All 8 CVE vulnerabilities found in Vitals ESP, with AI-generated Chinese analysis, references, and POCs.
Vendor: Galaxy Software Services Corporation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-4640 | Galaxy Software Services|Vitals ESP - Missing Authentication CWE-306 | 7.5 | High | 2026-03-24 |
| CVE-2026-4639 | Galaxy Software Services|Vitals ESP - Incorrect Authorization CWE-863 | 8.8 | High | 2026-03-24 |
| CVE-2025-14255 | Galaxy Software Services|Vitals ESP - SQL Injection CWE-89 | 6.5 | Medium | 2025-12-08 |
| CVE-2025-14254 | Galaxy Software Services|Vitals ESP - SQL Injection CWE-89 | 6.5 | Medium | 2025-12-08 |
| CVE-2025-14253 | Galaxy Software Services|Vitals ESP - Arbitrary File Read CWE-36 | 4.9 | Medium | 2025-12-08 |
| CVE-2025-31342 | Galaxy Software Services Vitals ESP Forum Module - Unrestricted Upload of File with Dangerous Type CWE-434 | 8.8AI | HighAI | 2025-10-20 |
| CVE-2023-37291 | Galaxy Software Services Vitals ESP - Use of Hard-coded Cryptographic Key CWE-321 | 8.6 | High | 2023-07-21 |
| CVE-2022-46309 | Galaxy Software Services Corporation. Vitals ESP - Arbitrary Path File Reading CWE-22 | 6.5 | Medium | 2023-01-03 |
All 8 known CVE vulnerabilities affecting Vitals ESP with full Chinese analysis, references, and POCs where available.