VYPR
Vendor

Galaxy Software Services Corporation

Products
2
CVEs
9
Across products
9
Status
Private

Products

2

Recent CVEs

9
  • CVE-2025-31342CriOct 20, 2025
    risk 0.60cvss epss 0.00

    An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file.

  • CVE-2026-4639HigMar 24, 2026
    risk 0.57cvss 8.8epss 0.00

    Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges.

  • CVE-2026-4640HigMar 24, 2026
    risk 0.49cvss 7.5epss 0.00

    Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information.

  • CVE-2025-14255Dec 8, 2025
    risk 0.00cvss epss 0.00

    Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

  • CVE-2025-14254Dec 8, 2025
    risk 0.00cvss epss 0.00

    Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

  • CVE-2025-14253Dec 8, 2025
    risk 0.00cvss epss 0.00

    Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files.

  • CVE-2023-41357Nov 3, 2023
    risk 0.00cvss epss 0.01

    Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute…

  • CVE-2023-37291Jul 21, 2023
    risk 0.00cvss epss 0.00

    Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data. This issue affects Vitals ESP:…

  • CVE-2022-46309Jan 3, 2023
    risk 0.00cvss epss 0.01

    Vitals ESP upload function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to access arbitrary system files.