Current Conditions
São Paulo
nublado

18 ℃
81%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 17:00:02
  1. [USD] USD 65,352.40
  1. [BRL] BRL 332,414.99 [USD] USD 65,352.40 [GBP] GBP 48,701.00 [EUR] EUR 56,348.15
    Price index provided by blockchain.info.
  2. After Bitcoin Core 0.14.0 and before Bitcoin Core 29.0, validating a specially-crafted block may cause the node to access previously freed memory.
    During validation, necessary data required for checking inputs for each transaction is pre-calculated and cached. For specially crafted invalid blocks, it was possible for this data to be destroyed while it was still being accessed by a background validation thread. An attacker capable of mining a block with sufficient proof-of-work could have exploited this to crash victim nodes. Because of the nature of use-after-free bugs, it is possible that the crash could have been used for remote code execution, though constraints on the input (block) data make this unlikely.
    This issue is considered High severity.

    Details

    By default, script validation for new blocks is dispatched to background threads via a vector of CScriptCheck functors. Each CScriptCheck holds a pointer to a PrecomputedTransactionData object which stores some data needed by each input in the transaction. Because it stores a pointer and not the data itself, care must be taken to ensure that the PrecomputedTransactionData outlives the CScriptCheck.
    The script checks lifetime is enforced by an RAII class, CCheckQueueControl. However, the control is intantiated before the precomputed transaction data. Because local objects in C++ are destructed in reverse order of construction, this means the vector of PrecomputedTransactionData is destroyed before the CCheckQueueControl.
    This is not an issue when the block is valid, as CCheckQueueControl::Wait() will be called before the function returns and the PrecomputedTransactionData gets destroyed. However, in case of an early return (when a separate check fails) a background script thread may read the precomputed transaction data after it was destroyed. An attacker could exploit this to crash victim nodes at the expense of a valid PoW at tip.

    Attribution

    Cory Fields (MIT DCI) discovered this vulnerability and responsibly disclosed it in a detailed report containing a proof of concept for reproduction and a proposed mitigation.

    Timeline

    • 2024-11-02 Cory Fields privately reports the bug
    • 2024-11-06 Pieter Wuille pushes a covert fix to already open PR #31112 which works around the issue by removing the early returns
    • 2024-12-03 PR #31112 is merged
    • 2025-04-12 Bitcoin Core version 29.0 is released with a fix
    • 2026-04-19 The last vulnerable Bitcoin Core version (28.x) goes end of life
    • 2026-05-05 Public disclosure.

[CVE-2020-37103] [Modified: 09-02-2026] [Analyzed] [V3.1 S6.4:MEDIUM] DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially bypassing CSRF protections and performing more damaging attacks.

[CVE-2020-37110] [Modified: 18-02-2026] [Analyzed] [V3.1 S8.2:HIGH] 60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modify database contents. This issue does not involve cross-site scripting.

[CVE-2020-37111] [Modified: 18-02-2026] [Analyzed] [V3.1 S6.1:MEDIUM] 60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's browsers. This issue does not involve SQL injection.

[CVE-2020-37112] [Modified: 12-02-2026] [Analyzed] [V3.1 S7.1:HIGH] GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information using error-based or time-based injection techniques.

[CVE-2020-37113] [Modified: 12-02-2026] [Analyzed] [V3.1 S8.8:HIGH] GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature.

[CVE-2020-37114] [Modified: 10-02-2026] [Analyzed] [V3.1 S4.3:MEDIUM] GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can retrieve system info, version info, and view or download other users' files without proper authorization.

[CVE-2020-37115] [Modified: 10-02-2026] [Analyzed] [V3.1 S6.5:MEDIUM] GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access.

[CVE-2020-37116] [Modified: 10-02-2026] [Analyzed] [V3.1 S8.8:HIGH] GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise.

[CVE-2025-46651] [Modified: 10-02-2026] [Analyzed] [V3.1 S4.3:MEDIUM] Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted requests to localhost by using http://www.127.0.0.1.example.com/ or a similarly constructed domain name. This may lead to unauthorized port scanning or access to internal-only services.

[CVE-2025-52626] [Modified: 25-04-2026] [Analyzed] [V3.1 S4.5:MEDIUM] A Potential Command Injection vulnerability in HCL AION.  An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0

[CVE-2025-52627] [Modified: 25-04-2026] [Analyzed] [V3.1 S5.5:MEDIUM] Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.

[CVE-2025-52629] [Modified: 27-04-2026] [Analyzed] [V3.1 S3.7:LOW] HCL AION is susceptible to Missing Content-Security-Policy.  An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0.

[CVE-2025-57529] [Modified: 10-02-2026] [Analyzed] [V3.1 S9.8:CRITICAL] YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could lead to unauthorized data access

[CVE-2025-58340] [Modified: 05-02-2026] [Analyzed] [V3.1 S6.2:MEDIUM] An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/send_delts write operation, leading to kernel memory exhaustion.

[CVE-2025-58341] [Modified: 05-02-2026] [Analyzed] [V3.1 S6.2:MEDIUM] An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/ap_cert_disable_ht_vht write operation, leading to kernel memory exhaustion.

[CVE-2025-58342] [Modified: 05-02-2026] [Analyzed] [V3.1 S6.2:MEDIUM] An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/uapsd write operation, leading to kernel memory exhaustion.

[CVE-2025-58344] [Modified: 05-02-2026] [Analyzed] [V3.1 S6.2:MEDIUM] An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation in a /proc/driver/unifi0/conn_log_event_burst_to_us write operation, leading to kernel memory exhaustion.

[CVE-2025-59439] [Modified: 05-02-2026] [Analyzed] [V3.1 S7.5:HIGH] An issue was discovered in Samsung Mobile Processor, Wearable Processor and Modem Exynos 980, 990, 850, 1080, 9110, W920, W930, W1000 and Modem 5123. Incorrect handling of NAS Registration messages leads to a Denial of Service because of Improper Handling of Exceptional Conditions.

[CVE-2025-60865] [Modified: 10-02-2026] [Analyzed] [V3.1 S7.8:HIGH] Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component.

[CVE-2025-61506] [Modified: 11-02-2026] [Analyzed] [V3.1 S9.8:CRITICAL] An issue was discovered in MediaCrush thru 1.0.1 allowing remote unauthenticated attackers to upload arbitrary files of any size to the /upload endpoint.