fweno.onefour.com.br

Current Conditions
São Paulo
céu limpo

29 ℃
43%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 17:00:02
  1. [USD] USD 84,129.28
  1. [BRL] BRL 454,323.33 [USD] USD 84,129.28 [GBP] GBP 64,188.45 [EUR] EUR 73,051.55
    Price index provided by blockchain.info.
  2. Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
    This issue is considered Low severity.

    Details

    Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
    This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

    Attribution

    Pieter Wuille discovered this bug and disclosed it responsibly.
    Antoine Poinsot proposed and implemented a covert mitigation.

    Timeline

    • 2025-04-24 - Pieter Wuille reports the issue
    • 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
    • 2025-06-26 - PR #32530 is merged into master
    • 2025-09-04 - Version 29.1 is released with the fix
    • 2025-10-10 - Version 30.0 is released with the fix
    • 2025-10-24 - Public Disclosure

dog - 17:19:47 up 63 days, 1:51, 4 users, load average: 0.03, 0.01, 0.00

Google News

[21/11/2025 13:54] STF decreta prisão de Alexandre Ramagem após saída clandestina do país - Correio Braziliense

[21/11/2025 13:44] Mais de 30 países ameaçam bloquear projeto de acordo do Brasil na COP - Poder360

[21/11/2025 10:53] Incêndio na COP30 vira meme nas redes sociais - Revista Oeste

[21/11/2025 11:18] Brasil não merece Messias por 30 anos no STF! - Gazeta do Povo

[21/11/2025 13:07] Eduardo Bolsonaro fala sobre retirada de tarifa contra Brasil e alfineta Moraes: "Crise" - NSC Total

[21/11/2025 11:24] Motta acusa Haddad de divulgar ‘narrativa falsa’ sobre o PL Antifacção - CartaCapital

[21/11/2025 15:50] Veja quais doenças embasam pedido para Bolsonaro cumprir pena da trama golpista em casa - R7

[21/11/2025 12:17] Saiba qual o valor da fiança que falso major do Exército vai pagar para deixar a cadeia - O TEMPO

[21/11/2025 11:56] Lula autoriza desapropriação de imóveis rurais em 14 Estados - Revista Oeste

[21/11/2025 11:59] Entenda plano de 28 pontos de Trump para paz entre Rússia e Ucrânia - CNN Brasil

NVD Feed

[CVE-2025-45702] [Modified: 10-10-2025] [Analyzed] [V3.1 S6.5:MEDIUM] SoftPerfect Pty Ltd Connection Quality Monitor v1.1 was discovered to store all credentials in plaintext.

[CVE-2025-8115] [Modified: 28-07-2025] [Analyzed] [V3.1 S3.5:LOW] A vulnerability has been found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/new-autoortaxi-entry-form.php. The manipulation of the argument registrationnumber/licensenumber leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-31952] [Modified: 10-10-2025] [Analyzed] [V3.1 S7.1:HIGH] HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing the risk of unauthorized access.

[CVE-2025-31953] [Modified: 10-10-2025] [Analyzed] [V3.1 S7.1:HIGH] HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties.

[CVE-2025-31955] [Modified: 10-10-2025] [Analyzed] [V3.1 S7.6:HIGH] HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow unauthorized access to sensitive information within the system.

[CVE-2025-8123] [Modified: 28-08-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-22165] [Modified: 30-07-2025] [Analyzed] [V3.1 S7.3:HIGH] This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE (Arbitrary Code Execution) vulnerability, with a CVSS Score of 5.9, allows a locally authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.  Atlassian recommends that Sourcetree for Mac users upgrade to the latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://www.sourcetreeapp.com/download-archives . You can download the latest version of Sourcetree for Mac from the download center https://www.sourcetreeapp.com/download-archives . This vulnerability was found through the Atlassian Bug Bounty Program by Karol Mazurek (AFINE).

[CVE-2025-32429] [Modified: 03-09-2025] [Analyzed] [V3.1 S9.8:CRITICAL] XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an ORDER BY value. This is fixed in versions 16.10.6 and 17.3.0-rc-1.

[CVE-2025-3614] [Modified: 28-07-2025] [Analyzed] [V3.1 S6.4:MEDIUM] The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of a custom widget in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

[CVE-2025-54379] [Modified: 10-10-2025] [Analyzed] [V3.1 S9.8:CRITICAL] LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote attackers to execute arbitrary SQL statements on the underlying SQLite database by manipulating the table name input in an API request. Exploitation can lead to data theft, corruption, or deletion, and full database compromise. This is fixed in version 2.2.1.

[CVE-2025-0249] [Modified: 09-10-2025] [Analyzed] [V3.1 S3.3:LOW] HCL IEM is affected by an improper invalidation of access or JWT token vulnerability.  A token was not invalidated which may allow attackers to access sensitive data without authorization.

[CVE-2025-0250] [Modified: 09-10-2025] [Analyzed] [V3.1 S2.2:LOW] HCL IEM is affected by an authorization token sent in cookie vulnerability.  A token used for authentication and authorization is being handled in a manner that may increase its exposure to security risks.

[CVE-2025-8124] [Modified: 28-08-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/unallocatedList. The manipulation of the argument params[dataScope] leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-0251] [Modified: 09-10-2025] [Analyzed] [V3.1 S2.6:LOW] HCL IEM is affected by a concurrent login vulnerability.  The application allows multiple concurrent sessions using the same user credentials, which may introduce security risks.

[CVE-2025-0252] [Modified: 09-10-2025] [Analyzed] [V3.1 S2.6:LOW] HCL IEM is affected by a password in cleartext vulnerability.  Sensitive information is transmitted without adequate protection, potentially exposing it to unauthorized access during transit.

[CVE-2025-0253] [Modified: 09-10-2025] [Analyzed] [V3.1 S2.0:LOW] HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could increase exposure to potential vulnerabilities.

[CVE-2025-8125] [Modified: 28-08-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /system/role/authUser/allocatedList. The manipulation of the argument params[dataScope] leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2019-25224] [Modified: 11-08-2025] [Analyzed] [V3.1 S9.8:CRITICAL] The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated attackers to execute arbitrary commands on the host operating system.

[CVE-2025-8126] [Modified: 28-08-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability classified as critical has been found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of the file /system/user/export. The manipulation of the argument params[dataScope] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-8127] [Modified: 28-08-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability classified as critical was found in deerwms deer-wms-2 up to 3.3. This vulnerability affects unknown code of the file /system/user/list. The manipulation of the argument params[dataScope] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap