Current Conditions
São Paulo
nublado

26 ℃
73%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 10:30:01
  1. [USD] USD 72,507.99
  1. [BRL] BRL 367,376.21 [USD] USD 72,507.99 [GBP] GBP 53,815.64 [EUR] EUR 61,899.13
    Price index provided by blockchain.info.
  2. Bitcoin Core version 28.4 is now available for download. See the release notes for more information about the bug fixes in this release.
    If you have any questions, please stop by the #bitcoin IRC chatroom (IRC, web) and we’ll do our best to help you.

[CVE-2024-56464] [Modified: 15-12-2025] [Analyzed] [V3.1 S2.7:LOW] IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update.

[CVE-2025-10573] [Modified: 11-12-2025] [Analyzed] [V3.1 S9.6:CRITICAL] Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.

[CVE-2025-12381] [Modified: 17-12-2025] [Analyzed] [V3.1 S7.8:HIGH] Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file.  This issue affects Firewall Analyzer: A33.0, A33.10.

[CVE-2025-12558] [Modified: 11-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via the 'get_attachment_sizes' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the path and meta data of private attachments, which can be used to view the attachments.

[CVE-2025-13428] [Modified: 03-02-2026] [Analyzed] [V3.1 S7.2:HIGH] A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution (RCE) in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containing a malicious setup.py file, which would execute on the server during the installation process, leading to potential server compromise. No customer action is required. All customers have been automatically upgraded to the fixed version: 6.3.64 or higher.

[CVE-2025-13659] [Modified: 11-12-2025] [Analyzed] [V3.1 S8.8:HIGH] Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.

[CVE-2025-13661] [Modified: 11-12-2025] [Analyzed] [V3.1 S7.1:HIGH] Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required.

[CVE-2025-13662] [Modified: 11-12-2025] [Analyzed] [V3.1 S7.8:HIGH] Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required.

[CVE-2025-14284] [Modified: 31-12-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting (XSS) due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript code in the context of the application by injecting a javascript: URL payload into these attributes, which is then triggered either by user interaction.

[CVE-2025-14286] [Modified: 11-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-14307] [Modified: 05-01-2026] [Analyzed] [V3.1 S8.1:HIGH] An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.

[CVE-2025-14308] [Modified: 05-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the data length, leading to potential unauthorized code execution.

[CVE-2025-14322] [Modified: 10-12-2025] [Analyzed] [V3.1 S8.0:HIGH] Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

[CVE-2025-14323] [Modified: 10-12-2025] [Analyzed] [V3.1 S8.8:HIGH] Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

[CVE-2025-14328] [Modified: 10-12-2025] [Analyzed] [V3.1 S8.8:HIGH] Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

[CVE-2025-14329] [Modified: 10-12-2025] [Analyzed] [V3.1 S8.8:HIGH] Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

[CVE-2025-14331] [Modified: 10-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

[CVE-2025-14332] [Modified: 10-12-2025] [Analyzed] [V3.1 S7.3:HIGH] Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146 and Thunderbird < 146.

[CVE-2025-14345] [Modified: 11-12-2025] [Analyzed] [V3.1 S4.2:MEDIUM] A post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short period of time. This error can cause the transaction coordination logic to misinterpret the transaction as committed, resulting in inconsistent state on those shards. This may lead to low integrity and availability impact. This issue impacts MongoDB Server v8.0 versions prior to 8.0.16, MongoDB Server v7.0 versions prior to 7.0.26 and MongoDB server v8.2 versions prior to 8.2.2.

[CVE-2025-40806] [Modified: 02-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack with valid users.