VYPR

Easyflow .net

by Digiwin

CVEs (12)

  • CVE-2026-5964CriApr 20, 2026
    risk 0.64cvss 9.8epss 0.00

    EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

  • CVE-2026-5963CriApr 20, 2026
    risk 0.64cvss 9.8epss 0.00

    EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

  • CVE-2024-5311CriJun 3, 2024
    risk 0.64cvss 9.8epss 0.01

    DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database records.

  • CVE-2024-4893CriMay 15, 2024
    risk 0.64cvss 9.8epss 0.01

    DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote attackers to inject arbitrary SQL commands. This vulnerability enables unauthorized access to read, modify, and delete database records, as well as execute system commands.

  • CVE-2025-13165HigNov 17, 2025
    risk 0.49cvss 7.5epss 0.00

    EasyFlow GP developed by Digiwin has a Denial of service vulnerability, allowing unauthenticated remote attackers to send specific requests that result in denial of web service.

  • CVE-2025-11949HigOct 21, 2025
    risk 0.49cvss 7.5epss 0.00

    EasyFlow .NET and EasyFlow AiNet, developed by Digiwin, has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to obtain database administrator credentials via a specific functionality.

  • CVE-2025-12503MedNov 3, 2025
    risk 0.42cvss 6.5epss 0.00

    EasyFlow .NET and EasyFlow AiNet developed by Digiwin has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

  • CVE-2024-7323MedAug 2, 2024
    risk 0.42cvss 6.5epss 0.01

    Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. A remote attacker with regular privilege can exploit this vulnerability to download arbitrary files from the remote server .

  • CVE-2025-13164MedNov 17, 2025
    risk 0.32cvss 4.9epss 0.00

    EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend.

  • CVE-2025-13163MedNov 17, 2025
    risk 0.32cvss 4.9epss 0.00

    EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext database account credentials from the system frontend.

  • CVE-2026-12581Jun 22, 2026
    risk 0.00cvss epss 0.00

    EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote attackers replace a specific session ID for a user, they can gain the user's privilege once the user logs in.

  • CVE-2026-12580Jun 22, 2026
    risk 0.00cvss epss 0.00

    EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load.