fweno.onefour.com.br

Current Conditions
São Paulo
chuva moderada

18 ℃
96%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 02:00:01
  1. [USD] USD 86,672.85
  1. [BRL] BRL 468,198.00 [USD] USD 86,672.85 [GBP] GBP 66,157.82 [EUR] EUR 75,236.89
    Price index provided by blockchain.info.
  2. Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
    This issue is considered Low severity.

    Details

    Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
    This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

    Attribution

    Pieter Wuille discovered this bug and disclosed it responsibly.
    Antoine Poinsot proposed and implemented a covert mitigation.

    Timeline

    • 2025-04-24 - Pieter Wuille reports the issue
    • 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
    • 2025-06-26 - PR #32530 is merged into master
    • 2025-09-04 - Version 29.1 is released with the fix
    • 2025-10-10 - Version 30.0 is released with the fix
    • 2025-10-24 - Public Disclosure

dog - 02:13:12 up 65 days, 10:44, 4 users, load average: 0.00, 0.01, 0.00

Google News

[23/11/2025 18:51] Comida de casa, pão com ovo e visitas: como foram as primeiras horas de Bolsonaro na prisão na PF - O Globo

[23/11/2025 21:36] Médicos de Bolsonaro citam combinação de 3 remédios para "alucinação" - Poder360

[23/11/2025 20:26] Fuga aos EUA foi para “proteger família”, diz mulher de Ramagem - Poder360

[23/11/2025 22:41] Europa apresenta contraproposta aos EUA e entra em conversas sobre Ucrânia - CNN Brasil

[23/11/2025 17:02] 1ª fase da Fuvest é marcada por interdisciplinaridade e cobra Caetano Veloso e uberização - Folha de S.Paulo

[23/11/2025 17:59] Semana começa com chuva forte e temporais em algumas regiões do país; veja a previsão do tempo - Canal Rural

[23/11/2025 15:30] Nikolas descumpriu medida de Moraes e usou celular em visita a Bolsonaro - Estado de Minas

[23/11/2025 10:48] 'A COP foi um sucesso extraordinário', diz Lula no G20 - Revista Oeste

[23/11/2025 16:42] Com Daniela Mercury, Copacabana recebe a 30ª Parada do Orgulho LGBTI+; FOTOS - G1

[23/11/2025 00:16] Homem discursa contra Bolsonaro em vigília e é agredido por apoiadores do ex-presidente - Correio Braziliense

NVD Feed

[CVE-2025-54597] [Modified: 07-08-2025] [Analyzed] [V3.1 S7.2:HIGH] LinuxServer.io Heimdall before 2.7.3 allows XSS via the q parameter.

[CVE-2025-8219] [Modified: 28-08-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. It has been rated as critical. This issue affects some unknown processing of the file /crm/crmapi/erp/tabdetail_moduleSave_dxkp.php of the component HTTP POST Request Handler. The manipulation of the argument getvaluestring leads to sql injection. The attack may be initiated remotely. Upgrading to version 8.6.5.2 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains: "All SQL injection vectors were patched via parameterized queries and input sanitization in v8.6.5+. We strongly advise all customers to upgrade to the current version (v8.6.5.2), which includes this fix and additional security enhancements."

[CVE-2025-8221] [Modified: 31-10-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability classified as problematic was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. Affected by this vulnerability is the function goodsSearch of the file GoodsCustController.java. The manipulation of the argument keyword leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

[CVE-2025-8222] [Modified: 31-10-2025] [Analyzed] [V3.1 S3.5:LOW] A vulnerability, which was classified as problematic, has been found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. Affected by this issue is some unknown functionality of the file GoodsController.java. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. Multiple endpoints are affected.

[CVE-2025-8223] [Modified: 31-10-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability, which was classified as problematic, was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. This affects an unknown part of the file AdminTypeCustController.java. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

[CVE-2025-8224] [Modified: 01-08-2025] [Analyzed] [V3.1 S3.3:LOW] A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.

[CVE-2025-5120] [Modified: 07-08-2025] [Analyzed] [V3.1 S10.0:CRITICAL] A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution (RCE). The vulnerability stems from the local_python_executor.py module, which inadequately restricts Python code execution despite employing static and dynamic checks. Attackers can exploit whitelisted modules and functions to execute arbitrary code, compromising the host system. This flaw undermines the core security boundary intended to isolate untrusted code, posing risks such as unauthorized code execution, data leakage, and potential integration-level compromise. The issue is resolved in version 1.17.0.

[CVE-2025-8225] [Modified: 01-08-2025] [Analyzed] [V3.1 S3.3:LOW] A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.

[CVE-2025-8226] [Modified: 26-08-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been classified as problematic. Affected is an unknown function of the file /sysApp/find. The manipulation of the argument accessKey/secretKey leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component.

[CVE-2025-8227] [Modified: 26-08-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /collect/getArticle. The manipulation of the argument taskUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The patch is named 33d9bb464353015aaaba84e27638ac9a3912795d. It is recommended to upgrade the affected component.

[CVE-2025-8228] [Modified: 26-08-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function getPages of the file /cms/collect/getPages. The manipulation of the argument targetUrl leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component.

[CVE-2025-8229] [Modified: 07-08-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability classified as critical has been found in Campcodes Courier Management System 1.0. This affects an unknown part of the file /parcel_list.php. The manipulation of the argument s leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-8230] [Modified: 06-08-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability classified as critical was found in Campcodes Courier Management System 1.0. This vulnerability affects unknown code of the file /manage_user.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-8231] [Modified: 06-08-2025] [Analyzed] [V3.1 S6.8:MEDIUM] A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

[CVE-2025-8232] [Modified: 05-08-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability, which was classified as critical, was found in code-projects Online Ordering System 1.0. Affected is an unknown function of the file /admin/delete_user.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-8233] [Modified: 05-08-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability has been found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/user.php. The manipulation of the argument un leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-8234] [Modified: 05-08-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_member.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-8235] [Modified: 05-08-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was found in code-projects Online Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/product.php. The manipulation of the argument Name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-8236] [Modified: 05-08-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was found in code-projects Online Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-8237] [Modified: 05-08-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/update_s1.php. The manipulation of the argument credits leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap