EUVD-2025-27979

Malicious code in bioql PyPI...

CVE-2025-40670

CVE-2025-40670 affects TCMAN GIM v11. The vulnerability is an incorrect authorization flaw that allows an unprivileged attacker to create a user and assign it many privileges by sending a POST to /PC/frmGestionUser.aspx/updateUser. Affected software and component: TCMAN GIM v11, web-based user-ma...

TCMAN GIM 安全漏洞

TCMAN GIM is a management system from the Spanish company TCMAN. A security vulnerability exists in TCMAN GIM version v11, which stems from improper authorization and could allow a low-privileged attacker to change another user's password via a POST request...

CVE-2025-40667

Missing authorization vulnerability in TCMAN's GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user interface. To exploit the vulnerability the attacker must modify the HTTP code of the response from ‘302...

CVE-2025-40664 Missing authentication vulnerability in TCMAN GIM v11

Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to access the resources /frmGestionUser.aspx/GetData, /frmGestionUser.aspx/updateUser and /frmGestionUser.aspx/DeleteUser...

PT-2025-19919 · Tcman · Tcman'S Gim

Name of the Vulnerable Software and Affected Versions: TCMAN's GIM version 11 Description: This issue allows an unauthenticated attacker to inject an SQL statement, enabling them to obtain, update, and delete all information in the database. The vulnerability is specifically found in the Sender a...