Current Conditions
São Paulo
nuvens quebradas

15 ℃
77%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 08:30:01
  1. [USD] USD 62,566.57
  1. [BRL] BRL 324,926.98 [USD] USD 62,566.57 [GBP] GBP 46,695.62 [EUR] EUR 54,072.10
    Price index provided by blockchain.info.
  2. After Bitcoin Core 0.14.0 and before Bitcoin Core 29.0, validating a specially-crafted block may cause the node to access previously freed memory.
    During validation, necessary data required for checking inputs for each transaction is pre-calculated and cached. For specially crafted invalid blocks, it was possible for this data to be destroyed while it was still being accessed by a background validation thread. An attacker capable of mining a block with sufficient proof-of-work could have exploited this to crash victim nodes. Because of the nature of use-after-free bugs, it is possible that the crash could have been used for remote code execution, though constraints on the input (block) data make this unlikely.
    This issue is considered High severity.

    Details

    By default, script validation for new blocks is dispatched to background threads via a vector of CScriptCheck functors. Each CScriptCheck holds a pointer to a PrecomputedTransactionData object which stores some data needed by each input in the transaction. Because it stores a pointer and not the data itself, care must be taken to ensure that the PrecomputedTransactionData outlives the CScriptCheck.
    The script checks lifetime is enforced by an RAII class, CCheckQueueControl. However, the control is intantiated before the precomputed transaction data. Because local objects in C++ are destructed in reverse order of construction, this means the vector of PrecomputedTransactionData is destroyed before the CCheckQueueControl.
    This is not an issue when the block is valid, as CCheckQueueControl::Wait() will be called before the function returns and the PrecomputedTransactionData gets destroyed. However, in case of an early return (when a separate check fails) a background script thread may read the precomputed transaction data after it was destroyed. An attacker could exploit this to crash victim nodes at the expense of a valid PoW at tip.

    Attribution

    Cory Fields (MIT DCI) discovered this vulnerability and responsibly disclosed it in a detailed report containing a proof of concept for reproduction and a proposed mitigation.

    Timeline

    • 2024-11-02 Cory Fields privately reports the bug
    • 2024-11-06 Pieter Wuille pushes a covert fix to already open PR #31112 which works around the issue by removing the early returns
    • 2024-12-03 PR #31112 is merged
    • 2025-04-12 Bitcoin Core version 29.0 is released with a fix
    • 2026-04-19 The last vulnerable Bitcoin Core version (28.x) goes end of life
    • 2026-05-05 Public disclosure.

[CVE-2026-2222] [Modified: 29-04-2026] [Analyzed] [V3.1 S2.4:LOW] A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btn_functions.php. Executing a manipulation of the argument firstname can lead to cross site scripting. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

[CVE-2026-2223] [Modified: 29-04-2026] [Analyzed] [V3.1 S7.3:HIGH] A security vulnerability has been detected in code-projects Online Reviewer System 1.0. Affected by this issue is some unknown functionality of the file /system/system/students/assessments/pretest/take/index.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

[CVE-2026-2224] [Modified: 29-04-2026] [Analyzed] [V3.1 S3.5:LOW] A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/manage/users/btn_functions.php. The manipulation of the argument firstname results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used.

[CVE-2026-23903] [Modified: 11-02-2026] [Analyzed] [V3.1 S5.3:MEDIUM] Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such as default macOS setup, static files may be accessed by varying the case of the filename in the request. If only lower-case (common default) filters are present in Shiro, they may be bypassed this way. Shiro 2.0.7 and later has a new parameters to remediate this issue shiro.ini: filterChainResolver.caseInsensitive = true application.propertie: shiro.caseInsensitive=true Shiro 3.0.0 and later (upcoming) makes this the default.

[CVE-2026-2226] [Modified: 29-04-2026] [Analyzed] [V3.1 S4.7:MEDIUM] A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sql_filename leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2026-22922] [Modified: 11-02-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this issue.

[CVE-2026-24098] [Modified: 11-03-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue

[CVE-2026-25846] [Modified: 18-02-2026] [Analyzed] [V3.1 S6.5:MEDIUM] In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs

[CVE-2026-25847] [Modified: 18-02-2026] [Analyzed] [V3.1 S8.2:HIGH] In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible

[CVE-2026-25848] [Modified: 18-02-2026] [Analyzed] [V3.1 S9.1:CRITICAL] In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible

[CVE-2025-59023] [Modified: 20-04-2026] [Analyzed] [V3.1 S8.2:HIGH] Crafted delegations or IP fragments can poison cached delegations in Recursor.

[CVE-2025-59024] [Modified: 20-04-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Crafted delegations or IP fragments can poison cached delegations in Recursor.

[CVE-2026-0398] [Modified: 20-04-2026] [Analyzed] [V3.1 S5.3:MEDIUM] Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.

[CVE-2026-24027] [Modified: 20-04-2026] [Analyzed] [V3.1 S5.3:MEDIUM] Crafted zones can lead to increased incoming network traffic.

[CVE-2026-2240] [Modified: 29-04-2026] [Analyzed] [V3.1 S3.3:LOW] A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is 4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5. A patch should be applied to remediate this issue.

[CVE-2025-66630] [Modified: 28-02-2026] [Analyzed] [V3.1 S9.4:CRITICAL] Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may unknowingly rely on predictable, repeated, or low-entropy identifiers in security-critical pathways. This is especially impactful because many Fiber v2 middleware components (session middleware, CSRF, rate limiting, request-ID generation, etc.) default to using utils.UUIDv4(). This vulnerability is fixed in 2.52.11.

[CVE-2026-2241] [Modified: 29-04-2026] [Analyzed] [V3.1 S3.3:LOW] A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function os_strftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is named 0f285855f0e34f9183956be5f16e045f54626bff. To fix this issue, it is recommended to deploy a patch.

[CVE-2026-2242] [Modified: 29-04-2026] [Analyzed] [V3.1 S3.3:LOW] A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetc_if of the file src/core/specials.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called c43e06672cd9dacf2122c99f362120a17c34b391. It is advisable to implement a patch to correct this issue.

[CVE-2026-23948] [Modified: 10-02-2026] [Analyzed] [V3.1 S7.5:HIGH] FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2() allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability is fixed in 3.22.0.

[CVE-2026-24491] [Modified: 10-02-2026] [Analyzed] [V3.1 S7.5:HIGH] FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, video_timer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. This vulnerability is fixed in 3.22.0.