Current Conditions
São Paulo
nublado

20 ℃
95%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 09:00:02
  1. [USD] USD 69,252.56
  1. [BRL] BRL 360,043.23 [USD] USD 69,252.56 [GBP] GBP 51,544.68 [EUR] EUR 59,695.57
    Price index provided by blockchain.info.
  2. Bitcoin Core version 29.3 is now available for download. See the release notes for more information about the bug fixes in this release.
    If you have any questions, please stop by the #bitcoin IRC chatroom (IRC, web) and we’ll do our best to help you.

[CVE-2017-20210] [Modified: 14-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research.

[CVE-2025-7430] [Modified: 21-11-2025] [Analyzed] [V3.1 S7.3:HIGH] Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report.

[CVE-2025-7632] [Modified: 21-11-2025] [Analyzed] [V3.1 S7.3:HIGH] Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report.

[CVE-2025-7633] [Modified: 24-11-2025] [Analyzed] [V3.1 S7.3:HIGH] Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report.

[CVE-2025-41101] [Modified: 17-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in'/projects/save'.

[CVE-2025-41102] [Modified: 17-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/events/save'.

[CVE-2025-41103] [Modified: 17-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'reply_message' in '/messages/reply'.

[CVE-2025-41104] [Modified: 17-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'custom_field_1' in '/estimate_requests/save_estimate_request'.

[CVE-2025-41105] [Modified: 17-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/tickets/save'.

[CVE-2025-41106] [Modified: 17-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'first_name' in '/clients/save_contact/'.

[CVE-2024-57695] [Modified: 02-01-2026] [Analyzed] [V3.1 S7.7:HIGH] An issue in Agnitum Outpost Security Suite 7.5.3 (3942.608.1810) and 7.6 (3984.693.1842) allows a local attacker to execute arbitrary code via the lock function. The manufacturer fixed the vulnerability in version 8.0 (4164.652.1856) from December 17, 2012.

[CVE-2025-10918] [Modified: 17-11-2025] [Analyzed] [V3.1 S7.1:HIGH] Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk

[CVE-2025-12940] [Modified: 08-12-2025] [Analyzed] [V3.1 S5.5:MEDIUM] Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). An user having access to the syslog server can read the logs containing these credentials.  This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4. Devices managed with Insight get automatic updates. If not, please check the firmware version and update to the latest. Fixed in: WAX610 firmware 11.8.0.10 or later. WAX610Y firmware 11.8.0.10 or later.

[CVE-2025-12942] [Modified: 08-12-2025] [Analyzed] [V3.1 S7.5:HIGH] Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86.

[CVE-2025-12943] [Modified: 08-12-2025] [Analyzed] [V3.1 S7.5:HIGH] Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band WiFi 6E Router) allows attackers with the ability to intercept and tamper traffic destined to the device to execute arbitrary commands on the device. Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update to the latest. Fixed in: RAX30 firmware 1.0.14.108 or later. RAXE300 firmware 1.0.9.82 or later

[CVE-2025-12944] [Modified: 08-12-2025] [Analyzed] [V3.1 S8.8:HIGH] Improper input validation in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with direct network access to the device to potentially execute code on the device. Please check the firmware version and update to the latest. Fixed in:  DGN2200v4 firmware 1.0.0.132 or later

[CVE-2025-13032] [Modified: 08-12-2025] [Analyzed] [V3.1 S9.9:CRITICAL] Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3  on windows allows local attacker to escalate privelages via pool overflow.

[CVE-2025-20050] [Modified: 26-11-2025] [Analyzed] [V3.1 S6.7:MEDIUM] Uncontrolled search path for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

[CVE-2025-20614] [Modified: 26-11-2025] [Analyzed] [V3.1 S6.7:MEDIUM] External control of file name or path for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

[CVE-2025-23361] [Modified: 19-11-2025] [Analyzed] [V3.1 S7.8:HIGH] NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.