CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-44845
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime...
Description: TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVSS: MEDIUM (6.5)

EPSS Score: 14.24%

Source: CVE
May 1st, 2025 (about 2 months ago)

CVE-2025-44844
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName...
Description: TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVSS: MEDIUM (6.5)

EPSS Score: 14.24%

Source: CVE
May 1st, 2025 (about 2 months ago)

CVE-2025-44843
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the...
Description: TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVSS: MEDIUM (6.5)

EPSS Score: 13.98%

Source: CVE
May 1st, 2025 (about 2 months ago)

CVE-2025-44842
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Port parameter....
Description: TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVSS: MEDIUM (6.5)

EPSS Score: 14.24%

Source: CVE
May 1st, 2025 (about 2 months ago)

CVE-2025-44841
TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the...
Description: TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the version parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVSS: MEDIUM (6.5)

EPSS Score: 14.24%

Source: CVE
May 1st, 2025 (about 2 months ago)

CVE-2025-44838
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the...
Description: TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVSS: MEDIUM (6.3)

EPSS Score: 12.12%

Source: CVE
May 1st, 2025 (about 2 months ago)

CVE-2025-44837
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function...
Description: TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVSS: MEDIUM (6.3)

EPSS Score: 12.12%

Source: CVE
May 1st, 2025 (about 2 months ago)

CVE-2025-44836
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour...
Description: TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CVSS: MEDIUM (6.3)

EPSS Score: 12.12%

Source: CVE
May 1st, 2025 (about 2 months ago)

CVE-2025-44835
D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary...
Description: D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell.

CVSS: MEDIUM (6.3)

EPSS Score: 1.89%

Source: CVE
May 1st, 2025 (about 2 months ago)

CVE-2025-4163
PHPGurukul Land Record System aboutus.php sql injection
Description: A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. This issue affects some unknown processing of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. Eine Schwachstelle wurde in PHPGurukul Land Record System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei /admin/aboutus.php. Durch Manipulation des Arguments pagetitle mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 0.03%

SSVC Exploitation: poc

Source: CVE
May 1st, 2025 (about 2 months ago)