fweno.onefour.com.br

Current Conditions
São Paulo
nublado

20 ℃
91%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 17:30:01
  1. [USD] USD 87,920.83
  1. [BRL] BRL 486,483.47 [USD] USD 87,920.83 [GBP] GBP 65,673.26 [EUR] EUR 75,018.10
    Price index provided by blockchain.info.
  2. Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
    This issue is considered Low severity.

    Details

    Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
    This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

    Attribution

    Pieter Wuille discovered this bug and disclosed it responsibly.
    Antoine Poinsot proposed and implemented a covert mitigation.

    Timeline

    • 2025-04-24 - Pieter Wuille reports the issue
    • 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
    • 2025-06-26 - PR #32530 is merged into master
    • 2025-09-04 - Version 29.1 is released with the fix
    • 2025-10-10 - Version 30.0 is released with the fix
    • 2025-10-24 - Public Disclosure

dog - 17:34:10 up 91 days, 2:05, 8 users, load average: 0.00, 0.00, 0.00

Google News

[19/12/2025 13:01] Sóstenes Cavalcante diz ser alvo de perseguição e que dinheiro vivo é de venda de imóvel - Folha de S.Paulo

[19/12/2025 12:48] Votação do Orçamento de 2026 é adiada para a tarde - Portal da Câmara dos Deputados

[19/12/2025 12:17] Lançamento de foguete no CLA será transmitido ao vivo - fab.mil.br

[19/12/2025 11:04] Quem assume os mandatos de Eduardo Bolsonaro e Alexandre Ramagem, cassados pela Mesa da Câmara? - O Globo

[19/12/2025 10:02] IBGE: 25 municípios concentram mais de um terço do PIB brasileiro - Agência Brasil

[19/12/2025 14:47] Moraes nega recurso de Bolsonaro contra condenação por trama golpista - Agência Brasil

[19/12/2025 11:10] Adeus, prazos: Chegada do recesso forense vira meme nas redes sociais - Migalhas

[18/12/2025 15:32] PL da Dosimetria: Lula diz que vetará projeto de redução de penas que beneficia Bolsonaro - BBC

[18/12/2025 19:39] STF reconhece racismo estrutural e manda governo criar plano de combate - CNN Brasil

[19/12/2025 09:01] Trump diz que não descarta guerra com a Venezuela, durante entrevista - CNN Brasil

NVD Feed

[CVE-2025-43755] [Modified: 12-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 t through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.13, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScript into the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_type parameter.

[CVE-2025-43756] [Modified: 12-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] <!--td {border: 1px solid #cccccc;}br {mso-data-placement:same-cell;}-->A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.15, 2025.Q2.0 through 2025.Q2.2 and 2024.Q1.13 through 2024.Q1.19 allows a remote authenticated user to inject JavaScript code via snippet parameter.

[CVE-2025-55521] [Modified: 10-09-2025] [Analyzed] [V3.1 S6.5:MEDIUM] An issue in the component /settings/localisation of Akaunting v3.1.18 allows authenticated attackers to cause a Denial of Service (DoS) via a crafted POST request.

[CVE-2025-55522] [Modified: 10-09-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Cross-site scripting (XSS) vulnerability in the component /common/reports of Akaunting v3.1.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter.

[CVE-2025-57761] [Modified: 22-08-2025] [Analyzed] [V3.1 S8.8:HIGH] WeGIA is a Web manager for charitable institutions. Prior to 3.4.10, there is a SQL Injection vulnerability in the /html/funcionario/dependente_remover.php endpoint, specifically in the id_funcionario parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.4.10.

[CVE-2025-57762] [Modified: 22-08-2025] [Analyzed] [V3.1 S6.1:MEDIUM] WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Stored Cross-Site Scripting (XSS) vulnerability in the dependente_docdependente.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the nome parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.4.7.

[CVE-2025-57763] [Modified: 22-08-2025] [Analyzed] [V3.1 S6.1:MEDIUM] WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Reflected Cross-Site Scripting (XSS) vulnerability in the insere_despacho.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the cpf sccs. This vulnerability is fixed in 3.4.7.

[CVE-2025-57764] [Modified: 22-08-2025] [Analyzed] [V3.1 S6.5:MEDIUM] WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the cargos.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_e parameter. This vulnerability is fixed in 3.4.7.

[CVE-2025-57765] [Modified: 22-08-2025] [Analyzed] [V3.1 S6.5:MEDIUM] WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the pre_cadastro_adotante.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_e parameter. This vulnerability is fixed in 3.4.7.

[CVE-2025-6465] [Modified: 02-10-2025] [Analyzed] [V3.1 S4.3:MEDIUM] Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs.

[CVE-2025-8402] [Modified: 01-10-2025] [Analyzed] [V3.1 S4.9:MEDIUM] Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature.

[CVE-2025-9309] [Modified: 25-08-2025] [Analyzed] [V3.1 S2.5:LOW] A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made public and could be used.

[CVE-2025-9310] [Modified: 12-09-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Affected by this vulnerability is an unknown functionality of the file /carRental_war/druid/login.html of the component Druid. Executing manipulation can lead to hard-coded credentials. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

[CVE-2025-9311] [Modified: 22-08-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was identified in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /fair/addfair.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

[CVE-2025-43754] [Modified: 12-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Username enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows attackers to determine if an account exist in the application by inspecting the server processing time of the login request.

[CVE-2025-7051] [Modified: 08-09-2025] [Analyzed] [V3.1 S8.3:HIGH] On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2.

[CVE-2025-38742] [Modified: 10-09-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

[CVE-2025-38743] [Modified: 03-09-2025] [Analyzed] [V3.1 S7.8:HIGH] Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

[CVE-2010-20121] [Modified: 10-09-2025] [Analyzed] [V3.1 S9.8:CRITICAL] EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to properly validate the length of the input string, allowing attackers to overwrite memory on the stack. This flaw enables remote code execution without authentication, as EasyFTP allows anonymous access by default. The vulnerability was resolved in version 1.7.0.12, after which the product was renamed “UplusFtp.”

[CVE-2025-53763] [Modified: 25-08-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap