 | 0.00 | — | 0.00 | Jan 28, 2026 | Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient… | |||
| CVE-2025-59896 | 0.00 | — | 0.00 | Jan 28, 2026 | Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient… | |||
| CVE-2025-59895 | 0.00 | — | 0.00 | Jan 28, 2026 | Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could… | |||
| CVE-2025-59894 | 0.00 | — | 0.00 | Jan 28, 2026 | Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible… | |||
| CVE-2025-59893 | 0.00 | — | 0.00 | Jan 28, 2026 | Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible… | |||
| CVE-2025-59892 | 0.00 | — | 0.00 | Jan 28, 2026 | Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible… | |||
| CVE-2025-59891 | 0.00 | — | 0.00 | Jan 28, 2026 | Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible… | |||
| CVE-2023-49575 | 0.00 | — | 0.00 | May 24, 2024 | A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server,… |
- risk 0.65cvss —epss 0.01
A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the…
- risk 0.55cvss —epss 0.00
Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitor_directory?sid=' endpoint, caused by insufficient validation of the 'monitor_directory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an…
- risk 0.53cvss 7.5epss 0.13
In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120.
- risk 0.52cvss 7.5epss 0.09
In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094.
- risk 0.40cvss 6.1epss 0.01
XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7.
- risk 0.40cvss 6.1epss 0.01
XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7.
- risk 0.40cvss 6.1epss 0.01
XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7.
- risk 0.40cvss 6.1epss 0.01
Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS.
- CVE-2025-59900Jan 28, 2026risk 0.00cvss —epss 0.00
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…
- CVE-2025-59899Jan 28, 2026risk 0.00cvss —epss 0.00
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…
- CVE-2025-59898Jan 28, 2026risk 0.00cvss —epss 0.00
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…
- CVE-2025-59897Jan 28, 2026risk 0.00cvss —epss 0.00
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…
- CVE-2025-59896Jan 28, 2026risk 0.00cvss —epss 0.00
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…
- CVE-2025-59895Jan 28, 2026risk 0.00cvss —epss 0.00
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could…
- CVE-2025-59894Jan 28, 2026risk 0.00cvss —epss 0.00
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…
- CVE-2025-59893Jan 28, 2026risk 0.00cvss —epss 0.00
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…
- CVE-2025-59892Jan 28, 2026risk 0.00cvss —epss 0.00
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…
- CVE-2025-59891Jan 28, 2026risk 0.00cvss —epss 0.00
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…
- CVE-2023-49575May 24, 2024risk 0.00cvss —epss 0.00
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server,…