EUVD-2025-25893

Malicious code in bioql PyPI...

EUVD-2025-25897

Malicious code in bioql PyPI...

CVE-2025-50985

diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...

CVE-2025-50984

diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Unsanitized user input in POST parameters such as ESPASS, ESMAXSIZE, ESTRANSLOGSIZE, ESTIMEOUT, ESUSER, ESHOST, ESPORT, ESSCROLLSIZE, ESCHUNKSIZE and...

CVE-2025-50984

diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Unsanitized user input in POST parameters such as ESPASS, ESMAXSIZE, ESTRANSLOGSIZE, ESTIMEOUT, ESUSER, ESHOST, ESPORT, ESSCROLLSIZE, ESCHUNKSIZE and...

CVE-2025-50985

diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...

CVE-2025-50985

diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...

CVE-2025-50986

diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting XSS vulnerabilities in its administrative settings interface. Various configuration fields such as ESHOST, ESINDEXREFRESH, ESPORT, ESSCROLLSIZE, ESTRANSLOGSIZE, ESTRANSLOGSYNCINT, EXCLUDESFILES, FILETYPES,...

CVE-2025-50986

diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting XSS vulnerabilities in its administrative settings interface. Various configuration fields such as ESHOST, ESINDEXREFRESH, ESPORT, ESSCROLLSIZE, ESTRANSLOGSIZE, ESTRANSLOGSYNCINT, EXCLUDESFILES, FILETYPES,...

CVE-2025-50986

Diskover-web v2.3.0 Community Edition is affected by multiple stored XSS vulnerabilities in the administrative settings interface. The root cause is improper sanitization of user input in configuration fields (ES_HOST, ES_INDEXREFRESH, ES_PORT, ES_SCROLLSIZE, ES_TRANSLOGSIZE, ES_TRANSLOGSYNCINT, ...

Diskover-web 安全漏洞

Diskover-web is a file system indexing tool from Diskover, Inc. in the United States. A security vulnerability exists in Diskover-web version v2.3.0, which stems from improper cleanup of multiple POST parameters in the Elasticsearch configuration form, which could lead to an SQL injection attack...

PT-2025-34881 · Unknown · Diskover-Web

Name of the Vulnerable Software and Affected Versions: diskover-web version 2.3.0 Description: The application is susceptible to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Improper input validation and parameterization in JSON-based query constructio...

CVE-2025-50985

diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...

Diskover-web 安全漏洞

Diskover-web is a file system indexing tool from Diskover Inc. in the United States. A security vulnerability exists in Diskover-web version v2.3.0, which stems from improper cleanup of multiple configuration fields in the administration settings interface and could lead to a stored cross-site...

CVE-2025-50986

diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting XSS vulnerabilities in its administrative settings interface. Various configuration fields such as ESHOST, ESINDEXREFRESH, ESPORT, ESSCROLLSIZE, ESTRANSLOGSIZE, ESTRANSLOGSYNCINT, EXCLUDESFILES, FILETYPES,...

Diskover-web 安全漏洞

Diskover-web is a file system indexing tool from Diskover Inc. in the United States. A security vulnerability exists in Diskover-web version v2.3.0, which stems from improper cleanup of multiple GET parameters and could lead to a reflected cross-site scripting attack...

PT-2025-34878 · Unknown · Diskover-Web

Name of the Vulnerable Software and Affected Versions: diskover-web version 2.3.0 Description: The software is susceptible to multiple reflected cross-site scripting XSS flaws within its web interface. Unsanitized GET parameters, including maxage, maxindex, index, path, q query, and doctype, are...

CVE-2025-50985

CVE-2025-50985 affects diskover-web v2.3.0 Community Edition. The vulnerability is described as multiple reflected cross-site scripting (XSS) flaws in the web interface caused by unsanitized GET parameters (including maxage, maxindex, index, path, q, and doctype) that are echoed into the HTML res...

CVE-2025-50984

Diskover-web v2.3.0 Community Edition is affected by multiple boolean-based blind SQL injection flaws in the Elasticsearch configuration form. Untrusted input in POST fields (e.g., ES_PASS, ES_MAXSIZE, ES_TRANSLOGSIZE, ES_TIMEOUT, ES_USER, ES_HOST, ES_PORT, ES_SCROLLSIZE, ES_CHUNKSIZE) can inject...

CVE-2025-50985

diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...