Current Conditions
São Paulo
nuvens quebradas

20 ℃
76%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 12:00:02
  1. [USD] USD 66,598.64
  1. [BRL] BRL 353,239.18 [USD] USD 66,598.64 [GBP] GBP 50,094.10 [EUR] EUR 57,531.37
    Price index provided by blockchain.info.
  2. Bitcoin Core version 29.3 is now available for download. See the release notes for more information about the bug fixes in this release.
    If you have any questions, please stop by the #bitcoin IRC chatroom (IRC, web) and we’ll do our best to help you.

[CVE-2024-51317] [Modified: 05-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] An issue in NetSurf v.3.11 allows a remote attacker to execute arbitrary code via the dom_node_normalize function

[CVE-2025-29699] [Modified: 05-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] NetSurf 3.11 is vulnerable to Use After Free in dom_node_set_text_content function.

[CVE-2025-45663] [Modified: 05-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure.

[CVE-2025-63442] [Modified: 05-11-2025] [Analyzed] [V3.1 S4.6:MEDIUM] Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting (XSS) via the Profile Section. The system fails to properly sanitize user input, allowing attackers to inject and execute arbitrary JavaScript when the input is displayed in the browser

[CVE-2025-63443] [Modified: 03-02-2026] [Analyzed] [V3.1 S5.4:MEDIUM] School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter.

[CVE-2025-11761] [Modified: 21-01-2026] [Analyzed] [V3.1 S7.8:HIGH] A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing software updates to mitigate the potential vulnerability.

[CVE-2025-36091] [Modified: 05-11-2025] [Analyzed] [V3.1 S4.3:MEDIUM] IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment.

[CVE-2025-36092] [Modified: 05-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length.

[CVE-2025-36093] [Modified: 05-11-2025] [Analyzed] [V3.1 S4.8:MEDIUM] IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls.

[CVE-2025-60503] [Modified: 03-02-2026] [Analyzed] [V3.1 S8.7:HIGH] A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated attacker to execute arbitrary JavaScript in the context of an administrator's browser session, which could lead to session hijacking or other malicious actions.

[CVE-2025-60785] [Modified: 04-02-2026] [Analyzed] [V3.1 S8.8:HIGH] A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via a crafted HTML page.

[CVE-2025-63446] [Modified: 10-11-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php.

[CVE-2025-63447] [Modified: 07-11-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php.

[CVE-2025-63448] [Modified: 07-11-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1.

[CVE-2025-63449] [Modified: 07-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php.

[CVE-2025-63450] [Modified: 07-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php.

[CVE-2025-63451] [Modified: 07-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php.

[CVE-2025-63452] [Modified: 07-11-2025] [Analyzed] [V3.1 S9.4:CRITICAL] Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php.

[CVE-2025-63453] [Modified: 07-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php.

[CVE-2025-10280] [Modified: 12-11-2025] [Analyzed] [V3.1 S7.1:HIGH] IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels including 8.3p5, and all prior versions allows some IdentityIQ web services that provide non-HTML content to be accessed via a URL path that will set the Content-Type to HTML allowing a requesting browser to interpret content not properly escaped to prevent Cross-Site Scripting (XSS).