Current Conditions
São Paulo
nuvens quebradas

19 ℃
98%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 02:30:01
  1. [USD] USD 69,935.21
  1. [BRL] BRL 361,152.41 [USD] USD 69,935.21 [GBP] GBP 51,996.06 [EUR] EUR 60,131.69
    Price index provided by blockchain.info.
  2. Bitcoin Core version 29.3 is now available for download. See the release notes for more information about the bug fixes in this release.
    If you have any questions, please stop by the #bitcoin IRC chatroom (IRC, web) and we’ll do our best to help you.

[CVE-2025-11996] [Modified: 22-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] The Find Unused Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the fui_delete_image() and fui_delete_all_images() functiosn in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to delete all of a site's attachments.

[CVE-2025-12019] [Modified: 22-12-2025] [Analyzed] [V3.1 S4.4:MEDIUM] The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

[CVE-2025-4645] [Modified: 24-11-2025] [Analyzed] [V3.1 S6.7:MEDIUM] An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

[CVE-2025-5452] [Modified: 24-11-2025] [Analyzed] [V3.1 S6.6:MEDIUM] A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

[CVE-2025-5454] [Modified: 24-11-2025] [Analyzed] [V3.1 S6.4:MEDIUM] An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

[CVE-2025-5718] [Modified: 24-11-2025] [Analyzed] [V3.1 S6.8:MEDIUM] The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

[CVE-2025-6298] [Modified: 21-01-2026] [Analyzed] [V3.1 S6.7:MEDIUM] ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

[CVE-2025-6779] [Modified: 24-11-2025] [Analyzed] [V3.1 S6.7:MEDIUM] An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

[CVE-2025-8108] [Modified: 24-11-2025] [Analyzed] [V3.1 S6.7:MEDIUM] An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

[CVE-2025-5317] [Modified: 08-12-2025] [Analyzed] [V3.1 S5.5:MEDIUM] An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the application directory (/Applications/Endpoint Security for Mac.app/) and the related directories within /Library/Bitdefender/AVP without needing the uninstall password.

[CVE-2025-7429] [Modified: 21-11-2025] [Analyzed] [V3.1 S7.3:HIGH] Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report.

[CVE-2017-20210] [Modified: 14-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research.

[CVE-2025-7430] [Modified: 21-11-2025] [Analyzed] [V3.1 S7.3:HIGH] Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report.

[CVE-2025-7632] [Modified: 21-11-2025] [Analyzed] [V3.1 S7.3:HIGH] Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report.

[CVE-2025-7633] [Modified: 24-11-2025] [Analyzed] [V3.1 S7.3:HIGH] Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report.

[CVE-2025-41101] [Modified: 17-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in'/projects/save'.

[CVE-2025-41102] [Modified: 17-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/events/save'.

[CVE-2025-41103] [Modified: 17-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'reply_message' in '/messages/reply'.

[CVE-2025-41104] [Modified: 17-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'custom_field_1' in '/estimate_requests/save_estimate_request'.

[CVE-2025-41105] [Modified: 17-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/tickets/save'.