<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Sun, 05 Jul 2026 23:46:41 +0000</lastBuildDate>
    <item>
      <title>849ffb11-e861-4fea-8cd6-b7e8af4f4be1</title>
      <link>https://vulnerability.circl.lu/sighting/849ffb11-e861-4fea-8cd6-b7e8af4f4be1/export</link>
      <description>{"uuid": "849ffb11-e861-4fea-8cd6-b7e8af4f4be1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24159", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8244", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24159\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function.\n\ud83d\udccf Published: 2023-02-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-20T18:07:55.240Z\n\ud83d\udd17 References:\n1. https://github.com/iceyjchen/VulnerabilityProjectRecords/blob/main/setPasswordCfg_admpass/setPasswordCfg_admpass.md", "creation_timestamp": "2025-03-20T18:20:40.000000Z"}</description>
      <content:encoded>{"uuid": "849ffb11-e861-4fea-8cd6-b7e8af4f4be1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24159", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8244", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-24159\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function.\n\ud83d\udccf Published: 2023-02-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-20T18:07:55.240Z\n\ud83d\udd17 References:\n1. https://github.com/iceyjchen/VulnerabilityProjectRecords/blob/main/setPasswordCfg_admpass/setPasswordCfg_admpass.md", "creation_timestamp": "2025-03-20T18:20:40.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/849ffb11-e861-4fea-8cd6-b7e8af4f4be1/export</guid>
      <pubDate>Thu, 20 Mar 2025 18:20:40 +0000</pubDate>
    </item>
    <item>
      <title>4bf7898e-31cf-4e85-93fa-ff61157be968</title>
      <link>https://vulnerability.circl.lu/sighting/4bf7898e-31cf-4e85-93fa-ff61157be968/export</link>
      <description>{"uuid": "4bf7898e-31cf-4e85-93fa-ff61157be968", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2415", "type": "seen", "source": "https://t.me/cibsecurity/64961", "content": "\u203c CVE-2023-2415 \u203c\n\nThe Online Booking &amp;amp; Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-03T20:09:29.000000Z"}</description>
      <content:encoded>{"uuid": "4bf7898e-31cf-4e85-93fa-ff61157be968", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2415", "type": "seen", "source": "https://t.me/cibsecurity/64961", "content": "\u203c CVE-2023-2415 \u203c\n\nThe Online Booking &amp;amp; Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-03T20:09:29.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/4bf7898e-31cf-4e85-93fa-ff61157be968/export</guid>
      <pubDate>Sat, 03 Jun 2023 20:09:29 +0000</pubDate>
    </item>
    <item>
      <title>9aca3ebe-36df-4d41-8e8f-9619ec310603</title>
      <link>https://vulnerability.circl.lu/sighting/9aca3ebe-36df-4d41-8e8f-9619ec310603/export</link>
      <description>{"uuid": "9aca3ebe-36df-4d41-8e8f-9619ec310603", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24159", "type": "seen", "source": "https://t.me/cibsecurity/58111", "content": "\u203c CVE-2023-24159 \u203c\n\nTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T18:35:41.000000Z"}</description>
      <content:encoded>{"uuid": "9aca3ebe-36df-4d41-8e8f-9619ec310603", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24159", "type": "seen", "source": "https://t.me/cibsecurity/58111", "content": "\u203c CVE-2023-24159 \u203c\n\nTOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T18:35:41.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/9aca3ebe-36df-4d41-8e8f-9619ec310603/export</guid>
      <pubDate>Tue, 14 Feb 2023 18:35:41 +0000</pubDate>
    </item>
    <item>
      <title>c7a77ce1-5715-441b-97ed-3f9efc26c64b</title>
      <link>https://vulnerability.circl.lu/sighting/c7a77ce1-5715-441b-97ed-3f9efc26c64b/export</link>
      <description>{"uuid": "c7a77ce1-5715-441b-97ed-3f9efc26c64b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24156", "type": "seen", "source": "https://t.me/cibsecurity/57466", "content": "\u203c CVE-2023-24156 \u203c\n\nA command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:21:05.000000Z"}</description>
      <content:encoded>{"uuid": "c7a77ce1-5715-441b-97ed-3f9efc26c64b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24156", "type": "seen", "source": "https://t.me/cibsecurity/57466", "content": "\u203c CVE-2023-24156 \u203c\n\nA command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:21:05.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/c7a77ce1-5715-441b-97ed-3f9efc26c64b/export</guid>
      <pubDate>Fri, 03 Feb 2023 18:21:05 +0000</pubDate>
    </item>
    <item>
      <title>a1b79891-2730-47c4-a528-4cf76dc1df4f</title>
      <link>https://vulnerability.circl.lu/sighting/a1b79891-2730-47c4-a528-4cf76dc1df4f/export</link>
      <description>{"uuid": "a1b79891-2730-47c4-a528-4cf76dc1df4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24154", "type": "seen", "source": "https://t.me/cibsecurity/57465", "content": "\u203c CVE-2023-24154 \u203c\n\nTOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:21:04.000000Z"}</description>
