Current Conditions
São Paulo
nublado

15 ℃
83%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 23:30:02
  1. [USD] USD 61,419.05
  1. [BRL] BRL 318,875.41 [USD] USD 61,419.05 [GBP] GBP 45,910.74 [EUR] EUR 53,218.38
    Price index provided by blockchain.info.
  2. After Bitcoin Core 0.14.0 and before Bitcoin Core 29.0, validating a specially-crafted block may cause the node to access previously freed memory.
    During validation, necessary data required for checking inputs for each transaction is pre-calculated and cached. For specially crafted invalid blocks, it was possible for this data to be destroyed while it was still being accessed by a background validation thread. An attacker capable of mining a block with sufficient proof-of-work could have exploited this to crash victim nodes. Because of the nature of use-after-free bugs, it is possible that the crash could have been used for remote code execution, though constraints on the input (block) data make this unlikely.
    This issue is considered High severity.

    Details

    By default, script validation for new blocks is dispatched to background threads via a vector of CScriptCheck functors. Each CScriptCheck holds a pointer to a PrecomputedTransactionData object which stores some data needed by each input in the transaction. Because it stores a pointer and not the data itself, care must be taken to ensure that the PrecomputedTransactionData outlives the CScriptCheck.
    The script checks lifetime is enforced by an RAII class, CCheckQueueControl. However, the control is intantiated before the precomputed transaction data. Because local objects in C++ are destructed in reverse order of construction, this means the vector of PrecomputedTransactionData is destroyed before the CCheckQueueControl.
    This is not an issue when the block is valid, as CCheckQueueControl::Wait() will be called before the function returns and the PrecomputedTransactionData gets destroyed. However, in case of an early return (when a separate check fails) a background script thread may read the precomputed transaction data after it was destroyed. An attacker could exploit this to crash victim nodes at the expense of a valid PoW at tip.

    Attribution

    Cory Fields (MIT DCI) discovered this vulnerability and responsibly disclosed it in a detailed report containing a proof of concept for reproduction and a proposed mitigation.

    Timeline

    • 2024-11-02 Cory Fields privately reports the bug
    • 2024-11-06 Pieter Wuille pushes a covert fix to already open PR #31112 which works around the issue by removing the early returns
    • 2024-12-03 PR #31112 is merged
    • 2025-04-12 Bitcoin Core version 29.0 is released with a fix
    • 2026-04-19 The last vulnerable Bitcoin Core version (28.x) goes end of life
    • 2026-05-05 Public disclosure.

[CVE-2025-15318] [Modified: 09-03-2026] [Analyzed] [V3.1 S5.5:MEDIUM] Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools.

[CVE-2025-15319] [Modified: 09-03-2026] [Analyzed] [V3.1 S7.8:HIGH] Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.

[CVE-2026-25893] [Modified: 13-02-2026] [Analyzed] [V3.1 S9.8:CRITICAL] FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to gain administrative access via the heartbeat refresh API and execute arbitrary code on the server. This issue has been patched in FUXA version 1.2.10.

[CVE-2026-25894] [Modified: 13-02-2026] [Analyzed] [V3.1 S9.8:CRITICAL] FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is enabled, but the administrator JWT secret is not configured. This issue has been patched in FUXA version 1.2.10.

[CVE-2026-25895] [Modified: 13-02-2026] [Analyzed] [V3.1 S9.8:CRITICAL] FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows an unauthenticated, remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.

[CVE-2026-25934] [Modified: 20-02-2026] [Analyzed] [V3.1 S4.3:MEDIUM] go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found. For context, clients fetch packfiles from upstream Git servers. Those files contain a checksum of their contents, so that clients can perform integrity checks before consuming it. The pack indexes (.idx) are generated locally by go-git, or the git cli, when new .pack files are received and processed. The integrity checks for both files were not being verified correctly. This vulnerability is fixed in 5.16.5.

[CVE-2026-25938] [Modified: 13-02-2026] [Analyzed] [V3.1 S9.8:CRITICAL] FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA version 1.2.11.

[CVE-2026-25939] [Modified: 13-02-2026] [Analyzed] [V3.1 S9.1:CRITICAL] FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through version 1.2.10, an authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on actions. This has been patched in FUXA version 1.2.11.

[CVE-2026-25951] [Modified: 13-02-2026] [Analyzed] [V3.1 S7.2:HIGH] FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences (e.g., ....//), an attacker can write arbitrary files to the server filesystem, including sensitive directories like runtime/scripts. This leads to Remote Code Execution (RCE) when the server reloads the malicious scripts. This vulnerability is fixed in 1.2.11.

[CVE-2026-25957] [Modified: 24-02-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2.

[CVE-2026-25958] [Modified: 19-02-2026] [Analyzed] [V3.1 S7.7:HIGH] Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in 1.5.13, 1.4.2, and 1.0.14.

[CVE-2025-15310] [Modified: 24-02-2026] [Analyzed] [V3.1 S7.8:HIGH] Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.

[CVE-2025-15313] [Modified: 24-02-2026] [Analyzed] [V3.1 S5.5:MEDIUM] Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS.

[CVE-2025-15314] [Modified: 20-02-2026] [Analyzed] [V3.1 S5.5:MEDIUM] Tanium addressed an arbitrary file deletion vulnerability in end-user-cx.

[CVE-2026-2258] [Modified: 29-04-2026] [Analyzed] [V3.1 S3.3:LOW] A flaw has been found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCollapse in the library dev/src/lobster/wfc.h. Executing a manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been published and may be used. This patch is called c2047a33e1ac2c42ab7e8704b33f7ea518a11ffd. It is advisable to implement a patch to correct this issue.

[CVE-2026-0484] [Modified: 17-02-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the confidentiality and availability.

[CVE-2026-0485] [Modified: 17-02-2026] [Analyzed] [V3.1 S7.5:HIGH] SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, rendering the CMS completely unavailable. Successful exploitation results in a high impact on availability, while confidentiality and integrity remain unaffected.

[CVE-2026-0486] [Modified: 17-02-2026] [Analyzed] [V3.1 S5.0:MEDIUM] In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted.

[CVE-2026-0488] [Modified: 17-02-2026] [Analyzed] [V3.1 S9.9:CRITICAL] An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impact on confidentiality, integrity, and availability.

[CVE-2026-0490] [Modified: 17-02-2026] [Analyzed] [V3.1 S7.5:HIGH] SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high impact on the availability but no impact on the confidentiality and integrity.