Flexense Diskpulse vulnerabilities
13 known vulnerabilities affecting flexense/diskpulse.
Total CVEs
13
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH6MEDIUM6
Vulnerabilities
Page 1 of 1
CVE-2017-13696P1CRITICALCVSS 9.8PoCv9.9.162018-01-24
CVE-2017-13696 [CRITICAL] CWE-119 CVE-2017-13696: A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Dis
A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16, and Disk Pulse Enterprise 9.9.16 where an attacker can craft a malicious GET request and exploit the web server component. Successful exploitation of the software will allow an attacker to ga
nvd
CVE-2025-59895P3HIGHCVSS 7.5v10.4.182026-01-28
CVE-2025-59895 [HIGH] CWE-20 CVE-2025-59895: Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could send malicious requests to alter the configuration file, causing the applica
nvd
CVE-2025-59892P3HIGHCVSS 8.0v10.4.182026-01-28
CVE-2025-59892 [HIGH] CWE-352 CVE-2025-59892: Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk P
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of proper CSRF token implementation. Among other things, it
nvd
CVE-2025-59891P3HIGHCVSS 8.0v10.4.182026-01-28
CVE-2025-59891 [HIGH] CWE-352 CVE-2025-59891: Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk P
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of proper CSRF token implementation. Among other things, it
nvd
CVE-2025-59894P3HIGHCVSS 8.0v10.4.182026-01-28
CVE-2025-59894 [HIGH] CWE-352 CVE-2025-59894: Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk P
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of proper CSRF token implementation. Among other things, it
nvd
CVE-2025-59893P3HIGHCVSS 8.0v10.4.182026-01-28
CVE-2025-59893 [HIGH] CWE-352 CVE-2025-59893: Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk P
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of proper CSRF token implementation. Among other things, it
nvd
CVE-2020-36927P3HIGHCVSS 7.8v13.6.142026-01-16
CVE-2020-36927 [HIGH] CWE-428 CVE-2020-36927: DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service
DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Pulse Enterprise\bin\diskpls.exe' to inject malicious executables and escalate privileges.
nvd
CVE-2025-59899P4MEDIUMCVSS 5.4v10.4.182026-01-28
CVE-2025-59899 [MEDIUM] CWE-79 CVE-2025-59899: Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authe
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/server_options?sid=', affecting the 'tasks_l
nvd
CVE-2025-59897P4MEDIUMCVSS 5.4v10.4.182026-01-28
CVE-2025-59897 [MEDIUM] CWE-79 CVE-2025-59897: Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authe
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/edit_command?sid=', affecting the 'source_di
nvd
CVE-2025-59900P4MEDIUMCVSS 5.4v10.4.182026-01-28
CVE-2025-59900 [MEDIUM] CWE-79 CVE-2025-59900: Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authe
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/server_options?sid=', affecting the 'tasks_l
nvd
CVE-2025-59896P4MEDIUMCVSS 5.4v10.4.182026-01-28
CVE-2025-59896 [MEDIUM] CWE-79 CVE-2025-59896: Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authe
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/add_command?sid=', affecting the 'command_na
nvd
CVE-2025-59898P4MEDIUMCVSS 5.4v10.4.182026-01-28
CVE-2025-59898 [MEDIUM] CWE-79 CVE-2025-59898: Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authe
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/add_exclude_dir?sid=', affecting the 'exclud
nvd
CVE-2018-10564P4MEDIUMCVSS 6.1≤ 10.72018-05-02
CVE-2018-10564 [MEDIUM] CWE-79 CVE-2018-10564: XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7.
XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7.
nvd