Every CVE whose affected-product data names Tcman Gim, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2021-40850 — CVSS 10.0 (critical): TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx.
CVE-2022-36276 — CVSS 9.9 (critical): TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this…
CVE-2025-41013 — CVSS 9.8 (critical): SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and…
CVE-2025-40625 — CVSS 9.8 (critical): Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to upload any file within the server…
CVE-2025-40665 — CVSS 9.8 (critical): Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases…
CVE-2025-40623 — CVSS 9.8 (critical): SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and…
CVE-2025-40624 — CVSS 9.8 (critical): SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and…
CVE-2025-40666 — CVSS 9.8 (critical): Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases…
CVE-2025-40620 — CVSS 9.8 (critical): SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and…
CVE-2025-40621 — CVSS 9.8 (critical): SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and…
CVE-2025-40622 — CVSS 9.8 (critical): SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and…
CVE-2025-40664 — CVSS 9.1 (critical): Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to access the resources…
CVE-2025-40670 — CVSS 8.8 (high): Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to create a user and assign it…
CVE-2025-41015 — CVSS 7.5 (high): User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine…
CVE-2021-40851 — CVSS 7.5 (high): TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of…
CVE-2025-41014 — CVSS 7.5 (high): User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine…
CVE-2021-40853 — CVSS 7.2 (high): TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this…
CVE-2025-40668 — CVSS 6.5 (medium): Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege level, to change the…
CVE-2025-40669 — CVSS 6.5 (medium): Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to modify the permissions held…
CVE-2025-40667 — CVSS 6.5 (medium): Missing authorization vulnerability in TCMAN's GIM v11. This allows an authenticated attacker to access any functionality of the…
CVE-2022-36277 — CVSS 6.5 (medium): The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files…
CVE-2021-40852 — CVSS 6.1 (medium): TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled…
CVE-2021-4046 — CVSS 5.4 (medium): The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be…
CVE-2025-41012 — CVSS 5.3 (medium): Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine…