8.2
CVE-2025-0984 - Arbitrary File Upload in Netoloji Software's E-Flow
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netoloji Software E-Flow allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS, File Content Injection.This issue affec…
8.7
CVE-2025-4348 - D-Link DIR-600L formSetWanL2TP buffer overflow
A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been rated as critical. Affected by this issue is the function formSetWanL2TP. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. This vulnerability only affects products that are no…
9.3
CVE-2025-40625 - Multiple vulnerabilities in TCMAN's GIM
Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to upload any file within the server, even a malicious file to obtain a Remote Code Execution (RCE).
9.3
CVE-2025-40624 - Multiple vulnerabilities in TCMAN's GIM
SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ and “ema…
9.3
CVE-2025-40623 - Multiple vulnerabilities in TCMAN's GIM
SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘Sender’ and “e…
9.3
CVE-2025-40622 - Multiple vulnerabilities in TCMAN's GIM
SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘username’ para…
9.3
CVE-2025-40621 - Multiple vulnerabilities in TCMAN's GIM
SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ paramete…
9.3
CVE-2025-40620 - Multiple vulnerabilities in TCMAN's GIM
SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ paramete…
8.7
CVE-2025-4347 - D-Link DIR-600L formWlSiteSurvey buffer overflow
A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been declared as critical. Affected by this vulnerability is the function formWlSiteSurvey. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. This vulnerability only affects product…
8.7
CVE-2025-4346 - D-Link DIR-600L formSetWAN_Wizard534 buffer overflow
A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been classified as critical. Affected is the function formSetWAN_Wizard534. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. This vulnerability only affects products that …