fweno.onefour.com.br

Current Conditions
São Paulo
nuvens quebradas

22 ℃
85%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 00:00:02
  1. [USD] USD 90,299.84
  1. [BRL] BRL 489,763.73 [USD] USD 90,299.84 [GBP] GBP 67,052.68 [EUR] EUR 77,007.70
    Price index provided by blockchain.info.
  2. Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
    This issue is considered Low severity.

    Details

    Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
    This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

    Attribution

    Pieter Wuille discovered this bug and disclosed it responsibly.
    Antoine Poinsot proposed and implemented a covert mitigation.

    Timeline

    • 2025-04-24 - Pieter Wuille reports the issue
    • 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
    • 2025-06-26 - PR #32530 is merged into master
    • 2025-09-04 - Version 29.1 is released with the fix
    • 2025-10-10 - Version 30.0 is released with the fix
    • 2025-10-24 - Public Disclosure

dog - 00:04:06 up 105 days, 8:35, 9 users, load average: 0.00, 0.00, 0.00

Google News

[02/01/2026 14:34] Quem é Filipe Martins, ex-assessor de Bolsonaro preso após usar LinkedIn - CNN Brasil

[02/01/2026 21:40] Júlio Wiziack: Tese de erro do BC no caso Master enfraqueceu, dizem auditores do TCU - UOL Economia

[02/01/2026 14:14] Regras de aposentadoria mudam em 2026; entenda — Instituto Nacional do Seguro Social - INSS - GOV.BR

[02/01/2026 20:08] PF manda Eduardo retornar ao cargo de escrivão: qual salário e função? - UOL Notícias

[02/01/2026 13:23] Marinha emite novo alerta de ressaca para o Rio: ondas podem atingir 3 metros de altura no fim de semana - O Globo

[01/01/2026 17:51] Incêndio na Suíça: Vídeo promocional mostra garrafas com velas pirotécnicas - CNN Brasil

[02/01/2026 18:05] Senador dos EUA critica Moraes por negar domiciliar a Bolsonaro - Gazeta do Povo

[02/01/2026 16:45] Sindipetro-NF recebe informações sobre pouso forcado - Sindipetro NF

[02/01/2026 22:12] Acidente em Pelotas: além das vítimas fatais, 11 seguem feridas - CNN Brasil

[02/01/2026 13:06] Calorão, céu nublado e previsão de chuva marcam primeira sexta-feira do ano; refresco no tempo, só no domingo - Extra online

NVD Feed

[CVE-2025-58179] [Modified: 22-12-2025] [Analyzed] [V3.1 S7.2:HIGH] Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URLs it receives, allowing content from unauthorized third-party domains to be served. a A bug in impacted versions of the @astrojs/cloudflare adapter for deployment on Cloudflare’s infrastructure, allows an attacker to bypass the third-party domain restrictions and serve any content from the vulnerable origin. This issue is fixed in version 12.6.6.

[CVE-2025-58352] [Modified: 18-09-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1.

[CVE-2025-58362] [Modified: 17-09-2025] [Analyzed] [V3.1 S7.5:HIGH] Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs (e.g. Nginx location blocks). The original implementation relied on fixed character offsets when parsing request URLs. Under certain malformed absolute-form Request-URIs, this could lead to incorrect path extraction depending on the application and environment. If proxy ACLs are used to protect sensitive endpoints such as /admin, this flaw could have allowed unauthorized access. The confidentiality impact depends on what data is exposed: if sensitive administrative data is exposed, the impact may be high, otherwise it may be moderate. This issue is fixed in version 4.9.6.

[CVE-2025-58276] [Modified: 11-09-2025] [Analyzed] [V3.1 S6.8:MEDIUM] Permission verification vulnerability in the home screen module Impact: Successful exploitation of this vulnerability may affect availability.

[CVE-2025-58280] [Modified: 11-09-2025] [Analyzed] [V3.1 S8.4:HIGH] Vulnerability of exposing object heap addresses in the Ark eTS module. Impact: Successful exploitation of this vulnerability may affect availability.

[CVE-2025-58281] [Modified: 11-09-2025] [Analyzed] [V3.1 S8.4:HIGH] Out-of-bounds read vulnerability in the runtime interpreter module. Impact: Successful exploitation of this vulnerability may affect availability.

[CVE-2025-58296] [Modified: 11-09-2025] [Analyzed] [V3.1 S7.5:HIGH] Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect function stability.

[CVE-2025-58313] [Modified: 11-09-2025] [Analyzed] [V3.1 S5.1:MEDIUM] Race condition vulnerability in the device standby module. Impact: Successful exploitation of this vulnerability may cause feature exceptions of the device standby module.

[CVE-2025-10011] [Modified: 26-09-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A weakness has been identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/TabelaArredondamento/edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.

[CVE-2025-10012] [Modified: 08-09-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A security vulnerability has been detected in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file educar_historico_escolar_lst.php. Such manipulation of the argument ref_cod_aluno leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

[CVE-2025-10013] [Modified: 08-09-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /exportacao-para-o-seb. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may be used.

[CVE-2024-0028] [Modified: 08-09-2025] [Analyzed] [V3.1 S5.5:MEDIUM] In Audio Service, there is a possible way to obtain MAC addresses of nearby Bluetooth devices due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

[CVE-2025-26434] [Modified: 08-09-2025] [Analyzed] [V3.1 S5.5:MEDIUM] In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

[CVE-2025-26461] [Modified: 08-09-2025] [Analyzed] [V3.1 S3.3:LOW] In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attempts to close the app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

[CVE-2025-32316] [Modified: 08-09-2025] [Analyzed] [V3.1 S5.5:MEDIUM] In gralloc4, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

[CVE-2025-32317] [Modified: 08-09-2025] [Analyzed] [V3.1 S5.5:MEDIUM] In App Widget, there is a possible Information Disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

[CVE-2025-32318] [Modified: 08-09-2025] [Analyzed] [V3.1 S8.8:HIGH] In Skia, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

[CVE-2025-32320] [Modified: 08-09-2025] [Analyzed] [V3.1 S7.8:HIGH] In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

[CVE-2025-10014] [Modified: 31-10-2025] [Analyzed] [V3.1 S3.1:LOW] A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation of the argument id/email can lead to improper authorization. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is said to be difficult. The exploit has been published and may be used. It is required to know the RSA-encrypted password of the attacked user account.

[CVE-2025-30198] [Modified: 23-09-2025] [Analyzed] [V3.1 S6.3:MEDIUM] ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap