Lucene search
K

50 matches found

Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.11 views

PT-2026-35458

A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/selectindices.php via the namecontains parameter...

6.1CVSS4.8AI score0.00194EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.10 views

Diskover Community Edition 跨站脚本漏洞

Diskover Community Edition is an open-source file manager developed by Diskover Data. Versions of Diskover Community Edition 2.3.5 and earlier had a cross-site scripting vulnerability, which stemmed from the doctype parameter in the public/view.php file, allowing for reflective cross-site scripti...

6.1CVSS5.3AI score0.00194EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/27 12:0 a.m.8 views

EUVD-2026-25890

A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...

6.1CVSS4.8AI score0.00194EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/27 12:0 a.m.5 views

CVE-2026-38935

A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...

4.8AI score0.00194EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/27 12:0 a.m.4 views

CVE-2026-38934

Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settingsprocess.php...

8.8CVSS5.3AI score0.00226EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/27 12:0 a.m.29 views

CVE-2026-38935

A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...

0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.10 views

Diskover Community Edition 跨站请求伪造漏洞

Diskover Community Edition is an open-source file manager developed by Diskover Data. Versions of Diskover Community Edition 2.3.5 and earlier contained a cross-site request forgeing vulnerability. This vulnerability arises from cross-site request forgery attacks, allowing remote attackers to...

8.8CVSS5.8AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-25897

Malicious code in bioql PyPI...

5.6CVSS6.6AI score0.00224EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25893

Malicious code in bioql PyPI...

5.6CVSS6.6AI score0.00224EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/30 6:21 p.m.3 views

CVE-2025-50985

diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...

5.6CVSS6.6AI score0.00224EPSS
Exploits1References1
NVD
NVD
added 2025/08/27 4:15 p.m.13 views

CVE-2025-50984

diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Unsanitized user input in POST parameters such as ESPASS, ESMAXSIZE, ESTRANSLOGSIZE, ESTIMEOUT, ESUSER, ESHOST, ESPORT, ESSCROLLSIZE, ESCHUNKSIZE and...

5.3CVSS0.00308EPSS
Exploits1References1
OSV
OSV
added 2025/08/27 4:15 p.m.4 views

CVE-2025-50984

diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Unsanitized user input in POST parameters such as ESPASS, ESMAXSIZE, ESTRANSLOGSIZE, ESTIMEOUT, ESUSER, ESHOST, ESPORT, ESSCROLLSIZE, ESCHUNKSIZE and...

5.3CVSS6AI score0.00308EPSS
Exploits1References1
OSV
OSV
added 2025/08/27 3:15 p.m.7 views

CVE-2025-50986

diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting XSS vulnerabilities in its administrative settings interface. Various configuration fields such as ESHOST, ESINDEXREFRESH, ESPORT, ESSCROLLSIZE, ESTRANSLOGSIZE, ESTRANSLOGSYNCINT, EXCLUDESFILES, FILETYPES,...

5.6CVSS5.7AI score
Exploits0References1
NVD
NVD
added 2025/08/27 3:15 p.m.4 views

CVE-2025-50986

diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting XSS vulnerabilities in its administrative settings interface. Various configuration fields such as ESHOST, ESINDEXREFRESH, ESPORT, ESSCROLLSIZE, ESTRANSLOGSIZE, ESTRANSLOGSYNCINT, EXCLUDESFILES, FILETYPES,...

5.6CVSS0.00224EPSS
Exploits1References1
OSV
OSV
added 2025/08/27 3:15 p.m.3 views

CVE-2025-50985

diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...

5.6CVSS5.9AI score0.00224EPSS
Exploits1References1
NVD
NVD
added 2025/08/27 3:15 p.m.4 views

CVE-2025-50985

diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...

5.6CVSS0.00224EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/08/27 12:0 a.m.7 views

CVE-2025-50986

diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting XSS vulnerabilities in its administrative settings interface. Various configuration fields such as ESHOST, ESINDEXREFRESH, ESPORT, ESSCROLLSIZE, ESTRANSLOGSIZE, ESTRANSLOGSYNCINT, EXCLUDESFILES, FILETYPES,...

0.00224EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/08/27 12:0 a.m.5 views

Diskover-web 安全漏洞

Diskover-web is a file system indexing tool from Diskover Inc. in the United States. A security vulnerability exists in Diskover-web version v2.3.0, which stems from improper cleanup of multiple GET parameters and could lead to a reflected cross-site scripting attack...

5.6CVSS6.1AI score0.00224EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/08/27 12:0 a.m.3 views

Diskover-web 安全漏洞

Diskover-web is a file system indexing tool from Diskover Inc. in the United States. A security vulnerability exists in Diskover-web version v2.3.0, which stems from improper cleanup of multiple configuration fields in the administration settings interface and could lead to a stored cross-site...

5.6CVSS6AI score0.00224EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/08/27 12:0 a.m.1 views

CVE-2025-50986

diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting XSS vulnerabilities in its administrative settings interface. Various configuration fields such as ESHOST, ESINDEXREFRESH, ESPORT, ESSCROLLSIZE, ESTRANSLOGSIZE, ESTRANSLOGSYNCINT, EXCLUDESFILES, FILETYPES,...

5.7AI score0.00224EPSS
Exploits1References1
Rows per page
Query Builder