fweno.onefour.com.br

Current Conditions
São Paulo
céu limpo

29 ℃
53%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 09:30:01
  1. [USD] USD 88,635.10
  1. [BRL] BRL 492,846.64 [USD] USD 88,635.10 [GBP] GBP 65,696.78 [EUR] EUR 75,270.79
    Price index provided by blockchain.info.
  2. Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
    This issue is considered Low severity.

    Details

    Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
    This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

    Attribution

    Pieter Wuille discovered this bug and disclosed it responsibly.
    Antoine Poinsot proposed and implemented a covert mitigation.

    Timeline

    • 2025-04-24 - Pieter Wuille reports the issue
    • 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
    • 2025-06-26 - PR #32530 is merged into master
    • 2025-09-04 - Version 29.1 is released with the fix
    • 2025-10-10 - Version 30.0 is released with the fix
    • 2025-10-24 - Public Disclosure

dog - 09:38:35 up 97 days, 18:09, 8 users, load average: 0.04, 0.02, 0.00

Google News

[25/12/2025 20:05] SP tem recorde de calor; Inmet alerta para altas temperaturas no país - Correio Braziliense

[25/12/2025 22:36] Milei reposta publicação de Flávio sobre a carta de Bolsonaro - Poder360

[25/12/2025 14:48] Cirurgia de Bolsonaro: três pontos sobre oitava cirurgia de ex-presidente desde facada - BBC

[25/12/2025 17:42] Acareação no STF deve mirar atuação do Banco Central na liquidação do Master - O Globo

[25/12/2025 20:43] Excesso de calor atinge 22 cidades do Rio durante feriado de Natal - G1

[25/12/2025 16:48] Lula quer expulsão de servidor que agrediu mulher e criança no DF - Agência Brasil

[26/12/2025 08:28] Com calor recorde em SP, moradores sofrem com a falta de água - UOL Notícias

[25/12/2025 10:47] Morte após 25 dias internada: relembre caso de jovem arrastada na Marginal - CNN Brasil

[25/12/2025 05:03] Previsão para os próximos 5 dias (25/12) - Secretaria de Estado da Proteção e Defesa Civil

[25/12/2025 20:52] Trump anuncia ataques dos EUA contra militantes do Estado Islâmico na Nigéria - Jovem Pan

NVD Feed

[CVE-2025-54540] [Modified: 08-09-2025] [Analyzed] [V3.1 S6.1:MEDIUM] QuickCMS is vulnerable to Reflected XSS via sSort parameter in admin's panel functionality. A malicious attacker can craft a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

[CVE-2025-54541] [Modified: 08-09-2025] [Analyzed] [V3.1 S4.3:MEDIUM] QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request deleting an article. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

[CVE-2025-54542] [Modified: 08-09-2025] [Analyzed] [V3.1 S5.5:MEDIUM] QuickCMS sends password and login via GET Request. This allows a local attacker with access to the victim's browser history to obtain the necessary credentials to log in as the user. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

[CVE-2025-54543] [Modified: 08-09-2025] [Analyzed] [V3.1 S4.8:MEDIUM] QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add JavaScript into the website. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

[CVE-2025-54544] [Modified: 08-09-2025] [Analyzed] [V3.1 S4.8:MEDIUM] QuickCMS is vulnerable to Stored XSS via aDirFilesDescriptions parameter in files editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add JavaScript into the website. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

[CVE-2025-55175] [Modified: 08-09-2025] [Analyzed] [V3.1 S6.1:MEDIUM] QuickCMS is vulnerable to Reflected XSS via sLangEdit parameter in admin's panel functionality. A malicious attacker can craft a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

[CVE-2025-58123] [Modified: 23-09-2025] [Analyzed] [V3.1 S4.8:MEDIUM] Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in MitM position to intercept traffic.

[CVE-2025-58124] [Modified: 23-09-2025] [Analyzed] [V3.1 S4.8:MEDIUM] Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic.

[CVE-2025-58125] [Modified: 23-09-2025] [Analyzed] [V3.1 S4.8:MEDIUM] Improper Certificate Validation in Checkmk Exchange plugin Freebox v6 agent allows attackers in MitM position to intercept traffic.

[CVE-2025-58126] [Modified: 23-09-2025] [Analyzed] [V3.1 S4.8:MEDIUM] Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN allows attackers in MitM position to intercept traffic.

[CVE-2025-58127] [Modified: 23-09-2025] [Analyzed] [V3.1 S4.8:MEDIUM] Improper Certificate Validation in Checkmk Exchange plugin Dell Powerscale allows attackers in MitM position to intercept traffic.

[CVE-2024-49790] [Modified: 26-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

[CVE-2025-51967] [Modified: 09-09-2025] [Analyzed] [V3.1 S6.1:MEDIUM] A Reflected Cross-site Scripting (XSS) vulnerability exists in the themeSet.php file of ProjectsAndPrograms School Management System 1.0. The application fails to sanitize user-supplied input in the theme POST parameter, allowing an attacker to inject and execute arbitrary JavaScript in a victim's browser.

[CVE-2025-51968] [Modified: 09-09-2025] [Analyzed] [V3.1 S6.5:MEDIUM] A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST parameter, allowing attackers to inject arbitrary SQL expressions.

[CVE-2025-51969] [Modified: 09-09-2025] [Analyzed] [V3.1 S6.5:MEDIUM] A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the product_id GET parameter, which is not properly validated before being included in a SQL statement.

[CVE-2025-51971] [Modified: 09-09-2025] [Analyzed] [V3.1 S5.4:MEDIUM] A reflected Cross-Site Scripting (XSS) vulnerability exists in register.php of PuneethReddyHC Online Shopping System Advanced 1.0. Unsanitized user input in the f_name parameter is reflected in the server response without proper HTML encoding or output escaping. This allows remote attackers to inject arbitrary JavaScript code.

[CVE-2025-51972] [Modified: 09-09-2025] [Analyzed] [V3.1 S6.5:MEDIUM] A SQL Injection vulnerability exists in the login.php of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter.

[CVE-2025-52054] [Modified: 09-09-2025] [Analyzed] [V3.1 S5.3:MEDIUM] An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wireless Router AC8v4.0 Firmware 16.03.33.05. The root password of the device is calculated with a static string and the last two octets of the MAC address of the device. This allows an unauthenticated attacker to authenticate with network services on the device.

[CVE-2025-55583] [Modified: 09-09-2025] [Analyzed] [V3.1 S9.8:CRITICAL] D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The endpoint /dws/api/UploadFile accepts a pre_api_arg parameter that is passed directly to system-level shell execution functions without sanitization or authentication. Remote attackers can exploit this to execute arbitrary commands as root via crafted HTTP requests.

[CVE-2025-56236] [Modified: 09-09-2025] [Analyzed] [V3.1 S6.1:MEDIUM] FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser context.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap