CVE-2026-41926

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters like websURLFilter,...

CVE-2026-41926

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters like websURLFilter,...

BIT-NGINX-GATEWAY-2025-23419 TLS Session Resumption Vulnerability

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

EUVD-2004-0524

Malware in sbrugna...

EUVD-2005-2805

Malware in sbrugna...

EUVD-2020-27077

Malware in sbrugna...

EUVD-2025-16754

Malicious code in bioql PyPI...

EUVD-2025-12410

Malicious code in bioql PyPI...

CLSA-2025-1752516250 nginx: Fix of CVE-2025-23419

CVE-2025-23419: fix issue allowing session resumption to bypass client certificate authentication when multiple server blocks share same IP/port...

TOTOLINK A3002RU IP Port Filtering Page Component Cross-Site Scripting Vulnerability

TOTOLINK A3002RU is a wireless router product from China's Gion Electronics TOTOLINK. A cross-site scripting vulnerability exists in the TOTOLINK A3002RU, which stems from the lack of effective filtering and escaping of user-supplied data by the IP Port Filtering Page component parameter Comment,...

CVE-2025-5508 TOTOLINK A3002RU IP Port Filtering Page cross site scripting

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been rated as problematic. Affected by this issue is some unknown functionality of the component IP Port Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched...

CVE-2025-5508 TOTOLINK A3002RU IP Port Filtering Page cross site scripting

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been rated as problematic. Affected by this issue is some unknown functionality of the component IP Port Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched...

PT-2025-23638 · Totolink · Totolink A3002Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002RU version 2.1.1-B20230720.1011 Description: The issue is related to the IP/Port Filtering module of the TOTOLINK A3002RU router's firmware, where the Comment parameter is not properly protected, leading to cross-site scripting...

CVE-2024-32334

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting XSS vulnerability in IP/Port Filtering under the Firewall Page...

CVE-2024-28402

TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting XSS vulnerability in IP/Port Filtering under the Firewall Page...

CVE-2022-36464

TOTOLINK A3700R V9.1.2u.6134B20201202 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules...

CVE-2025-2410

Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

CVE-2020-5923

In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses...

CVE-2025-45787

TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viathe comment parameter in setIpPortFilterRules...

TOTOLINK N150RT IP Port Filtering Component Cross-Site Scripting Vulnerability

The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT version 3.4.0-B20190525 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the IP Port Filtering component, whi...