CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-44866
Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This...
Description: Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVSS: MEDIUM (6.3)

EPSS Score: 10.57%

Source: CVE
May 1st, 2025 (about 2 months ago)

CVE-2025-44863
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Url parameter....
Description: TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVSS: MEDIUM (6.5)

EPSS Score: 14.24%

Source: CVE
May 1st, 2025 (about 2 months ago)

CVE-2025-44862
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl...
Description: TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVSS: MEDIUM (6.3)

EPSS Score: 12.12%

Source: CVE
May 1st, 2025 (about 2 months ago)

CVE-2025-44861
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the...
Description: TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVSS: MEDIUM (6.3)

EPSS Score: 12.12%

Source: CVE
May 1st, 2025 (about 2 months ago)

CVE-2025-44860
TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Port parameter....
Description: TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVSS: MEDIUM (6.5)

EPSS Score: 14.24%

Source: CVE
May 1st, 2025 (about 2 months ago)

CVE-2025-44839
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the...
Description: TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVSS: MEDIUM (6.5)

EPSS Score: 14.24%

Source: CVE
May 1st, 2025 (about 2 months ago)

CVE-2025-4173
SourceCodester Online Eyewear Shop Master.php delete_cart sql injection
Description: A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is the function delete_cart of the file /oews/classes/Master.php?f=delete_cart. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In SourceCodester Online Eyewear Shop 1.0 wurde eine kritische Schwachstelle entdeckt. Dabei geht es um die Funktion delete_cart der Datei /oews/classes/Master.php?f=delete_cart. Durch die Manipulation des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.03%

Source: CVE
May 1st, 2025 (about 2 months ago)

CVE-2025-32890
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any...
Description: An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message.

CVSS: MEDIUM (5.3)

EPSS Score: 0.01%

Source: CVE
May 1st, 2025 (about 2 months ago)

CVE-2025-32886
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell,...
Description: An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data.

CVSS: MEDIUM (4.0)

EPSS Score: 0.02%

Source: CVE
May 1st, 2025 (about 2 months ago)

CVE-2025-32885
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message...
Description: An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message (into existing v1 networks) with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised.

CVSS: MEDIUM (6.5)

EPSS Score: 0.02%

Source: CVE
May 1st, 2025 (about 2 months ago)