EUVD-2026-27586

In the Linux kernel, the following vulnerability has been resolved: net: afkey: zero aligned sockaddr tail in PFKEY exports PFKEY export paths use pfkeysockaddrsize when reserving sockaddr payload space, so IPv6 addresses occupy 32 bytes on the wire. However, pfkeysockaddrfill initializes only th...

EUVD-2025-16738

Malicious code in bioql PyPI...

TOTOLINK A3002RU NAT Mapping Page Component Cross-Site Scripting Vulnerability

TOTOLINK A3002RU is a wireless router product from China's Gion Electronics TOTOLINK. The TOTOLINK A3002RU suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the NAT Mapping Page component parameter Comment, for...

The vulnerability of the NAT Mapping configuration of the Virtual Server module in the microprogramming-based router software of TOTOLINK A3002RU allows attackers to carry out cross-site scripting (XSS) attacks.

The vulnerability of the NAT Mapping configuration of the Virtual Server module in the TOTOLINK A3002RU router software lies in the lack of protection for the website structure when processing the Service Type parameter. Exploiting this vulnerability allows an attacker to perform cross-site...

The vulnerability of the NAT Mapping module in TOTOLINK A3002RU software allows attackers to perform cross-site scripting (XSS) attacks.

The vulnerability of the NAT Mapping module in TOTOLINK A3002RU router microprogramming software is related to the lack of measures taken to protect the website structure when processing the Comment parameter. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting...

The vulnerability of the NAT Mapping configuration of the Virtual Server module in the microprogramming router Totolink X2000R allows attackers to carry out cross-site scripting attacks.

The vulnerability of the NAT Mapping configuration of the Totolink X2000R router software module is related to the lack of protection for the website structure when processing the servicetype parameter. Exploiting this vulnerability allows an attacker to perform cross-site scripting attacks...

CVE-2025-5506 TOTOLINK A3002RU NAT Mapping Page cross site scripting

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been classified as problematic. Affected is an unknown function of the component NAT Mapping Page. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2025-5506 TOTOLINK A3002RU NAT Mapping Page cross site scripting

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been classified as problematic. Affected is an unknown function of the component NAT Mapping Page. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2025-5506

The CVE-2025-5506 entry affects TOTOLINK A3002RU (firmware 2.1.1-B20230720.1011) in the NAT Mapping Page component. The vulnerability stems from manipulation of the Comment parameter, enabling cross-site scripting (XSS). It is exploitable remotely and reportedly had an exploit disclosed publicly....

PT-2025-23633 · Totolink · Totolink A3002Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002RU version 2.1.1-B20230720.1011 Description: A vulnerability was found in the NAT Mapping Page component of the affected software. The issue is related to the manipulation of the Comment argument, which leads to cross-site...

NetBIOS Response BadTunnel Brute Force Spoof (NAT Tunnel)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NetBIOS Response "BadTunnel" Brute Force Spoof NAT Tunnel', 'Description' = %q This module listens for a NetBIOS name request and then continuous...

New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities

A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user's web activity. "SnailLoad exploits a bottleneck present on all Internet connections," the researchers said in a study...

TP-LINK TL-7DR5130 Security Vulnerability

TP-LINK TL-7DR5130 is a wireless router from China P&L TP-LINK. A security vulnerability exists in TP-LINK TL-7DR5130 v1.0.23, which stems from vulnerability to TCP DoS or hijacking attacks, where an attacker can evict the NAT mapping in the router by sending a forged TCP RST message to disconnec...