Aggregator

A vulnerability classified as problematic has been found in Docker CLI and Compose on Windows. This impacts an unknown function of the file docker-compose.exe. Performing a manipulation results in uncontrolled search path. This vulnerability was named CVE-2025-15558. The attack needs to be approached locally. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability labeled as critical has been found in Dell Device Management Agent up to 26.1. This impacts an unknown function. Such manipulation leads to improper check for unusual conditions. This vulnerability is traded as CVE-2026-22760. An attack has to be approached locally. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Nil Hardware Editor Hardware Read & Write Utility up to 1.25.11.26. It has been classified as critical. This issue affects some unknown processing in the library HwRwDrv.sys. Performing a manipulation results in sql injection. This vulnerability is cataloged as CVE-2025-66678. The attack must originate from the local network. There is no exploit available.

A vulnerability described as critical has been identified in vran-dev databaseir up to 1.0.7. Affected by this vulnerability is an unknown functionality of the component Search API Endpoint. Executing a manipulation of the argument Query can lead to sql injection. This vulnerability is handled as CVE-2025-66944. The attack can be executed remotely. There is not any exploit available.

A vulnerability marked as critical has been reported in SRK Powertech Pebble Prism Ultra 2.9.2. The impacted element is an unknown function of the component OTA Service. This manipulation causes improper authentication. This vulnerability is handled as CVE-2025-69969. The attack can only be done within the local network. There is not any exploit available.

A vulnerability has been found in Brocade ASCG 3.4.0 and classified as critical. This affects an unknown function. This manipulation causes authentication bypass by primary weakness. This vulnerability is handled as CVE-2026-0869. The attack can be initiated remotely. There is not any exploit available.

A vulnerability classified as critical was found in D-Link DIR-513 1.10. Affected by this vulnerability is an unknown functionality of the file /goform/formSetPortTr. Such manipulation of the argument curTime leads to stack-based buffer overflow. This vulnerability is documented as CVE-2025-70237. The attack can be executed remotely. There is not any exploit available.

A vulnerability, which was classified as critical, has been found in D-Link DIR-513 1.10. Affected by this issue is some unknown functionality of the file /goform/formSetWANType_Wizard5. Performing a manipulation of the argument curTime results in stack-based buffer overflow. This vulnerability is reported as CVE-2025-70241. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in International Datacasting Corporation SFX SuperFlex SatelliteReceiver Web Management Interface 101 and classified as critical. Affected is an unknown function. Executing a manipulation of the argument flags can lead to os command injection. This vulnerability appears as CVE-2026-28774. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in International Datacasting Corporation SFX SuperFlex Satellite Receiver Web management interface up to 100. It has been classified as critical. Affected by this vulnerability is an unknown functionality of the file /IDC_Logging/checkifdone.cgi of the component Backup Endpoint. The manipulation of the argument File leads to path traversal. This vulnerability is traded as CVE-2026-28769. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in International Datacasting Corporation SFX2100 SuperFlex SatelliteReceiver. It has been declared as very critical. Affected by this issue is some unknown functionality of the component SNMP Service. The manipulation results in insecure default initialization of resource. This vulnerability is known as CVE-2026-28775. It is possible to launch the attack remotely. No exploit is available.

A vulnerability, which was classified as problematic, was found in International Datacasting Corporation SFX SuperFlex SatelliteReceiver Web Management Interface 101. Affected by this vulnerability is an unknown functionality of the file /IDC_Logging/index.cgi. Executing a manipulation of the argument submitType can lead to cross site scripting. This vulnerability is registered as CVE-2026-28772. It is possible to launch the attack remotely. No exploit is available.

A vulnerability has been found in International Datacasting Corporation SFX SuperFlex Satellite Receiver Web Management Interface 101 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.cgi of the component Web Management Interface. The manipulation of the argument cat leads to cross site scripting. This vulnerability is documented as CVE-2026-28771. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in International Datacasting Corporation SFX SuperFlex Satellite Receiver Web management interface 101 and classified as critical. This affects an unknown part of the file /IDC_Logging/checkifdone.cgi. The manipulation of the argument File results in xml injection. This vulnerability is reported as CVE-2026-28770. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Apache ActiveMQ. It has been classified as problematic. This issue affects some unknown processing of the component MQTT Control Packet Handler. The manipulation leads to integer overflow. This vulnerability is referenced as CVE-2025-66168. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability has been found in International Datacasting Corporation SFX SuperFlex SatelliteReceiver Web Management Interface 101 and classified as critical. This impacts an unknown function of the file /IDC_Ping/main.cgi. Performing a manipulation of the argument IPaddr results in os command injection. This vulnerability is reported as CVE-2026-28773. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in grahampugh erase-install up to 40.4. It has been declared as problematic. Affected is an unknown function of the file /var/tmp/dialog.json. The manipulation results in information disclosure. This vulnerability is reported as CVE-2025-70342. The attacker must have access to the local network to execute the attack. No exploit exists. It is advisable to implement a patch to correct this issue.

本周，互联网网络安全态势整体评价为良。

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。用户的要求是直接写描述，不需要开头语。 首先，我看看文章的主要内容。文章讲的是苹果最新的MacBook Neo固态硬盘速度较慢，只有PCIe 3.0级别，比之前的M1 MacBook Air慢50%。测试数据显示读写速度分别是1735MB/s和1684MB/s，而MacBook Pro M5 Max的读写速度高达13600MB/s和17800MB/s。不过，Neo定位学习和轻量办公，价格便宜，可能在性能上有所妥协。 接下来，我需要提取关键点：MacBook Neo的SSD速度低、比旧款慢、定位入门级、价格低。这些信息要简洁明了地表达出来。 然后，我要确保总结在100字以内，并且直接描述内容。避免使用“文章总结”这样的开头。 最后，检查语言是否流畅自然，没有语法错误。 苹果最新推出的MacBook Neo固态硬盘读写速度仅为PCIe 3.0级别，比2020年发布的M1版MacBook Air慢50%，但其定位为学习和轻量办公，价格低廉。

奇安信威胁情报中心红雨滴团队私有情报系统监测到大量仿冒OpenClaw的安装站点正在借机投毒。在一众常见的木马中，我们发现一个“另类”——它携带着俄语调试字符串，投递的是一款前所未见的恶意软件。因其调试字符串，我们将其命名为 “Anti-bot”。