CyberAlerts

Description: Multiple vulnerabilities in TCMAN GIM Mon, 05/26/2025 - 10:05 Aviso Affected Resources GIM, 11 version. Description INCIBE has coordinated the publication of 4 vulnerabilities: one of critical severity and 3 of high severity, affecting TCMAN GIM, a software tool that helps in the management of maintenance services and management of an organisation's physical assets. The vulnerabilities have been discovered by Carlos Aguadé.This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and vulnerability type CWE.CVE-2025-40664: CVSS v4.0: 9.3 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N. | CWE-306CVE-2025-40665 y CVE-2025-40666: 8.7 | CVSS:4.0/ AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N | CWE-89 CVE-2025-40667: CVSS v4.0: 8.7 | CVSS AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N. | CWE-862 Identificador INCIBE-2025-0270 5 - Critical Solution The vulnerabilities have been fixed by the TCMAN team in the 20241112 release. Detail CVE-2025-40664: unauthenticated vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to access the resources /frmGestionUser.aspx/GetData, /frmGestionUser.aspx/updateUser and /frmGestionUser.aspx/DeleteUser.Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These a...

EPSS Score: 0.1%

Source: Incibe CERT

May 26th, 2025 (26 days ago)

Escalada de privilegios en ProactivaNet de grupo Espiral MS

Description: Privilege Escalation in ProactivaNet by Espiral MS Group Mon, 05/26/2025 - 09:58 Aviso Affected Resources ProactivaNet v3.24.0.0. Description INCIBE has coordinated the publication of a high severity vulnerability affecting ProactivaNet by Espiral MS Group, a solution for IT asset and service management (ITAM & ITSM). The vulnerability was discovered by Pablo Arriaga Perez.This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:CVE-2025-40672: CVSS v4.0: 8.5 | CVSS AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N | CWE-732 Identificador INCIBE-2025-0265 4 - High Solution There is no reported solution at this time. Detail CVE-2025-40672: A Privilege Escalation vulnerability has been found in ProactivaNet v3.24.0.0 by Espiral MS Group. This vulnerability allows any user to override the file panLoad.exe that will be executed by SYSTEM user via a programmed task. This would allow an attacker to obtain administrator permissions to perform whatever activities he/she wants, shuch as accessing sensitive information, executing code remotely, and even causing a denial of service (DoS). References list Espiral MS Group ...

EPSS Score: 0.01%

Source: Incibe CERT

May 26th, 2025 (26 days ago)

Vulnerabilidad de inyección SQL en Gestnet de AES Multimedia

Description: SQL injection vulnerability in AES Multimedia's Gestnet Mon, 05/26/2025 - 10:05 Aviso Affected Resources Gestnet, version 1.07. Description INCIBE has coordinated the publication of a vulnerability of critical severity affecting AES Multimedia's Gestnet, a business management software. The vulnerability was discovered by Guzmán Fernández.This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and vulnerability type CWE:CVE-2025-40671: CVSS v4.0: 9.3 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N | CWE-93 Identificador INCIBE-2025-0264 5 - Critical Solution There is no reported solution at this time. Detail CVE-2025-40671: SQL injection vulnerability in AES Multimedia's Gestnet v1.07. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘fk_remoto_central’ parameter on the ‘/webservices/articles.php’ endpoint. References list AES Multimedia | Web oficial Etiquetas 0day CNA Injection Vulnerability ...

EPSS Score: 0.04%

Source: Incibe CERT

May 26th, 2025 (26 days ago)

TeleMessage security SNAFU worsens as 60 government staffers exposed

Source: TheRegister

May 26th, 2025 (26 days ago)

🏴‍☠️ Arcusmedia has just published a new victim : Antea Luce

Description: Days00006666Hours22223333Minutes22223333Seconds44442222 www.antealuce.com Our adventure began over 40 years ago and over the years has led to a gre…

Source: Ransomware.live

May 26th, 2025 (26 days ago)

Mailform Pro CGI generating error messages containing sensitive information

Description: Mailform Pro CGI provided by SYNCK GRAPHICA generates error messages containing sensitive information.

