Vendor CVEs
Flexense
All CVEs
50 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-5262 | Cri | 0.70 | 9.8 | 0.39 | Jan 12, 2018 | A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote attackers to execute arbitrary code in the context of a highly privileged account. | ||
| CVE-2017-14980 | Cri | 0.68 | 9.8 | 0.22 | Oct 10, 2017 | Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login. | ||
| CVE-2017-6416 | Cri | 0.68 | 9.8 | 0.11 | Mar 6, 2017 | An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string. | ||
| CVE-2017-15220 | Cri | 0.67 | 9.8 | 0.07 | Oct 11, 2017 | Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code. | ||
| CVE-2025-34108 | Hig | 0.65 | — | 0.01 | Jul 15, 2025 | A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the… | ||
| CVE-2018-6537 | Cri | 0.64 | 9.8 | 0.04 | Feb 2, 2018 | A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121. | ||
| CVE-2017-17996 | Hig | 0.58 | 8.8 | 0.05 | Feb 6, 2018 | A buffer overflow vulnerability in "Add command" functionality exists in Flexense SyncBreeze Enterprise <= 10.3.14. The vulnerability can be triggered by an authenticated attacker who submits more than 5000 characters as the command name. It will cause termination of the… | ||
| CVE-2017-7310 | Hig | 0.58 | 7.8 | 0.54 | Mar 29, 2017 | A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML… | ||
| CVE-2023-53873 | Hig | 0.57 | — | 0.00 | Dec 15, 2025 | SyncBreeze 15.2.24 contains a denial of service vulnerability in the login authentication mechanism that allows attackers to crash the service. Attackers can send an oversized password parameter with repeated 'password=' values to overwhelm the login endpoint and potentially… | ||
| CVE-2018-5359 | Hig | 0.56 | 8.1 | 0.09 | Jan 23, 2018 | The server in Flexense SysGauge 3.6.18 operating on port 9221 can be exploited remotely with the attacker gaining system-level access because of a Buffer Overflow. | ||
| CVE-2025-59901 | Hig | 0.55 | — | 0.00 | Jan 28, 2026 | Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitor_directory?sid=' endpoint, caused by insufficient validation of the 'monitor_directory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an… | ||
| CVE-2020-36879 | Hig | 0.55 | — | 0.00 | Dec 5, 2025 | Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerability by specifying a… | ||
| CVE-2017-15950 | Hig | 0.54 | 7.8 | 0.06 | Oct 31, 2017 | Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" field, either within an XML document or through use of passive… | ||
| CVE-2018-5261 | Hig | 0.53 | 8.1 | 0.00 | Feb 2, 2018 | An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the… | ||
| CVE-2017-15663 | Hig | 0.53 | 7.5 | 0.13 | Jan 10, 2018 | In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120. | ||
| CVE-2017-15665 | Hig | 0.52 | 7.5 | 0.09 | Jan 10, 2018 | In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094. | ||
| CVE-2017-15664 | Hig | 0.52 | 7.5 | 0.09 | Jan 10, 2018 | In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9121. | ||
| CVE-2017-15662 | Hig | 0.52 | 7.5 | 0.09 | Jan 10, 2018 | In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123. | ||
| CVE-2017-15667 | Hig | 0.52 | 7.5 | 0.04 | Dec 28, 2017 | In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9221. | ||
| CVE-2017-17088 | Hig | 0.52 | 7.5 | 0.07 | Dec 19, 2017 | The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server requests in the Host header on making a connection, resulting in a classic Buffer Overflow that causes a… | ||
| CVE-2017-17099 | Hig | 0.52 | 7.8 | 0.12 | Dec 3, 2017 | There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that… | ||
| CVE-2021-47974 | Hig | 0.51 | 7.8 | 0.00 | May 16, 2026 | VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories like C:\Program Files\VX Search… | ||
| CVE-2018-10568 | Med | 0.40 | 6.1 | 0.01 | May 2, 2018 | XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7. | ||
| CVE-2018-10567 | Med | 0.40 | 6.1 | 0.01 | May 2, 2018 | XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7. | ||
| CVE-2018-10566 | Med | 0.40 | 6.1 | 0.01 | May 2, 2018 | XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7. | ||
| CVE-2018-10565 | Med | 0.40 | 6.1 | 0.01 | May 2, 2018 | XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7. | ||
| CVE-2018-10564 | Med | 0.40 | 6.1 | 0.01 | May 2, 2018 | XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7. | ||
| CVE-2018-10563 | Med | 0.40 | 6.1 | 0.01 | May 2, 2018 | An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7). | ||
| CVE-2018-10294 | Med | 0.40 | 6.1 | 0.01 | May 2, 2018 | Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS. | ||
| CVE-2025-59900 | 0.00 | — | 0.00 | Jan 28, 2026 | Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient… | |||
| CVE-2025-59899 | 0.00 | — | 0.00 | Jan 28, 2026 | Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient… | |||
| CVE-2025-59898 | 0.00 | — | 0.00 | Jan 28, 2026 | Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient… | |||
| CVE-2025-59897 | 0.00 | — | 0.00 | Jan 28, 2026 | Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient… | |||
| CVE-2025-59896 | 0.00 | — | 0.00 | Jan 28, 2026 | Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient… | |||
| CVE-2025-59895 | 0.00 | — | 0.00 | Jan 28, 2026 | Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could… | |||
| CVE-2025-59894 | 0.00 | — | 0.00 | Jan 28, 2026 | Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible… | |||
| CVE-2025-59893 | 0.00 | — | 0.00 | Jan 28, 2026 | Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible… | |||
| CVE-2025-59892 | 0.00 | — | 0.00 | Jan 28, 2026 | Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible… | |||
| CVE-2025-59891 | 0.00 | — | 0.00 | Jan 28, 2026 | Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible… | |||
| CVE-2020-36946 | 0.00 | — | 0.01 | Jan 27, 2026 | SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to overwhelm the application and potentially disrupt service availability. | |||
| CVE-2020-36882 | 0.00 | — | 0.01 | Dec 5, 2025 | Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command/Search Files/Directory field, leading to a denial of service by crashing the application. | |||
| CVE-2020-36881 | 0.00 | — | 0.00 | Dec 5, 2025 | Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input… | |||
| CVE-2020-36880 | 0.00 | — | 0.00 | Dec 5, 2025 | Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Reports and Data Directory' field that allows an attacker to execute arbitrary code on the system. | |||
| CVE-2023-49575 | 0.00 | — | 0.00 | May 24, 2024 | A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server,… | |||
| CVE-2023-49574 | 0.00 | — | 0.00 | May 24, 2024 | A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be… | |||
| CVE-2023-49573 | 0.00 | — | 0.00 | May 24, 2024 | A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the… | |||
| CVE-2023-49572 | 0.00 | — | 0.00 | May 24, 2024 | A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This… | |||
| CVE-2022-22542 | 0.00 | — | 0.01 | Feb 9, 2022 | S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor… | |||
| CVE-2021-37940 | 0.00 | — | 0.01 | Dec 7, 2021 | An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might… | |||
| CVE-2020-7018 | 0.00 | — | 0.01 | Aug 18, 2020 | Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct… |
- risk 0.70cvss 9.8epss 0.39
A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote attackers to execute arbitrary code in the context of a highly privileged account.
- risk 0.68cvss 9.8epss 0.22
Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login.
- risk 0.68cvss 9.8epss 0.11
An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.
- risk 0.67cvss 9.8epss 0.07
Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code.
- risk 0.65cvss —epss 0.01
A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the…
- risk 0.64cvss 9.8epss 0.04
A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121.
- risk 0.58cvss 8.8epss 0.05
A buffer overflow vulnerability in "Add command" functionality exists in Flexense SyncBreeze Enterprise <= 10.3.14. The vulnerability can be triggered by an authenticated attacker who submits more than 5000 characters as the command name. It will cause termination of the…
- risk 0.58cvss 7.8epss 0.54
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML…
- risk 0.57cvss —epss 0.00
SyncBreeze 15.2.24 contains a denial of service vulnerability in the login authentication mechanism that allows attackers to crash the service. Attackers can send an oversized password parameter with repeated 'password=' values to overwhelm the login endpoint and potentially…
- risk 0.56cvss 8.1epss 0.09
The server in Flexense SysGauge 3.6.18 operating on port 9221 can be exploited remotely with the attacker gaining system-level access because of a Buffer Overflow.
