22 matches found
EUVD-2025-25893
Malicious code in bioql PyPI...
EUVD-2025-25897
Malicious code in bioql PyPI...
CVE-2025-50985
diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...
CVE-2025-50984
diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Unsanitized user input in POST parameters such as ESPASS, ESMAXSIZE, ESTRANSLOGSIZE, ESTIMEOUT, ESUSER, ESHOST, ESPORT, ESSCROLLSIZE, ESCHUNKSIZE and...
CVE-2025-50984
diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Unsanitized user input in POST parameters such as ESPASS, ESMAXSIZE, ESTRANSLOGSIZE, ESTIMEOUT, ESUSER, ESHOST, ESPORT, ESSCROLLSIZE, ESCHUNKSIZE and...
CVE-2025-50985
diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...
CVE-2025-50985
diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...
CVE-2025-50986
diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting XSS vulnerabilities in its administrative settings interface. Various configuration fields such as ESHOST, ESINDEXREFRESH, ESPORT, ESSCROLLSIZE, ESTRANSLOGSIZE, ESTRANSLOGSYNCINT, EXCLUDESFILES, FILETYPES,...
CVE-2025-50986
diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting XSS vulnerabilities in its administrative settings interface. Various configuration fields such as ESHOST, ESINDEXREFRESH, ESPORT, ESSCROLLSIZE, ESTRANSLOGSIZE, ESTRANSLOGSYNCINT, EXCLUDESFILES, FILETYPES,...
CVE-2025-50986
Diskover-web v2.3.0 Community Edition is affected by multiple stored XSS vulnerabilities in the administrative settings interface. The root cause is improper sanitization of user input in configuration fields (ES_HOST, ES_INDEXREFRESH, ES_PORT, ES_SCROLLSIZE, ES_TRANSLOGSIZE, ES_TRANSLOGSYNCINT, ...
Diskover-web 安全漏洞
Diskover-web is a file system indexing tool from Diskover, Inc. in the United States. A security vulnerability exists in Diskover-web version v2.3.0, which stems from improper cleanup of multiple POST parameters in the Elasticsearch configuration form, which could lead to an SQL injection attack...
PT-2025-34881 · Unknown · Diskover-Web
Name of the Vulnerable Software and Affected Versions: diskover-web version 2.3.0 Description: The application is susceptible to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Improper input validation and parameterization in JSON-based query constructio...
CVE-2025-50985
diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...
Diskover-web 安全漏洞
Diskover-web is a file system indexing tool from Diskover Inc. in the United States. A security vulnerability exists in Diskover-web version v2.3.0, which stems from improper cleanup of multiple configuration fields in the administration settings interface and could lead to a stored cross-site...
CVE-2025-50986
diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting XSS vulnerabilities in its administrative settings interface. Various configuration fields such as ESHOST, ESINDEXREFRESH, ESPORT, ESSCROLLSIZE, ESTRANSLOGSIZE, ESTRANSLOGSYNCINT, EXCLUDESFILES, FILETYPES,...
PT-2025-34878 · Unknown · Diskover-Web
Name of the Vulnerable Software and Affected Versions: diskover-web version 2.3.0 Description: The software is susceptible to multiple reflected cross-site scripting XSS flaws within its web interface. Unsanitized GET parameters, including maxage, maxindex, index, path, q query, and doctype, are...
Diskover-web 安全漏洞
Diskover-web is a file system indexing tool from Diskover Inc. in the United States. A security vulnerability exists in Diskover-web version v2.3.0, which stems from improper cleanup of multiple GET parameters and could lead to a reflected cross-site scripting attack...
CVE-2025-50985
CVE-2025-50985 affects diskover-web v2.3.0 Community Edition. The vulnerability is described as multiple reflected cross-site scripting (XSS) flaws in the web interface caused by unsanitized GET parameters (including maxage, maxindex, index, path, q, and doctype) that are echoed into the HTML res...
CVE-2025-50985
diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...
CVE-2025-50984
Diskover-web v2.3.0 Community Edition is affected by multiple boolean-based blind SQL injection flaws in the Elasticsearch configuration form. Untrusted input in POST fields (e.g., ES_PASS, ES_MAXSIZE, ES_TRANSLOGSIZE, ES_TIMEOUT, ES_USER, ES_HOST, ES_PORT, ES_SCROLLSIZE, ES_CHUNKSIZE) can inject...