Source: Japan Vulnerability Notes (JVN)

May 26th, 2025 (26 days ago)

China approves rules for national ‘online number’ ID scheme

Source: TheRegister

May 26th, 2025 (26 days ago)

🏴‍☠️ Killsec has just published a new victim : Sama

Description: N/A

Source: Ransomware.live

May 26th, 2025 (26 days ago)

🏴‍☠️ Killsec has just published a new victim : Novaria

Description: N/A

Source: Ransomware.live

May 26th, 2025 (26 days ago)

🏴‍☠️ Killsec has just published a new victim : Constructive Building Solutions

Description: N/A

Source: Ransomware.live

May 26th, 2025 (26 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	Múltiples vulnerabilidades en TCMAN GIM Description: Multiple vulnerabilities in TCMAN GIM Mon, 05/26/2025 - 10:05 Aviso Affected Resources GIM, 11 version. Description INCIBE has coordinated the publication of 4 vulnerabilities: one of critical severity and 3 of high severity, affecting TCMAN GIM, a software tool that helps in the management of maintenance services and management of an organisation's physical assets. The vulnerabilities have been discovered by Carlos Aguadé.This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and vulnerability type CWE.CVE-2025-40664: CVSS v4.0: 9.3 \| CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N. \| CWE-306CVE-2025-40665 y CVE-2025-40666: 8.7 \| CVSS:4.0/ AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N \| CWE-89 CVE-2025-40667: CVSS v4.0: 8.7 \| CVSS AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N. \| CWE-862 Identificador INCIBE-2025-0270 5 - Critical Solution The vulnerabilities have been fixed by the TCMAN team in the 20241112 release. Detail CVE-2025-40664: unauthenticated vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to access the resources /frmGestionUser.aspx/GetData, /frmGestionUser.aspx/updateUser and /frmGestionUser.aspx/DeleteUser.Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These a... EPSS Score: 0.1% Source: Incibe CERT May 26th, 2025 (26 days ago)
	Escalada de privilegios en ProactivaNet de grupo Espiral MS Description: Privilege Escalation in ProactivaNet by Espiral MS Group Mon, 05/26/2025 - 09:58 Aviso Affected Resources ProactivaNet v3.24.0.0. Description INCIBE has coordinated the publication of a high severity vulnerability affecting ProactivaNet by Espiral MS Group, a solution for IT asset and service management (ITAM & ITSM). The vulnerability was discovered by Pablo Arriaga Perez.This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:CVE-2025-40672: CVSS v4.0: 8.5 \| CVSS AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N \| CWE-732 Identificador INCIBE-2025-0265 4 - High Solution There is no reported solution at this time. Detail CVE-2025-40672: A Privilege Escalation vulnerability has been found in ProactivaNet v3.24.0.0 by Espiral MS Group. This vulnerability allows any user to override the file panLoad.exe that will be executed by SYSTEM user via a programmed task. This would allow an attacker to obtain administrator permissions to perform whatever activities he/she wants, shuch as accessing sensitive information, executing code remotely, and even causing a denial of service (DoS). References list Espiral MS Group ... EPSS Score: 0.01% Source: Incibe CERT May 26th, 2025 (26 days ago)
	Vulnerabilidad de inyección SQL en Gestnet de AES Multimedia Description: SQL injection vulnerability in AES Multimedia's Gestnet Mon, 05/26/2025 - 10:05 Aviso Affected Resources Gestnet, version 1.07. Description INCIBE has coordinated the publication of a vulnerability of critical severity affecting AES Multimedia's Gestnet, a business management software. The vulnerability was discovered by Guzmán Fernández.This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and vulnerability type CWE:CVE-2025-40671: CVSS v4.0: 9.3 \| CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N \| CWE-93 Identificador INCIBE-2025-0264 5 - Critical Solution There is no reported solution at this time. Detail CVE-2025-40671: SQL injection vulnerability in AES Multimedia's Gestnet v1.07. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘fk_remoto_central’ parameter on the ‘/webservices/articles.php’ endpoint. References list AES Multimedia \| Web oficial Etiquetas 0day CNA Injection Vulnerability ... EPSS Score: 0.04% Source: Incibe CERT May 26th, 2025 (26 days ago)
	TeleMessage security SNAFU worsens as 60 government staffers exposed Source: TheRegister May 26th, 2025 (26 days ago)
	🏴‍☠️ Arcusmedia has just published a new victim : Antea Luce Description: Days00006666Hours22223333Minutes22223333Seconds44442222 www.antealuce.com Our adventure began over 40 years ago and over the years has led to a gre… Source: Ransomware.live May 26th, 2025 (26 days ago)
	Mailform Pro CGI generating error messages containing sensitive information Description: Mailform Pro CGI provided by SYNCK GRAPHICA generates error messages containing sensitive information. Source: Japan Vulnerability Notes (JVN) May 26th, 2025 (26 days ago)
	China approves rules for national ‘online number’ ID scheme Source: TheRegister May 26th, 2025 (26 days ago)
	🏴‍☠️ Killsec has just published a new victim : Sama Description: N/A Source: Ransomware.live May 26th, 2025 (26 days ago)
	🏴‍☠️ Killsec has just published a new victim : Novaria Description: N/A Source: Ransomware.live May 26th, 2025 (26 days ago)
	🏴‍☠️ Killsec has just published a new victim : Constructive Building Solutions Description: N/A Source: Ransomware.live May 26th, 2025 (26 days ago)