Lucene search
K

67 matches found

Vulnrichment
Vulnrichment
added 2025/10/20 7:56 a.m.7 views

CVE-2025-31342 Galaxy Software Services Vitals ESP Forum Module - Unrestricted Upload of File with Dangerous Type

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file...

9.3CVSS7.2AI score0.00469EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/20 12:0 a.m.7 views

PT-2025-42751

Name of the Vulnerable Software and Affected Versions Galaxy Software Services Corporation Vitals ESP Forum Module versions through 1.3 Description An unrestricted upload of file with dangerous type flaw exists in the upload file function. This allows remote authenticated users to execute arbitra...

9.3CVSS6.3AI score0.00469EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/10/20 12:0 a.m.6 views

Galaxy Software Services Vitals ESP 安全漏洞

Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. A security vulnerability exists in Galaxy Software Services Vitals ESP version 1.3 and prior versions, which stems from the upload file feature not restricting the type of...

9.3CVSS7.4AI score0.00469EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.1 views

EUVD-2023-41198

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00347EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.3 views

WordPress plugin Sala 安全漏洞

WordPress Sala is a WordPress theme designed for startups, SaaS services, software technology and more. WordPress Sala suffers from a missing authorization vulnerability that can be exploited by an attacker to cause access to features that are not restricted by ACLs...

7.5CVSS6.7AI score0.00257EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/05/14 11:11 a.m.13 views

Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns

A cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to 2024 targeting various entities in Taiwan and South Korea, including military, satellite, heavy industry, media, technology, software services, and healthcare sectors. Cybersecurity fir...

7.5AI score
Exploits0
CNNVD
CNNVD
added 2024/11/27 12:0 a.m.2 views

Galaxy Software Services iota C.ai Conversational Platform 代码注入漏洞

Galaxy Software Services iota C.ai Conversational Platform is an intelligent AI conversational platform from Galaxy Software Services China. A code injection vulnerability exists in Galaxy Software Services iota C.ai Conversational Platform versions 1.0.0 through 2.1.3, which stems from a code...

9.3CVSS7.9AI score0.00551EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2024/10/08 4:38 p.m.30 views

Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited

Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance CSA have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software service...

9.6CVSS8.1AI score0.99951EPSS
Exploits8
Prion
Prion
added 2023/11/03 7:15 a.m.15 views

Privilege escalation

Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary...

6.5CVSS8.8AI score0.00645EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/03 6:9 a.m.29 views

CVE-2023-41357 Galaxy Software Services Vitals ESP - Arbitrary File Upload

Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary...

8.8CVSS9AI score0.00645EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/03 6:9 a.m.22 views

CVE-2023-41357 Galaxy Software Services Vitals ESP - Arbitrary File Upload

Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary...

8.8CVSS7.5AI score0.00645EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/02 12:0 a.m.3 views

PT-2023-27925 · Galaxy Software Services · Vitals Esp

Name of the Vulnerable Software and Affected Versions: Galaxy Software Services Corporation Vitals ESP affected versions not specified Description: The issue is related to insufficient filtering and validation during file upload in an online knowledge base management portal. An authenticated remo...

8.8CVSS8.6AI score0.00645EPSS
Exploits0References4
CVE
CVE
added 2023/07/21 3:2 a.m.47 views

CVE-2023-37291

The CVE-2023-37291 issue affects Galaxy Software Services Vitals ESP (versions 3.0.8–6.2.0) where a hard-coded encryption key enables an unauthenticated remote attacker to generate a valid token parameter and gain access to the system to operate processes and access data. This is confirmed across...

9.8CVSS9.1AI score0.00347EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/21 12:0 a.m.4 views

PT-2023-25889 · Galaxy Software Services · Galaxy Software Services Vitals Esp

Name of the Vulnerable Software and Affected Versions: Galaxy Software Services Vitals ESP versions 3.0.8 through 6.2.0 Description: The issue is related to the use of a hard-coded encryption key in Galaxy Software Services Vitals ESP. An unauthenticated remote attacker can generate a valid token...

9.8CVSS7.3AI score0.00347EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2023/06/20 11:57 a.m.3 views

SaaS in the Real World: How Global Food Chains Can Secure Their Digital Dish

The Quick Serve Restaurant QSR industry is built on consistency and shared resources. National chains like McDonald's and regional ones like Cracker Barrel grow faster by reusing the same business model, decor, and menu, with little change from one location to the next. QSR technology stacks mirr...

6.5AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/01/03 12:0 a.m.6 views

CVE-2022-46309 Galaxy Software Services Corporation. Vitals ESP - Arbitrary Path File Reading

Vitals ESP upload function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to access arbitrary system files...

6.5CVSS6.6AI score0.01193EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/01/03 12:0 a.m.4 views

Galaxy Software Services Vitals ESP 路径遍历漏洞

Galaxy Software Services Vitals ESP is a Knowledge Management System KMS for office use from Galaxy Software Services, a company based in China. A security vulnerability exists in Galaxy Software Services Vitals ESP due to a path traversal vulnerability in the upload function. The vulnerability c...

6.5CVSS6.7AI score0.01193EPSS
Exploits0References2
CNVD
CNVD
added 2022/04/22 12:0 a.m.17 views

Oracle PeopleSoft Enterprise PeopleTools Information Disclosure Vulnerability (CNVD-2023-12017)

Oracle Corporation Oracle is the world's largest provider of information management software and services, founded in 1977, headquartered in Redwood shore, California, USA, open to the world oracle certification. Oracle PeopleSoft Enterprise PeopleTools is the American Oracle Oracle company's...

5.8CVSS5.2AI score0.00614EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2021/07/08 9:58 a.m.54 views

Experts Uncover Malware Attacks Targeting Corporate Networks in Latin America

Cybersecurity researchers on Thursday took the wraps off a new, ongoing espionage campaign targeting corporate networks in Spanish-speaking countries, specifically Venezuela, to spy on its victims. Dubbed "Bandidos" by ESET owing to the use of an upgraded variant of Bandook malware, the primary...

1.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/07/26 11:5 a.m.168 views

Insider Logic Bombs

Add to the "not very smart criminals" file: According to court documents, Tinley provided software services for Siemens' Monroeville, PA offices for nearly ten years. Among the work he was asked to perform was the creation of spreadsheets that the company was using to manage equipment orders. The...

0.9AI score
Exploits0
Rows per page
Query Builder