20 matches found
EUVD-2025-17458
Malicious code in bioql PyPI...
EUVD-2025-13579
Malicious code in bioql PyPI...
EUVD-2025-13582
Malicious code in bioql PyPI...
EUVD-2025-13575
Malicious code in bioql PyPI...
EUVD-2025-13573
Malicious code in bioql PyPI...
EUVD-2025-17457
Malicious code in bioql PyPI...
CVE-2025-40668
Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password of other users through a POST request using the parameters idUser, PasswordActual, PasswordNew and PasswordNewRepeat in...
CVE-2025-40665
Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.aspx...
CVE-2025-40666
Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in/GIMWeb/PC/frmPreventivosList.aspx...
CVE-2025-40666 Time-based blind SQL injection vulnerability in TCMAN GIM v11
Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in/GIMWeb/PC/frmPreventivosList.aspx...
CVE-2025-40666
CVE-2025-40666 affects TCMAN GIM v11. The vulnerability arises from time-based blind SQL injection via the ArbolID parameter in /GIMWeb/PC/frmPreventivosList.aspx, allowing an attacker to retrieve, create, update, and delete databases as described across multiple sources. Impact is high (confiden...
CVE-2025-40665 Time-based blind SQL injection vulnerability in TCMAN GIM v11
Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.aspx...
CVE-2025-40664 Missing authentication vulnerability in TCMAN GIM v11
Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to access the resources /frmGestionUser.aspx/GetData, /frmGestionUser.aspx/updateUser and /frmGestionUser.aspx/DeleteUser...
CVE-2025-40622
SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘username’...
CVE-2025-40625
Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to upload any file within the server, even a malicious file to obtain a Remote Code Execution RCE...
CVE-2025-40621
SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’...
CVE-2025-40621
SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’...
CVE-2025-40624
TCMAN’s GIM v11 is affected by a SQL injection in the updatePassword endpoint, exploitable by an unauthenticated attacker via the vulnerable parameters User and email . The root cause is unvalidated input leading to the ability to obtain, update, and delete all information in the database. The vu...
CVE-2025-40623
CVE-2025-40623 describes an SQL injection in TCMAN's GIM v11. The vulnerability affects the createNotificationAndroid endpoint, specifically the Sender and email parameters, allowing an unauthenticated attacker to obtain, update, or delete all information in the database. Root cause: injectable S...
CVE-2025-40620
CVE-2025-40620 affects TCMAN’s GIM v11, with a SQL injection in the ValidateUserAndWS endpoint’s User parameter. An unauthenticated attacker can inject SQL to obtain, update, and delete all information in the database, impacting confidentiality, integrity, and availability (per CVSS vectors). No ...