https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Wed, 20 May 2026 05:13:42 +0000 https://db.gcve.eu/sighting/34584f44-f8ca-4433-8d43-bdfa712b3b3a/export {"uuid": "34584f44-f8ca-4433-8d43-bdfa712b3b3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44843", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/24259", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-44843 - TOTOLINK CA600 PoC Command Injection\", \n \"Content\": \"CVE ID : CVE-2025-44843 \nPublished : May 1, 2025, 5:15 p.m. | 1\u00a0hour, 14\u00a0minutes ago \nDescription : TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T20:42:00.000000Z"} {"uuid": "34584f44-f8ca-4433-8d43-bdfa712b3b3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44843", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/24259", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-44843 - TOTOLINK CA600 PoC Command Injection\", \n \"Content\": \"CVE ID : CVE-2025-44843 \nPublished : May 1, 2025, 5:15 p.m. | 1\u00a0hour, 14\u00a0minutes ago \nDescription : TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T20:42:00.000000Z"} https://db.gcve.eu/sighting/34584f44-f8ca-4433-8d43-bdfa712b3b3a/export Thu, 01 May 2025 20:42:00 +0000 https://db.gcve.eu/sighting/3b676101-81b7-464d-b6f4-92be6e7abb64/export {"uuid": "3b676101-81b7-464d-b6f4-92be6e7abb64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44844", "type": "seen", "source": "https://t.me/cvedetector/24260", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-44844 - TOTOLINK CA600-PoE Remote Command Injection\", \n \"Content\": \"CVE ID : CVE-2025-44844 \nPublished : May 1, 2025, 5:15 p.m. | 1\u00a0hour, 14\u00a0minutes ago \nDescription : TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T20:42:01.000000Z"} {"uuid": "3b676101-81b7-464d-b6f4-92be6e7abb64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44844", "type": "seen", "source": "https://t.me/cvedetector/24260", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-44844 - TOTOLINK CA600-PoE Remote Command Injection\", \n \"Content\": \"CVE ID : CVE-2025-44844 \nPublished : May 1, 2025, 5:15 p.m. | 1\u00a0hour, 14\u00a0minutes ago \nDescription : TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T20:42:01.000000Z"} https://db.gcve.eu/sighting/3b676101-81b7-464d-b6f4-92be6e7abb64/export Thu, 01 May 2025 20:42:01 +0000 https://db.gcve.eu/sighting/d59b0bc6-7b5b-452f-bb75-abbaa6ff2908/export {"uuid": "d59b0bc6-7b5b-452f-bb75-abbaa6ff2908", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44845", "type": "seen", "source": "https://t.me/cvedetector/24261", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-44845 - TOTOLINK CA600 Command Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-44845 \nPublished : May 1, 2025, 5:15 p.m. | 1\u00a0hour, 14\u00a0minutes ago \nDescription : TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T20:42:02.000000Z"} {"uuid": "d59b0bc6-7b5b-452f-bb75-abbaa6ff2908", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44845", "type": "seen", "source": "https://t.me/cvedetector/24261", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-44845 - TOTOLINK CA600 Command Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-44845 \nPublished : May 1, 2025, 5:15 p.m. | 1\u00a0hour, 14\u00a0minutes ago \nDescription : TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T20:42:02.000000Z"} https://db.gcve.eu/sighting/d59b0bc6-7b5b-452f-bb75-abbaa6ff2908/export Thu, 01 May 2025 20:42:02 +0000 https://db.gcve.eu/sighting/245572e4-7ab4-41db-afae-b0e47a01d824/export {"uuid": "245572e4-7ab4-41db-afae-b0e47a01d824", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44846", "type": "seen", "source": "https://t.me/cvedetector/24262", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-44846 - Totolink CA600-PoE Command Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-44846 \nPublished : May 1, 2025, 5:15 p.m. | 1\u00a0hour, 14\u00a0minutes ago \nDescription : TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T20:42:06.000000Z"} {"uuid": "245572e4-7ab4-41db-afae-b0e47a01d824", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44846", "type": "seen", "source": "https://t.me/cvedetector/24262", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-44846 - Totolink CA600-PoE Command Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-44846 \nPublished : May 1, 2025, 5:15 p.m. | 1\u00a0hour, 14\u00a0minutes ago \nDescription : TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T20:42:06.000000Z"} https://db.gcve.eu/sighting/245572e4-7ab4-41db-afae-b0e47a01d824/export Thu, 01 May 2025 20:42:06 +0000 https://db.gcve.eu/sighting/e71eec62-7e3a-4e62-96f9-966b5b91787b/export {"uuid": "e71eec62-7e3a-4e62-96f9-966b5b91787b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4484", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15813", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4484\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. This affects an unknown part of the file /ajax.php?action=delete_user. