Lucene search
+L

1714 matches found

NVD
NVD
added 2026/01/28 12:15 p.m.7 views

CVE-2025-59900

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

5.4CVSS0.00173EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 12:15 p.m.5 views

CVE-2025-59892

Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...

8CVSS5.9AI score0.00127EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 12:15 p.m.7 views

CVE-2025-59893

Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...

8.5CVSS0.00127EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/28 12:0 p.m.3 views

CVE-2025-59900 Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

5.1CVSS5.9AI score0.00173EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/28 12:0 p.m.3 views

CVE-2025-59900

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

5.1CVSS5.9AI score0.00173EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/01/28 12:0 p.m.6 views

EUVD-2025-206500

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

5.1CVSS5.9AI score0.00173EPSS
Exploits0References1
CVE
CVE
added 2026/01/28 12:0 p.m.12 views

CVE-2025-59900

CVE-2025-59900 describes a persistent authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. Root cause: insufficient validation of user input in the request path related to server options, specifically in “/server_opti...

5.4CVSS5.9AI score0.00173EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2026/01/28 11:59 a.m.4 views

CVE-2025-59899 Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

5.1CVSS5.9AI score0.00173EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/28 11:59 a.m.5 views

EUVD-2025-206499

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

5.1CVSS5.9AI score0.00173EPSS
Exploits0References1
CVE
CVE
added 2026/01/28 11:59 a.m.21 views

CVE-2025-59899

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 are affected by a persistent authenticated Cross-Site Scripting (XSS) vulnerability. The issue stems from insufficient validation of input in the /server_options?sid= endpoint, impacting the parameters tasks_logs_dir, error...

5.4CVSS5.9AI score0.00173EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/01/28 11:58 a.m.3 views

CVE-2025-59898

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

5.1CVSS5.9AI score0.00173EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/01/28 11:58 a.m.15 views

CVE-2025-59898

CVE-2025-59898 affects Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. The issue is a persistent authenticated Cross-Site Scripting (XSS) vulnerability caused by insufficient validation of user input in the exclude_dir parameter (endpoint /add_exclude_dir?sid=). An atta...

5.4CVSS5.9AI score0.00173EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2026/01/28 11:58 a.m.40 views

CVE-2025-59898 Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

5.1CVSS0.00173EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/28 11:58 a.m.4 views

CVE-2025-59897 Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

5.1CVSS5.9AI score0.00173EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/28 11:58 a.m.5 views

CVE-2025-59897

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

5.1CVSS5.9AI score0.00173EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/01/28 11:58 a.m.35 views

CVE-2025-59897 Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

5.1CVSS0.00173EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/28 11:58 a.m.6 views

CVE-2025-59896 Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

5.1CVSS5.9AI score0.00173EPSS
Exploits0References1
CVE
CVE
added 2026/01/28 11:58 a.m.14 views

CVE-2025-59896

CVE-2025-59896 describes a persistent authenticated cross-site scripting (XSS) vulnerability affecting Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. The issue arises from insufficient validation of user input in the command parameter path /add_command?sid=, specifical...

5.4CVSS5.9AI score0.00173EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2026/01/28 11:53 a.m.17 views

CVE-2025-59894

CVE-2025-59894 is a CSRF flaw affecting Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. The issue arises from missing CSRF token validation, enabling an authenticated attacker to induce other logged-in users to perform unintended actions, such as issuing a POST to delet...

8.5CVSS6AI score0.00124EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 2026/01/28 11:52 a.m.5 views

EUVD-2025-206490

Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...

8.5CVSS6AI score0.00127EPSS
Exploits0References1
Rows per page
Query Builder