Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

vitalsesp

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

5
Related CVEsRelated VendorsRelated AssignersReports
5Vulnerabilities found
CVE-2026-4640
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-8.7||HIGH
EPSS-0.10% / 28.15%
||
7 Day CHG+0.03%
Published-24 Mar, 2026 | 04:20
Updated-15 Apr, 2026 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Galaxy Software Services|Vitals ESP - Missing Authentication

Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information.

Action-Not Available
Vendor-gssGalaxy Software Services
Product-vitalsespVitals ESP
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-4639
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-8.7||HIGH
EPSS-0.11% / 30.18%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 04:17
Updated-15 Apr, 2026 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Galaxy Software Services|Vitals ESP - Incorrect Authorization

Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges.

Action-Not Available
Vendor-gssGalaxy Software Services
Product-vitalsespVitals ESP
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-14255
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-7.1||HIGH
EPSS-0.07% / 20.61%
||
7 Day CHG~0.00%
Published-08 Dec, 2025 | 07:43
Updated-15 Jan, 2026 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Galaxy Software Services|Vitals ESP - SQL Injection

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

Action-Not Available
Vendor-gssGalaxy Software Services
Product-vitalsespVitals ESP
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-14254
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-7.1||HIGH
EPSS-0.07% / 20.61%
||
7 Day CHG~0.00%
Published-08 Dec, 2025 | 07:41
Updated-15 Jan, 2026 | 01:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Galaxy Software Services|Vitals ESP - SQL Injection

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

Action-Not Available
Vendor-gssGalaxy Software Services
Product-vitalsespVitals ESP
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-14253
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-6.9||MEDIUM
EPSS-0.08% / 24.29%
||
7 Day CHG~0.00%
Published-08 Dec, 2025 | 07:38
Updated-15 Jan, 2026 | 01:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Galaxy Software Services|Vitals ESP - Arbitrary File Read

Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files.

Action-Not Available
Vendor-gssGalaxy Software Services
Product-vitalsespVitals ESP
CWE ID-CWE-36
Absolute Path Traversal