Current Conditions
São Paulo
nuvens quebradas

18 ℃
92%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 03:00:02
  1. [USD] USD 89,648.85
  1. [BRL] BRL 474,138.90 [USD] USD 89,648.85 [GBP] GBP 65,700.87 [EUR] EUR 75,803.66
    Price index provided by blockchain.info.
  2. Bitcoin Core version 30.2 is now available for download. See the release notes for more information about the bug fixes in this release.
    If you have any questions, please stop by the #bitcoin IRC chatroom (IRC, web) and we’ll do our best to help you.

[CVE-2025-10996] [Modified: 29-09-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability was detected in Open Babel up to 3.1.1. This issue affects the function OBSmilesParser::ParseSmiles of the file /src/formats/smilesformat.cpp. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit is now public and may be used.

[CVE-2025-10997] [Modified: 29-09-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A flaw has been found in Open Babel up to 3.1.1. Impacted is the function ChemKinFormat::CheckSpecies of the file /src/formats/chemkinformat.cpp. Executing manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used.

[CVE-2025-10998] [Modified: 29-09-2025] [Analyzed] [V3.1 S3.3:LOW] A vulnerability has been found in Open Babel up to 3.1.1. The affected element is the function ChemKinFormat::ReadReactionQualifierLines of the file /src/formats/chemkinformat.cpp. The manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used.

[CVE-2025-10999] [Modified: 29-09-2025] [Analyzed] [V3.1 S3.3:LOW] A vulnerability was found in Open Babel up to 3.1.1. The impacted element is the function CacaoFormat::SetHilderbrandt of the file /src/formats/cacaoformat.cpp. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been made public and could be used.

[CVE-2025-11000] [Modified: 29-09-2025] [Analyzed] [V3.1 S3.3:LOW] A vulnerability was determined in Open Babel up to 3.1.1. This affects the function PQSFormat::ReadMolecule of the file /src/formats/PQSformat.cpp. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-35027] [Modified: 12-01-2026] [Analyzed] [V3.1 S7.3:HIGH] Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi service, an attacker can ultimately trigger commands to be run as root via the wpa_supplicant_restart.sh shell script. All Unitree models use firmware derived from the same codebase (MIT Cheetah), and the two major forks are the G1 (humanoid) and Go2 (quadruped) branches.

[CVE-2025-1396] [Modified: 06-10-2025] [Analyzed] [V3.1 S3.7:LOW] A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validate_username setting. This behavior allows malicious actors to determine which usernames exist in the system based on observable discrepancies in the application's responses. Exploitation of this vulnerability could aid in brute-force attacks, targeted phishing campaigns, or other social engineering techniques by confirming the validity of user identifiers within the system.

[CVE-2025-10858] [Modified: 29-09-2025] [Analyzed] [V3.1 S7.5:HIGH] An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service (DoS) condition while uploading specifically crafted large JSON files.

[CVE-2025-10867] [Modified: 29-09-2025] [Analyzed] [V3.1 S3.5:LOW] An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests.

[CVE-2025-10871] [Modified: 29-09-2025] [Analyzed] [V3.1 S3.8:LOW] An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves elevated privileges.

[CVE-2025-1862] [Modified: 06-10-2025] [Analyzed] [V3.1 S6.7:MEDIUM] An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user-supplied filenames in the BPEL uploader SOAP service endpoint. A malicious actor with administrative privileges can upload arbitrary files to a user-controlled location on the server. By leveraging this vulnerability, an attacker can upload a specially crafted payload and achieve remote code execution (RCE), potentially compromising the server and its data.

[CVE-2025-7691] [Modified: 29-09-2025] [Analyzed] [V3.1 S6.5:MEDIUM] A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access to additional system capabilities.

[CVE-2025-9642] [Modified: 29-09-2025] [Analyzed] [V3.1 S8.7:HIGH] An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could allow an attacker to inject malicious content that may lead to account takeover.

[CVE-2025-10868] [Modified: 29-09-2025] [Analyzed] [V3.1 S3.5:LOW] An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 where certain string conversion methods exhibit performance degradation with large inputs.

[CVE-2025-11042] [Modified: 29-09-2025] [Analyzed] [V3.1 S4.3:MEDIUM] An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while using specific GraphQL queries.

[CVE-2025-5069] [Modified: 29-09-2025] [Analyzed] [V3.1 S3.5:LOW] An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to gain unauthorized access to confidential issues by creating a project with an identical name to the victim's project.

[CVE-2025-11011] [Modified: 16-10-2025] [Analyzed] [V3.1 S3.3:LOW] A vulnerability was found in BehaviorTree up to 4.7.0. Affected by this issue is the function JsonExporter::fromJson of the file /src/json_export.cpp. Performing manipulation of the argument Source results in null pointer dereference. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is named 4b23dcaf0ce951a31299ebdd61df69f9ce99a76d. It is suggested to install a patch to address this issue.

[CVE-2025-11012] [Modified: 16-10-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability was determined in BehaviorTree up to 4.7.0. This affects the function ParseScript of the file /src/script_parser.cpp of the component Diagnostic Message Handler. Executing manipulation of the argument error_msgs_buffer can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called cb6c7514efa628adb8180b58b4c9ccdebbe096e3. A patch should be applied to remediate this issue.

[CVE-2025-11013] [Modified: 16-10-2025] [Analyzed] [V3.1 S3.3:LOW] A vulnerability was identified in BehaviorTree up to 4.7.0. This vulnerability affects the function XMLParser::PImpl::loadDocImpl of the file /src/xml_parsing.cpp of the component XML Parser. The manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit is publicly available and might be used.

[CVE-2025-11014] [Modified: 16-10-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A security flaw has been discovered in OGRECave Ogre up to 14.4.1. This issue affects the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp of the component Image Handler. The manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been released to the public and may be exploited.