CVE-2025-40664 – TCMAN GIM Authentication Bypass

May 26, 2025

CVE ID : CVE-2025-40664

Published : May 26, 2025, 1:15 p.m. | 3 hours, 42 minutes ago

Description : Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to access the resources /frmGestionUser.aspx/GetData, /frmGestionUser.aspx/updateUser and /frmGestionUser.aspx/DeleteUser.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-40665 – TCMAN GIM Blind SQL Injection

Next Article CVE-2025-40667 – TCMAN’s GIM Missing Authorization Vulnerability (Authorization Bypass)

Highlights

CVE-2025-54139 – HAX CMS Clickjacking Vulnerability

July 22, 2025

CVE ID : CVE-2025-54139

Published : July 23, 2025, 12:15 a.m. | 21 minutes ago

Description : HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other websites from loading the site within an iframe. This applies to both the CMS and generated sites. An unauthenticated attacker can load the standalone login page or other sensitive functionality within an iframe, performing a UI redressing attack (clickjacking). This can be used to perform social engineering attacks to attempt to coerce users into performing unintended actions within the HAX CMS application. This is fixed in haxcms-nodejs version 11.0.13 and haxcms-php 11.0.8.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-25032 – IBM Cognos Analytics Memory Exhaustion Denial of Service

June 11, 2025

The death of spreadsheets: 6 reasons why AI will soon be the dominant business reporting tool

May 12, 2025

CVE-2025-5408 – WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 HTTP POST Request Handler Buffer Overflow

June 1, 2025

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-40664 – TCMAN GIM Authentication Bypass

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

AWS costs estimation using Amazon Q CLI and AWS Cost Analysis MCP

CVE-2025-38227 – Linux Vidtv Slab Use-After-Free Vulnerability

CVE-2025-5617 – PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

How do you find time for cleanup work

CVE-2025-54139 – HAX CMS Clickjacking Vulnerability

CVE-2025-25032 – IBM Cognos Analytics Memory Exhaustion Denial of Service

The death of spreadsheets: 6 reasons why AI will soon be the dominant business reporting tool

CVE-2025-5408 – WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 HTTP POST Request Handler Buffer Overflow

CVE-2025-40664 – TCMAN GIM Authentication Bypass

Related Posts