Flexense Disk Pulse Enterprise vulnerabilities
13 known vulnerabilities affecting flexense/disk_pulse_enterprise.
Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH6MEDIUM7
Vulnerabilities
Page 1 of 1
CVE-2025-59895P3HIGHCVSS 7.5vv10.4.182026-01-28
CVE-2025-59895 [HIGH] CWE-20 CVE-2025-59895: Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could send malicious requests to alter the configuration file, causing the applica
nvd
CVE-2025-59892P3HIGHCVSS 8.0vv10.4.182026-01-28
CVE-2025-59892 [HIGH] CWE-352 CVE-2025-59892: Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk P
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of proper CSRF token implementation. Among other things, it
nvd
CVE-2025-59891P3HIGHCVSS 8.0vv10.4.182026-01-28
CVE-2025-59891 [HIGH] CWE-352 CVE-2025-59891: Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk P
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of proper CSRF token implementation. Among other things, it
nvd
CVE-2025-59894P3HIGHCVSS 8.0vv10.4.182026-01-28
CVE-2025-59894 [HIGH] CWE-352 CVE-2025-59894: Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk P
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of proper CSRF token implementation. Among other things, it
nvd
CVE-2025-59893P3HIGHCVSS 8.0vv10.4.182026-01-28
CVE-2025-59893 [HIGH] CWE-352 CVE-2025-59893: Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk P
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of proper CSRF token implementation. Among other things, it
nvd
CVE-2025-59901P3HIGHCVSS 8.5vv10.4.182026-01-28
CVE-2025-59901 [HIGH] CWE-352 CVE-2025-59901: Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitor_dir
Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitor_directory?sid=' endpoint, caused by insufficient validation of the 'monitor_directory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an authenticated user and steal information from their session.
nvd
CVE-2023-49575P4MEDIUMCVSS 6.1v10.4.182024-05-24
CVE-2023-49575 [MEDIUM] CWE-79 CVE-2023-49575: A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breez
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability
nvd
CVE-2025-59899P4MEDIUMCVSS 5.4vv10.4.182026-01-28
CVE-2025-59899 [MEDIUM] CWE-79 CVE-2025-59899: Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authe
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/server_options?sid=', affecting the 'tasks_l
nvd
CVE-2025-59897P4MEDIUMCVSS 5.4vv10.4.182026-01-28
CVE-2025-59897 [MEDIUM] CWE-79 CVE-2025-59897: Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authe
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/edit_command?sid=', affecting the 'source_di
nvd
CVE-2025-59900P4MEDIUMCVSS 5.4vv10.4.182026-01-28
CVE-2025-59900 [MEDIUM] CWE-79 CVE-2025-59900: Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authe
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/server_options?sid=', affecting the 'tasks_l
nvd
CVE-2023-49572P4MEDIUMCVSS 6.1v10.4.182024-05-24
CVE-2023-49572 [MEDIUM] CWE-79 CVE-2023-49572: A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk P
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript payloads o
nvd
CVE-2025-59896P4MEDIUMCVSS 5.4vv10.4.182026-01-28
CVE-2025-59896 [MEDIUM] CWE-79 CVE-2025-59896: Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authe
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/add_command?sid=', affecting the 'command_na
nvd
CVE-2025-59898P4MEDIUMCVSS 5.4vv10.4.182026-01-28
CVE-2025-59898 [MEDIUM] CWE-79 CVE-2025-59898: Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authe
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/add_exclude_dir?sid=', affecting the 'exclud
nvd