CVE-2025-44854 – Totolink CP900 Command Injection Vulnerability

May 1, 2025

CVE ID : CVE-2025-44854

Published : May 1, 2025, 2:15 p.m. | 1 hour, 10 minutes ago

Description : Totolink CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleThe AI-Powered DevOps revolution: Redefining developer collaboration

Next Article CVE-2025-44835 – D-Link DIR-816 Command Injection Vulnerability

Highlights

CVE-2025-43845 – VITS Voice Changing Framework Remote Code Injection Vulnerability

May 5, 2025

CVE ID : CVE-2025-43845

Published : May 5, 2025, 6:15 p.m. | 36 minutes ago

Description : Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to code injection. The ckpt_path2 variable takes user input (e.g. a path to a model) and passes it to change_info_ function, which opens and reads the file on the given path (except it changes the final on the path to train.log), and passes the contents of the file to eval, which can lead to remote code execution. As of time of publication, no known patches exist.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

What I Wish Someone Told Me When I Was Getting Into ARIA

SD Times 100

Managing the growing risk profile of agentic AI and MCP in the enterprise

How To Prevent WordPress SQL Injection Attacks

Funny Windows 11 bug brings back classic Windows boot sound from 20 years ago

Windows 11 news and updates in June: Microsoft’s AI agent in Settings makes adjusting your PC easier than ever

uBlock Origin ships to Edge for Android as Google kills it on Chrome

Windows Hello face unlock no longer works in the dark, and Microsoft says it’s not a bug

Community News: Latest PECL Releases (06.17.2025)

Community News: Latest PECL Releases (06.17.2025)

Stream-Omni: Simultaneous Multimodal Interactions with Large Language-Vision-Speech Model

How Inclusive Design Leading and Creating Solutions for Universal Design

Funny Windows 11 bug brings back classic Windows boot sound from 20 years ago

Funny Windows 11 bug brings back classic Windows boot sound from 20 years ago

Windows 11 news and updates in June: Microsoft’s AI agent in Settings makes adjusting your PC easier than ever

uBlock Origin ships to Edge for Android as Google kills it on Chrome

CVE-2025-44854 – Totolink CP900 Command Injection Vulnerability

TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert

New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks

CVE-2025-4224 – WordPress wpForo Advanced Attachments Stored Cross-Site Scripting Vulnerability

How IPv4 Works – A Handbook for Developers

Mobile security: flaw allows hackers to read texts and listen to calls

This midrange OnePlus phone makes skipping flagship models easy – and it’s on sale

CVE-2025-43845 – VITS Voice Changing Framework Remote Code Injection Vulnerability

CVE-2025-3890 – WordPress Simple Shopping Cart Stored Cross-Site Scripting

Tap into Potential: Add Premium Touch to Your Raspberry Pi Projects With SunFounder’s 10-inch Display

CVE-2025-3864 – Hackney HTTP Connection Pool Exhaustion Vulnerability

CVE-2025-44854 – Totolink CP900 Command Injection Vulnerability

Related Posts