Whalers Blog

CVE ID : CVE-2025-6627 Published : June 25, 2025, 7:15 p.m. | 14 hours, 25 minutes ago Description : A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer…

CVE ID : CVE-2025-6445 Published : June 25, 2025, 6:15 p.m. | 15 hours, 25 minutes ago Description : ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending…

CVE ID : CVE-2025-5830 Published : June 25, 2025, 6:15 p.m. | 15 hours, 25 minutes ago Description : Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to…

CVE ID : CVE-2025-5827 Published : June 25, 2025, 6:15 p.m. | 15 hours, 25 minutes ago Description : Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to…

CVE ID : CVE-2025-6617 Published : June 25, 2025, 5:15 p.m. | 16 hours, 25 minutes ago Description : A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to stack-based buffer overflow. The attack may be initiated…

CVE ID : CVE-2025-6616 Published : June 25, 2025, 5:15 p.m. | 16 hours, 25 minutes ago Description : A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWAN_Wizard51 of the file /goform/formSetWAN_Wizard51. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be…

CVE ID : CVE-2025-5015 Published : June 25, 2025, 5:15 p.m. | 16 hours, 25 minutes ago Description : A cross-site scripting vulnerability exists in the AccuWeather and Custom RSS widget that allows an unauthenticated user to replace the RSS feed URL with a malicious one. Severity: 8.8 | HIGH Visit the link for more details, such…

CVE ID : CVE-2025-52890 Published : June 25, 2025, 5:15 p.m. | 16 hours, 25 minutes ago Description : Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates nftables rules that partially bypass security options `security.mac_filtering`, `security.ipv4_filtering` and `security.ipv6_filtering`. This can…

CVE ID : CVE-2025-49153 Published : June 25, 2025, 5:15 p.m. | 16 hours, 25 minutes ago Description : MICROSENS NMP Web+ could allow an unauthenticated attacker to overwrite files and execute arbitrary code. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source

CVE ID : CVE-2025-49151 Published : June 25, 2025, 5:15 p.m. | 16 hours, 25 minutes ago Description : MICROSENS NMP Web+ could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication. Severity: 9.1 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to…