CVE-2025-44861 – TOTOLINK CA300-POE Command Injection

May 1, 2025

CVE ID : CVE-2025-44861

Published : May 1, 2025, 6:15 p.m. | 1 hour, 11 minutes ago

Description : TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46565 – Vite File Pattern Denial of Service

Next Article CVE-2025-32888 – GoTenna Mesh Hardcoded Verification Token Vulnerability

Highlights

CVE-2024-13419 – WordPress Smart Framework Stored Cross-Site Scripting

May 2, 2025

CVE ID : CVE-2024-13419

Published : May 2, 2025, 4:15 a.m. | 3 hours, 5 minutes ago

Description : Multiple plugins and/or themes for WordPress using Smart Framework are vulnerable to Stored Cross-Site Scripting due to a missing capability check on the saveOptions() and importThemeOptions() functions in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin’s settings which includes custom JavaScript that is enabled site-wide. This issue was escalated to Envato over two months from the date of this disclosure and the issue is still vulnerable.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

@ts-ignore is almost always the worst option

@ts-ignore is almost always the worst option

MutativeJS v1.3.0 is out with massive performance gains

Student Performance Prediction System using Python Machine Learning (ML)

DistroWatch Weekly, Issue 1140

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Hyprland Made Easy: Preconfigured Beautiful Distros

CVE-2025-44861 – TOTOLINK CA300-POE Command Injection

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

I’ve reviewed a lot of tech, and these 9 products are even easier to recommend now thanks to Amazon Prime Day deals

Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware

CVE-2025-41234: Spring Framework Vulnerability Enables Reflected File Download Attacks

CVE-2025-6031 – Amazon Cloud Cam SSL Pinning Bypass

CVE-2024-13419 – WordPress Smart Framework Stored Cross-Site Scripting

Windows 0-Day Vulnerability Exploited in the Wild to Deploy Play Ransomware

Actively Exploited Google Chrome Zero-Day (CVE-2025-6554) Added to CISA’s KEV Catalog, PoC Available

Distribution Release: IPFire 2.29 Core 197

CVE-2025-44861 – TOTOLINK CA300-POE Command Injection

Related Posts