CVE-2026-12581 Digiwin｜EasyFlow .NET - Session Fixation

EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote attackers replace a specific session ID for a user, they can gain the user's privilege once the user logs in...

CVE-2026-12581

CVE-2026-12581 affects EasyFlow .NET (Digiwin). A session-fixation vulnerability allows unauthenticated remote attackers to replace a specific session ID for a user; once the user logs in, the attacker can gain the user’s privilege. Exploitation details are not provided in the available documents...

CVE-2026-12580

CVE-2026-12580 affects Digiwin EasyFlow .NET. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw that permits authenticated remote attackers to inject persistent JavaScript code which executes in users’ browsers when a page loads. Impact is described as allowing the attacker to cause u...

CVE-2026-5964 Digiwin｜EasyFlow .NET - SQL Injection

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-5963 Digiwin｜EasyFlow .NET - SQL Injection

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-5963 Digiwin｜EasyFlow .NET - SQL Injection

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-5963

The CVE-2026-5963 entry concerns EasyFlow .NET from Digiwin with a SQL Injection vulnerability. The issue allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. According to the connected sources, the affected product is EasyFlow .N...

Digiwin EasyFlow .NET 安全漏洞

Digiwin EasyFlow .NET is an enterprise-level Workflow Management platform developed by Digiwin in Taiwan, China. There is a security vulnerability in Digiwin EasyFlow .NET, which stems from SQL injection attacks. This vulnerability could allow unverified remote attackers to inject arbitrary SQL...

Digiwin EasyFlow .NET 安全漏洞

Digiwin EasyFlow .NET is an enterprise-level Workflow Management platform developed by Digiwin in Taiwan, China. There is a security vulnerability in Digiwin EasyFlow .NET, which stems from SQL injection attacks. This vulnerability could allow unverified remote attackers to inject arbitrary SQL...

PT-2026-33725

Name of the Vulnerable Software and Affected Versions EasyFlow .NET affected versions not specified Description EasyFlow .NET developed by Digiwin contains a SQL Injection flaw. This allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database...

CVE-2025-13164

EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend...

CVE-2025-13165 Digiwin｜EasyFlow GP - Denial of service

EasyFlow GP developed by Digiwin has a Denial of service vulnerability, allowing unauthenticated remote attackers to send specific requests that result in denial of web service...

CVE-2025-13165

CVE-2025-13165 concerns Digiwin EasyFlow GP. The vulnerability is a Denial of Service via unauthenticated remote requests that can crash or deny the web service. The initial records attribute a high impact (availability) with network access and no privileges required, but exploitation details are...

CVE-2025-13165 Digiwin｜EasyFlow GP - Denial of service

EasyFlow GP developed by Digiwin has a Denial of service vulnerability, allowing unauthenticated remote attackers to send specific requests that result in denial of web service...

CVE-2025-13164

EasyFlow GP from Digiwin has an Insufficiently Protected Credentials vulnerability that could let privileged remote attackers obtain plaintext credentials for Active Directory and system mail from the system frontend. The CVE entry notes impact to confidentiality (C) with high severity per CVSS d...

CVE-2025-13164 Digiwin｜EasyFlow GP - Insufficiently Protected Credentials

EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend...

CVE-2025-13164 Digiwin｜EasyFlow GP - Insufficiently Protected Credentials

EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend...

CVE-2025-13163 Digiwin｜EasyFlow GP - Insufficiently Protected Credentials

EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext database account credentials from the system frontend...

CVE-2025-13163

CVE-2025-13163 affects EasyFlow GP by Digiwin. The issue is insufficient protection of credentials in the system frontend, enabling privileged remote attackers to obtain plaintext database credentials. Impact is high on confidentiality per the CVSS metrics; exploitation details and a concrete fix...

CVE-2025-13163 Digiwin｜EasyFlow GP - Insufficiently Protected Credentials

EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext database account credentials from the system frontend...