VYPR

Vendor CVEs

Flexense

All CVEs

50 total · sorted by risk
  • CVE-2018-5262CriJan 12, 2018
    risk 0.70cvss 9.8epss 0.39

    A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote attackers to execute arbitrary code in the context of a highly privileged account.

  • CVE-2017-14980CriOct 10, 2017
    risk 0.68cvss 9.8epss 0.22

    Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login.

  • CVE-2017-6416CriMar 6, 2017
    risk 0.68cvss 9.8epss 0.11

    An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.

  • CVE-2017-15220CriOct 11, 2017
    risk 0.67cvss 9.8epss 0.07

    Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code.

  • CVE-2025-34108HigJul 15, 2025
    risk 0.65cvss epss 0.01

    A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the…

  • CVE-2018-6537CriFeb 2, 2018
    risk 0.64cvss 9.8epss 0.04

    A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121.

  • CVE-2017-17996HigFeb 6, 2018
    risk 0.58cvss 8.8epss 0.05

    A buffer overflow vulnerability in "Add command" functionality exists in Flexense SyncBreeze Enterprise <= 10.3.14. The vulnerability can be triggered by an authenticated attacker who submits more than 5000 characters as the command name. It will cause termination of the…

  • CVE-2017-7310HigMar 29, 2017
    risk 0.58cvss 7.8epss 0.54

    A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML…

  • CVE-2023-53873HigDec 15, 2025
    risk 0.57cvss epss 0.00

    SyncBreeze 15.2.24 contains a denial of service vulnerability in the login authentication mechanism that allows attackers to crash the service. Attackers can send an oversized password parameter with repeated 'password=' values to overwhelm the login endpoint and potentially…

  • CVE-2018-5359HigJan 23, 2018
    risk 0.56cvss 8.1epss 0.09

    The server in Flexense SysGauge 3.6.18 operating on port 9221 can be exploited remotely with the attacker gaining system-level access because of a Buffer Overflow.

  • CVE-2025-59901HigJan 28, 2026
    risk 0.55cvss epss 0.00

    Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitor_directory?sid=' endpoint, caused by insufficient validation of the 'monitor_directory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an…

  • CVE-2020-36879HigDec 5, 2025
    risk 0.55cvss epss 0.00

    Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerability by specifying a…

  • CVE-2017-15950HigOct 31, 2017
    risk 0.54cvss 7.8epss 0.06

    Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" field, either within an XML document or through use of passive…

  • CVE-2018-5261HigFeb 2, 2018
    risk 0.53cvss 8.1epss 0.00

    An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the…

  • CVE-2017-15663HigJan 10, 2018
    risk 0.53cvss 7.5epss 0.13

    In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120.

  • CVE-2017-15665HigJan 10, 2018
    risk 0.52cvss 7.5epss 0.09

    In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094.

  • CVE-2017-15664HigJan 10, 2018
    risk 0.52cvss 7.5epss 0.09

    In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9121.

  • CVE-2017-15662HigJan 10, 2018
    risk 0.52cvss 7.5epss 0.09

    In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123.

  • CVE-2017-15667HigDec 28, 2017
    risk 0.52cvss 7.5epss 0.04

    In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9221.

  • CVE-2017-17088HigDec 19, 2017
    risk 0.52cvss 7.5epss 0.07

    The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server requests in the Host header on making a connection, resulting in a classic Buffer Overflow that causes a…

  • CVE-2017-17099HigDec 3, 2017
    risk 0.52cvss 7.8epss 0.12

    There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that…

  • CVE-2021-47974HigMay 16, 2026
    risk 0.51cvss 7.8epss 0.00

    VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories like C:\Program Files\VX Search…

  • CVE-2018-10568MedMay 2, 2018
    risk 0.40cvss 6.1epss 0.01

    XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7.

  • CVE-2018-10567MedMay 2, 2018
    risk 0.40cvss 6.1epss 0.01

    XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7.

  • CVE-2018-10566MedMay 2, 2018
    risk 0.40cvss 6.1epss 0.01

    XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7.

  • CVE-2018-10565MedMay 2, 2018
    risk 0.40cvss 6.1epss 0.01

    XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7.

  • CVE-2018-10564MedMay 2, 2018
    risk 0.40cvss 6.1epss 0.01

    XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7.

  • CVE-2018-10563MedMay 2, 2018
    risk 0.40cvss 6.1epss 0.01

    An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7).

  • CVE-2018-10294MedMay 2, 2018
    risk 0.40cvss 6.1epss 0.01

    Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS.

  • CVE-2025-59900Jan 28, 2026
    risk 0.00cvss epss 0.00

    Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…

  • CVE-2025-59899Jan 28, 2026
    risk 0.00cvss epss 0.00

    Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…

  • CVE-2025-59898Jan 28, 2026
    risk 0.00cvss epss 0.00

    Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…

  • CVE-2025-59897Jan 28, 2026
    risk 0.00cvss epss 0.00

    Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…

  • CVE-2025-59896Jan 28, 2026
    risk 0.00cvss epss 0.00

    Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…

  • CVE-2025-59895Jan 28, 2026
    risk 0.00cvss epss 0.00

    Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could…

  • CVE-2025-59894Jan 28, 2026
    risk 0.00cvss epss 0.00

    Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…

  • CVE-2025-59893Jan 28, 2026
    risk 0.00cvss epss 0.00

    Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…

  • CVE-2025-59892Jan 28, 2026
    risk 0.00cvss epss 0.00

    Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…

  • CVE-2025-59891Jan 28, 2026
    risk 0.00cvss epss 0.00

    Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…

  • CVE-2020-36946Jan 27, 2026
    risk 0.00cvss epss 0.01

    SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to overwhelm the application and potentially disrupt service availability.

  • CVE-2020-36882Dec 5, 2025
    risk 0.00cvss epss 0.01

    Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command/Search Files/Directory field, leading to a denial of service by crashing the application.

  • CVE-2020-36881Dec 5, 2025
    risk 0.00cvss epss 0.00

    Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input…

  • CVE-2020-36880Dec 5, 2025
    risk 0.00cvss epss 0.00

    Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Reports and Data Directory' field that allows an attacker to execute arbitrary code on the system.

  • CVE-2023-49575May 24, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server,…

  • CVE-2023-49574May 24, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be…

  • CVE-2023-49573May 24, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the…

  • CVE-2023-49572May 24, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This…

  • CVE-2022-22542Feb 9, 2022
    risk 0.00cvss epss 0.01

    S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor…

  • CVE-2021-37940Dec 7, 2021
    risk 0.00cvss epss 0.01

    An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might…

  • CVE-2020-7018Aug 18, 2020
    risk 0.00cvss epss 0.01

    Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct…