<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-05T23:46:40.866756+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/849ffb11-e861-4fea-8cd6-b7e8af4f4be1/export</id>
    <title>849ffb11-e861-4fea-8cd6-b7e8af4f4be1</title>
    <updated>2026-07-05T23:46:40.889584+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "849ffb11-e861-4fea-8cd6-b7e8af4f4be1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24159", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8244", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24159\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function.\n\ud83d\udccf Published: 2023-02-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-20T18:07:55.240Z\n\ud83d\udd17 References:\n1. https://github.com/iceyjchen/VulnerabilityProjectRecords/blob/main/setPasswordCfg_admpass/setPasswordCfg_admpass.md", "creation_timestamp": "2025-03-20T18:20:40.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/849ffb11-e861-4fea-8cd6-b7e8af4f4be1/export"/>
    <published>2025-03-20T18:20:40+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/4bf7898e-31cf-4e85-93fa-ff61157be968/export</id>
    <title>4bf7898e-31cf-4e85-93fa-ff61157be968</title>
    <updated>2026-07-05T23:46:40.891326+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "4bf7898e-31cf-4e85-93fa-ff61157be968", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2415", "type": "seen", "source": "https://t.me/cibsecurity/64961", "content": "\u203c CVE-2023-2415 \u203c\n\nThe Online Booking &amp;amp; Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-03T20:09:29.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/4bf7898e-31cf-4e85-93fa-ff61157be968/export"/>
    <published>2023-06-03T20:09:29+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/9aca3ebe-36df-4d41-8e8f-9619ec310603/export</id>
    <title>9aca3ebe-36df-4d41-8e8f-9619ec310603</title>
    <updated>2026-07-05T23:46:40.891463+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "9aca3ebe-36df-4d41-8e8f-9619ec310603", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24159", "type": "seen", "source": "https://t.me/cibsecurity/58111", "content": "\u203c CVE-2023-24159 \u203c\n\nTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T18:35:41.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/9aca3ebe-36df-4d41-8e8f-9619ec310603/export"/>
    <published>2023-02-14T18:35:41+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c7a77ce1-5715-441b-97ed-3f9efc26c64b/export</id>
    <title>c7a77ce1-5715-441b-97ed-3f9efc26c64b</title>
    <updated>2026-07-05T23:46:40.891581+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c7a77ce1-5715-441b-97ed-3f9efc26c64b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24156", "type": "seen", "source": "https://t.me/cibsecurity/57466", "content": "\u203c CVE-2023-24156 \u203c\n\nA command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:21:05.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c7a77ce1-5715-441b-97ed-3f9efc26c64b/export"/>
    <published>2023-02-03T18:21:05+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a1b79891-2730-47c4-a528-4cf76dc1df4f/export</id>
    <title>a1b79891-2730-47c4-a528-4cf76dc1df4f</title>
    <updated>2026-07-05T23:46:40.891683+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a1b79891-2730-47c4-a528-4cf76dc1df4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24154", "type": "seen", "source": "https://t.me/cibsecurity/57465", "content": "\u203c CVE-2023-24154 \u203c\n\nTOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:21:04.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a1b79891-2730-47c4-a528-4cf76dc1df4f/export"/>
    <published>2023-02-03T18:21:04+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/10cdfd24-1c61-48c4-989a-636370a555a3/export</id>
    <title>10cdfd24-1c61-48c4-989a-636370a555a3</title>
    <updated>2026-07-05T23:46:40.891787+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "10cdfd24-1c61-48c4-989a-636370a555a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24155", "type": "seen", "source": "https://t.me/cibsecurity/57464", "content": "\u203c CVE-2023-24155 \u203c\n\nTOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:21:03.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/10cdfd24-1c61-48c4-989a-636370a555a3/export"/>
    <published>2023-02-03T18:21:03+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/2540fc92-be28-43eb-a267-103c94a3a0f8/export</id>
    <title>2540fc92-be28-43eb-a267-103c94a3a0f8</title>
    <updated>2026-07-05T23:46:40.891881+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "2540fc92-be28-43eb-a267-103c94a3a0f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24150", "type": "seen", "source": "https://t.me/cibsecurity/57457", "content": "\u203c CVE-2023-24150 \u203c\n\nA command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:20:50.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/2540fc92-be28-43eb-a267-103c94a3a0f8/export"/>
    <published>2023-02-03T18:20:50+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/3accf613-f0ad-4528-8e43-16a912020579/export</id>
    <title>3accf613-f0ad-4528-8e43-16a912020579</title>
    <updated>2026-07-05T23:46:40.891978+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "3accf613-f0ad-4528-8e43-16a912020579", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24151", "type": "seen", "source": "https://t.me/cibsecurity/57456", "content": "\u203c CVE-2023-24151 \u203c\n\nA command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:20:49.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/3accf613-f0ad-4528-8e43-16a912020579/export"/>
    <published>2023-02-03T18:20:49+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/5a93ed3b-2a64-4206-b182-cca8ea2bfcaa/export</id>
    <title>5a93ed3b-2a64-4206-b182-cca8ea2bfcaa</title>
    <updated>2026-07-05T23:46:40.892072+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "5a93ed3b-2a64-4206-b182-cca8ea2bfcaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24152", "type": "seen", "source": "https://t.me/cibsecurity/57454", "content": "\u203c CVE-2023-24152 \u203c\n\nA command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:20:47.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/5a93ed3b-2a64-4206-b182-cca8ea2bfcaa/export"/>
    <published>2023-02-03T18:20:47+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/2917a1d0-bf51-4ec4-bf64-1342a73022a6/export</id>
    <title>2917a1d0-bf51-4ec4-bf64-1342a73022a6</title>
    <updated>2026-07-05T23:46:40.892167+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "2917a1d0-bf51-4ec4-bf64-1342a73022a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24153", "type": "seen", "source": "https://t.me/cibsecurity/57452", "content": "\u203c CVE-2023-24153 \u203c\n\nA command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:20:42.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/2917a1d0-bf51-4ec4-bf64-1342a73022a6/export"/>
    <published>2023-02-03T18:20:42+00:00</published>
  </entry>
</feed>