- risk 0.55cvss —epss 0.00
Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitor_directory?sid=' endpoint, caused by insufficient validation of the 'monitor_directory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an…
- risk 0.55cvss —epss 0.00
Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerability by specifying a…
- risk 0.54cvss 7.8epss 0.06
Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" field, either within an XML document or through use of passive…
- risk 0.53cvss 8.1epss 0.00
An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the…
- risk 0.53cvss 7.5epss 0.13
In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120.
- risk 0.52cvss 7.5epss 0.09
In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094.
- risk 0.52cvss 7.5epss 0.09
In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9121.
- risk 0.52cvss 7.5epss 0.09
In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123.
- risk 0.52cvss 7.5epss 0.04
In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9221.
- risk 0.52cvss 7.5epss 0.07
The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server requests in the Host header on making a connection, resulting in a classic Buffer Overflow that causes a…
- risk 0.52cvss 7.8epss 0.12
There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that…
- risk 0.51cvss 7.8epss 0.00
VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories like C:\Program Files\VX Search…
- risk 0.40cvss 6.1epss 0.01
XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7.
- risk 0.40cvss 6.1epss 0.01
XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7.
- risk 0.40cvss 6.1epss 0.01
XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7.
- risk 0.40cvss 6.1epss 0.01
XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7.
- risk 0.40cvss 6.1epss 0.01
XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7.
- risk 0.40cvss 6.1epss 0.01
An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7).
- risk 0.40cvss 6.1epss 0.01
Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS.
- CVE-2025-59900Jan 28, 2026risk 0.00cvss —epss 0.00
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…
- CVE-2025-59899Jan 28, 2026risk 0.00cvss —epss 0.00
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…
- CVE-2025-59898Jan 28, 2026risk 0.00cvss —epss 0.00
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…
- CVE-2025-59897Jan 28, 2026risk 0.00cvss —epss 0.00
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…
- CVE-2025-59896Jan 28, 2026risk 0.00cvss —epss 0.00
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient…
- CVE-2025-59895Jan 28, 2026risk 0.00cvss —epss 0.00
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could…
- CVE-2025-59894Jan 28, 2026risk 0.00cvss —epss 0.00
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…
- CVE-2025-59893Jan 28, 2026risk 0.00cvss —epss 0.00
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…
- CVE-2025-59892Jan 28, 2026risk 0.00cvss —epss 0.00
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…
- CVE-2025-59891Jan 28, 2026risk 0.00cvss —epss 0.00
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible…
- CVE-2020-36946Jan 27, 2026risk 0.00cvss —epss 0.01
SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to overwhelm the application and potentially disrupt service availability.
- CVE-2020-36882Dec 5, 2025risk 0.00cvss —epss 0.01
Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command/Search Files/Directory field, leading to a denial of service by crashing the application.
- CVE-2020-36881Dec 5, 2025risk 0.00cvss —epss 0.00
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input…
- CVE-2020-36880Dec 5, 2025risk 0.00cvss —epss 0.00
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Reports and Data Directory' field that allows an attacker to execute arbitrary code on the system.
- CVE-2023-49575May 24, 2024risk 0.00cvss —epss 0.00
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server,…
- CVE-2023-49574May 24, 2024risk 0.00cvss —epss 0.00
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be…
- CVE-2023-49573May 24, 2024risk 0.00cvss —epss 0.00
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the…
- CVE-2023-49572May 24, 2024risk 0.00cvss —epss 0.00
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This…
- CVE-2022-22542Feb 9, 2022risk 0.00cvss —epss 0.01
S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor…
- CVE-2021-37940Dec 7, 2021risk 0.00cvss —epss 0.01
An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might…
- CVE-2020-7018Aug 18, 2020risk 0.00cvss —epss 0.01
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct…