VYPR

Disk Pulse Enterprise

by Flexense

CVEs (19)

  • CVE-2025-34108HigJul 15, 2025
    risk 0.65cvss epss 0.01

    A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the…

  • CVE-2025-59901HigJan 28, 2026
    risk 0.55cvss epss 0.00

    Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitor_directory?sid=' endpoint, caused by insufficient validation of the 'monitor_directory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an…

  • CVE-2017-15663HigJan 10, 2018
    risk 0.53cvss 7.5epss 0.13

    In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120.

  • CVE-2017-15665HigJan 10, 2018
    risk 0.52cvss 7.5epss 0.09

    In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094.

  • CVE-2018-10568MedMay 2, 2018
    risk 0.40cvss 6.1epss 0.01

    XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7.

  • CVE-2018-10565MedMay 2, 2018
    risk 0.40cvss 6.1epss 0.01

    XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7.

  • CVE-2018-10564MedMay 2, 2018
    risk 0.40cvss 6.1epss 0.01

    XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7.

  • CVE-2018-10294MedMay 2, 2018
    risk 0.40cvss 6.1epss 0.01

    Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS.

  • CVE-2025-59900Jan 28, 2026
    risk 0.00cvss epss 0.00

    Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…

  • CVE-2025-59899Jan 28, 2026
    risk 0.00cvss epss 0.00

    Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…

  • CVE-2025-59898Jan 28, 2026
    risk 0.00cvss epss 0.00

    Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…

  • CVE-2025-59897Jan 28, 2026
    risk 0.00cvss epss 0.00

    Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…

  • CVE-2025-59896Jan 28, 2026
    risk 0.00cvss epss 0.00

    Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…

  • CVE-2025-59895Jan 28, 2026
    risk 0.00cvss epss 0.00

    Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could…

  • CVE-2025-59894Jan 28, 2026
    risk 0.00cvss epss 0.00

    Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…

  • CVE-2025-59893Jan 28, 2026
    risk 0.00cvss epss 0.00

    Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…

  • CVE-2025-59892Jan 28, 2026
    risk 0.00cvss epss 0.00

    Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…

  • CVE-2025-59891Jan 28, 2026
    risk 0.00cvss epss 0.00

    Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…

  • CVE-2023-49575May 24, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server,…