Current Conditions
São Paulo
nublado

19 ℃
90%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 13:00:02
  1. [USD] USD 62,387.44
  1. [BRL] BRL 324,489.54 [USD] USD 62,387.44 [GBP] GBP 47,303.09 [EUR] EUR 54,816.41
    Price index provided by blockchain.info.
  2. After Bitcoin Core 0.14.0 and before Bitcoin Core 29.0, validating a specially-crafted block may cause the node to access previously freed memory.
    During validation, necessary data required for checking inputs for each transaction is pre-calculated and cached. For specially crafted invalid blocks, it was possible for this data to be destroyed while it was still being accessed by a background validation thread. An attacker capable of mining a block with sufficient proof-of-work could have exploited this to crash victim nodes. Because of the nature of use-after-free bugs, it is possible that the crash could have been used for remote code execution, though constraints on the input (block) data make this unlikely.
    This issue is considered High severity.

    Details

    By default, script validation for new blocks is dispatched to background threads via a vector of CScriptCheck functors. Each CScriptCheck holds a pointer to a PrecomputedTransactionData object which stores some data needed by each input in the transaction. Because it stores a pointer and not the data itself, care must be taken to ensure that the PrecomputedTransactionData outlives the CScriptCheck.
    The script checks lifetime is enforced by an RAII class, CCheckQueueControl. However, the control is intantiated before the precomputed transaction data. Because local objects in C++ are destructed in reverse order of construction, this means the vector of PrecomputedTransactionData is destroyed before the CCheckQueueControl.
    This is not an issue when the block is valid, as CCheckQueueControl::Wait() will be called before the function returns and the PrecomputedTransactionData gets destroyed. However, in case of an early return (when a separate check fails) a background script thread may read the precomputed transaction data after it was destroyed. An attacker could exploit this to crash victim nodes at the expense of a valid PoW at tip.

    Attribution

    Cory Fields (MIT DCI) discovered this vulnerability and responsibly disclosed it in a detailed report containing a proof of concept for reproduction and a proposed mitigation.

    Timeline

    • 2024-11-02 Cory Fields privately reports the bug
    • 2024-11-06 Pieter Wuille pushes a covert fix to already open PR #31112 which works around the issue by removing the early returns
    • 2024-12-03 PR #31112 is merged
    • 2025-04-12 Bitcoin Core version 29.0 is released with a fix
    • 2026-04-19 The last vulnerable Bitcoin Core version (28.x) goes end of life
    • 2026-05-05 Public disclosure.

[CVE-2026-2983] [Modified: 17-06-2026] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was determined in SourceCodester Student Result Management System 1.0. The impacted element is an unknown function of the file /admin/core/import_users.php of the component Bulk Import. This manipulation of the argument File causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

[CVE-2026-2984] [Modified: 17-06-2026] [Analyzed] [V3.1 S6.5:MEDIUM] A vulnerability was identified in SourceCodester Student Result Management System 1.0. This affects an unknown function of the file /admin/core/drop_user.php. Such manipulation of the argument ID leads to denial of service. The attack can be executed remotely. The exploit is publicly available and might be used.

[CVE-2025-69700] [Modified: 17-06-2026] [Analyzed] [V3.1 S7.5:HIGH] Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler.

[CVE-2026-21420] [Modified: 17-06-2026] [Analyzed] [V3.1 S7.3:HIGH] Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges.

[CVE-2025-70044] [Modified: 17-06-2026] [Analyzed] [V3.1 S6.5:MEDIUM] An issue pertaining to CWE-295: Improper Certificate Validation was discovered in fofolee uTools-quickcommand 5.0.3.

[CVE-2025-70045] [Modified: 17-06-2026] [Analyzed] [V3.1 S7.4:HIGH] An issue pertaining to CWE-295: Improper Certificate Validation was discovered in jxcore jxm master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTPS request options when 'jx_obj.IsSecure' is true

[CVE-2025-70058] [Modified: 17-06-2026] [Analyzed] [V3.1 S7.4:HIGH] An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests

[CVE-2026-2697] [Modified: 17-06-2026] [Analyzed] [V3.1 S6.3:MEDIUM] An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter.

[CVE-2026-3015] [Modified: 17-06-2026] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/formPolicyRouteConf. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

[CVE-2026-3016] [Modified: 17-06-2026] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. The affected element is the function strcpy of the file /goform/formP2PLimitConfig. The manipulation of the argument except leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

[CVE-2026-22567] [Modified: 17-06-2026] [Analyzed] [V3.1 S7.6:HIGH] Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios.

[CVE-2026-22568] [Modified: 17-06-2026] [Analyzed] [V3.1 S5.5:MEDIUM] Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions.

[CVE-2026-27511] [Modified: 17-06-2026] [Analyzed] [V3.1 S4.3:MEDIUM] Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an authenticated administrator into unintended interactions that may result in unauthorized configuration changes.

[CVE-2026-27512] [Modified: 17-06-2026] [Analyzed] [V3.1 S6.1:MEDIUM] Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under affected browser behaviors, MIME sniffing may cause the response to be interpreted as active HTML, enabling script execution in the context of the administrative interface.

[CVE-2026-27513] [Modified: 17-06-2026] [Analyzed] [V3.1 S4.3:MEDIUM] Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a cross-site request forgery (CSRF) vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit state-changing requests, which can result in unauthorized configuration changes.

[CVE-2026-27514] [Modified: 17-06-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits appropriate Cache-Control directives, which can allow the response to be stored in client-side caches and recovered by other local users or processes with access to cached browser data.

[CVE-2026-2698] [Modified: 17-06-2026] [Analyzed] [V3.1 S6.5:MEDIUM] An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.

[CVE-2025-61146] [Modified: 17-06-2026] [Analyzed] [V3.1 S4.0:MEDIUM] saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c.

[CVE-2025-61147] [Modified: 17-06-2026] [Analyzed] [V3.1 S6.2:MEDIUM] strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table().

[CVE-2025-63945] [Modified: 17-06-2026] [Analyzed] [V3.1 S7.4:HIGH] A privilege escalation (PE) vulnerability in the Tencent iOA app thru 210.9.28693.621001 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.