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-05-09T19:00:05.899Z\n\ud83d\udccf Modified: 2025-05-09T19:17:28.637Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.308199\n2. https://vuldb.com/?ctiid.308199\n3. https://vuldb.com/?submit.566779\n4. https://github.com/wyl091256/CVE/issues/4\n5. https://itsourcecode.com/", "creation_timestamp": "2025-05-09T19:26:07.000000Z"} {"uuid": "e71eec62-7e3a-4e62-96f9-966b5b91787b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4484", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15813", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4484\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. This affects an unknown part of the file /ajax.php?action=delete_user. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-05-09T19:00:05.899Z\n\ud83d\udccf Modified: 2025-05-09T19:17:28.637Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.308199\n2. https://vuldb.com/?ctiid.308199\n3. https://vuldb.com/?submit.566779\n4. https://github.com/wyl091256/CVE/issues/4\n5. https://itsourcecode.com/", "creation_timestamp": "2025-05-09T19:26:07.000000Z"} https://db.gcve.eu/sighting/e71eec62-7e3a-4e62-96f9-966b5b91787b/export Fri, 09 May 2025 19:26:07 +0000 https://db.gcve.eu/sighting/e30859f4-fbc2-4e52-99a7-0db5e6f4b5c6/export {"uuid": "e30859f4-fbc2-4e52-99a7-0db5e6f4b5c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4484", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lor7jacnahs2", "content": "", "creation_timestamp": "2025-05-09T22:01:56.026399Z"} {"uuid": "e30859f4-fbc2-4e52-99a7-0db5e6f4b5c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4484", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lor7jacnahs2", "content": "", "creation_timestamp": "2025-05-09T22:01:56.026399Z"} https://db.gcve.eu/sighting/e30859f4-fbc2-4e52-99a7-0db5e6f4b5c6/export Fri, 09 May 2025 22:01:56 +0000 https://db.gcve.eu/sighting/12cfbd4c-9573-483d-be13-49d14b084c68/export {"uuid": "12cfbd4c-9573-483d-be13-49d14b084c68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4484", "type": "published-proof-of-concept", "source": "Telegram/-FSytdz-B3MQuFO8RZfSO4jPAWx-8JuShz-w-b65AWDPvJk", "content": "", "creation_timestamp": "2025-05-09T22:30:58.000000Z"} {"uuid": "12cfbd4c-9573-483d-be13-49d14b084c68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4484", "type": "published-proof-of-concept", "source": "Telegram/-FSytdz-B3MQuFO8RZfSO4jPAWx-8JuShz-w-b65AWDPvJk", "content": "", "creation_timestamp": "2025-05-09T22:30:58.000000Z"} https://db.gcve.eu/sighting/12cfbd4c-9573-483d-be13-49d14b084c68/export Fri, 09 May 2025 22:30:58 +0000 https://db.gcve.eu/sighting/b29b187e-9063-4dff-af2a-de9ec057e37b/export {"uuid": "b29b187e-9063-4dff-af2a-de9ec057e37b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4484", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lori7bzszc2l", "content": "", "creation_timestamp": "2025-05-09T22:32:29.541509Z"} {"uuid": "b29b187e-9063-4dff-af2a-de9ec057e37b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4484", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lori7bzszc2l", "content": "", "creation_timestamp": "2025-05-09T22:32:29.541509Z"} https://db.gcve.eu/sighting/b29b187e-9063-4dff-af2a-de9ec057e37b/export Fri, 09 May 2025 22:32:29 +0000 https://db.gcve.eu/sighting/d8121719-9c91-428a-8b91-fa0c4c6b05ae/export {"uuid": "d8121719-9c91-428a-8b91-fa0c4c6b05ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4484", "type": "seen", "source": "https://t.me/cvedetector/24974", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-4484 - iSourcecode Gym Management System SQL Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-4484 \nPublished : May 9, 2025, 7:16 p.m. | 59\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. This affects an unknown part of the file /ajax.php?action=delete_user. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-09T22:54:05.000000Z"} {"uuid": "d8121719-9c91-428a-8b91-fa0c4c6b05ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4484", "type": "seen", "source": "https://t.me/cvedetector/24974", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-4484 - iSourcecode Gym Management System SQL Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-4484 \nPublished : May 9, 2025, 7:16 p.m. | 59\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. This affects an unknown part of the file /ajax.php?action=delete_user. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 May 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-09T22:54:05.000000Z"} https://db.gcve.eu/sighting/d8121719-9c91-428a-8b91-fa0c4c6b05ae/export Fri, 09 May 2025 22:54:05 +0000 https://db.gcve.eu/sighting/2f6e1585-4b16-4235-9604-6e7b3cc9a5aa/export {"uuid": "2f6e1585-4b16-4235-9604-6e7b3cc9a5aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44846", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mdj6cdgh7r2i", "content": "", "creation_timestamp": "2026-01-28T21:03:06.391584Z"} {"uuid": "2f6e1585-4b16-4235-9604-6e7b3cc9a5aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44846", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mdj6cdgh7r2i", "content": "", "creation_timestamp": "2026-01-28T21:03:06.391584Z"} https://db.gcve.eu/sighting/2f6e1585-4b16-4235-9604-6e7b3cc9a5aa/export Wed, 28 Jan 2026 21:03:06 +0000