      <content:encoded>{"uuid": "a1b79891-2730-47c4-a528-4cf76dc1df4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24154", "type": "seen", "source": "https://t.me/cibsecurity/57465", "content": "\u203c CVE-2023-24154 \u203c\n\nTOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:21:04.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/a1b79891-2730-47c4-a528-4cf76dc1df4f/export</guid>
      <pubDate>Fri, 03 Feb 2023 18:21:04 +0000</pubDate>
    </item>
    <item>
      <title>10cdfd24-1c61-48c4-989a-636370a555a3</title>
      <link>https://vulnerability.circl.lu/sighting/10cdfd24-1c61-48c4-989a-636370a555a3/export</link>
      <description>{"uuid": "10cdfd24-1c61-48c4-989a-636370a555a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24155", "type": "seen", "source": "https://t.me/cibsecurity/57464", "content": "\u203c CVE-2023-24155 \u203c\n\nTOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:21:03.000000Z"}</description>
      <content:encoded>{"uuid": "10cdfd24-1c61-48c4-989a-636370a555a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24155", "type": "seen", "source": "https://t.me/cibsecurity/57464", "content": "\u203c CVE-2023-24155 \u203c\n\nTOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:21:03.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/10cdfd24-1c61-48c4-989a-636370a555a3/export</guid>
      <pubDate>Fri, 03 Feb 2023 18:21:03 +0000</pubDate>
    </item>
    <item>
      <title>2540fc92-be28-43eb-a267-103c94a3a0f8</title>
      <link>https://vulnerability.circl.lu/sighting/2540fc92-be28-43eb-a267-103c94a3a0f8/export</link>
      <description>{"uuid": "2540fc92-be28-43eb-a267-103c94a3a0f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24150", "type": "seen", "source": "https://t.me/cibsecurity/57457", "content": "\u203c CVE-2023-24150 \u203c\n\nA command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:20:50.000000Z"}</description>
      <content:encoded>{"uuid": "2540fc92-be28-43eb-a267-103c94a3a0f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24150", "type": "seen", "source": "https://t.me/cibsecurity/57457", "content": "\u203c CVE-2023-24150 \u203c\n\nA command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:20:50.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/2540fc92-be28-43eb-a267-103c94a3a0f8/export</guid>
      <pubDate>Fri, 03 Feb 2023 18:20:50 +0000</pubDate>
    </item>
    <item>
      <title>3accf613-f0ad-4528-8e43-16a912020579</title>
      <link>https://vulnerability.circl.lu/sighting/3accf613-f0ad-4528-8e43-16a912020579/export</link>
      <description>{"uuid": "3accf613-f0ad-4528-8e43-16a912020579", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24151", "type": "seen", "source": "https://t.me/cibsecurity/57456", "content": "\u203c CVE-2023-24151 \u203c\n\nA command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:20:49.000000Z"}</description>
      <content:encoded>{"uuid": "3accf613-f0ad-4528-8e43-16a912020579", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24151", "type": "seen", "source": "https://t.me/cibsecurity/57456", "content": "\u203c CVE-2023-24151 \u203c\n\nA command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:20:49.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/3accf613-f0ad-4528-8e43-16a912020579/export</guid>
      <pubDate>Fri, 03 Feb 2023 18:20:49 +0000</pubDate>
    </item>
    <item>
      <title>5a93ed3b-2a64-4206-b182-cca8ea2bfcaa</title>
      <link>https://vulnerability.circl.lu/sighting/5a93ed3b-2a64-4206-b182-cca8ea2bfcaa/export</link>
      <description>{"uuid": "5a93ed3b-2a64-4206-b182-cca8ea2bfcaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24152", "type": "seen", "source": "https://t.me/cibsecurity/57454", "content": "\u203c CVE-2023-24152 \u203c\n\nA command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:20:47.000000Z"}</description>
      <content:encoded>{"uuid": "5a93ed3b-2a64-4206-b182-cca8ea2bfcaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24152", "type": "seen", "source": "https://t.me/cibsecurity/57454", "content": "\u203c CVE-2023-24152 \u203c\n\nA command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:20:47.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/5a93ed3b-2a64-4206-b182-cca8ea2bfcaa/export</guid>
      <pubDate>Fri, 03 Feb 2023 18:20:47 +0000</pubDate>
    </item>
    <item>
      <title>2917a1d0-bf51-4ec4-bf64-1342a73022a6</title>
      <link>https://vulnerability.circl.lu/sighting/2917a1d0-bf51-4ec4-bf64-1342a73022a6/export</link>
      <description>{"uuid": "2917a1d0-bf51-4ec4-bf64-1342a73022a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24153", "type": "seen", "source": "https://t.me/cibsecurity/57452", "content": "\u203c CVE-2023-24153 \u203c\n\nA command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:20:42.000000Z"}</description>
      <content:encoded>{"uuid": "2917a1d0-bf51-4ec4-bf64-1342a73022a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-24153", "type": "seen", "source": "https://t.me/cibsecurity/57452", "content": "\u203c CVE-2023-24153 \u203c\n\nA command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:20:42.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/2917a1d0-bf51-4ec4-bf64-1342a73022a6/export</guid>
      <pubDate>Fri, 03 Feb 2023 18:20:42 +0000</pubDate>
    </item>
  </channel>
</rss>
