fweno.onefour.com.br

Current Conditions
São Paulo
chuva moderada

20 ℃
97%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 22:30:01
  1. [USD] USD 67,081.65
  1. [BRL] BRL 344,665.52 [USD] USD 67,081.65 [GBP] GBP 49,742.65 [EUR] EUR 56,868.27
    Price index provided by blockchain.info.
  2. Bitcoin Core version 29.3 is now available for download. See the release notes for more information about the bug fixes in this release.
    If you have any questions, please stop by the #bitcoin IRC chatroom (IRC, web) and we’ll do our best to help you.

dog - 22:52:40 up 160 days, 7:23, 8 users, load average: 0.02, 0.01, 0.00

Google News

[26/02/2026 19:49] Mendonça autorizou quebra de sigilo de filho de Lula antes de CPI após pedido da PF - O Globo

[26/02/2026 19:11] Haddad aceita convite de Lula para ser candidato ao governo de SP e Pacheco deve concorrer em Minas - Estadão

[26/02/2026 16:50] Demitido da SPTuris após denúncia tem casa de R$ 4,6 milhões e Porsche - Metrópoles

[26/02/2026 18:14] PF afasta Eduardo Bolsonaro do cargo de escrivão em processo por faltas injustificadas - G1

[26/02/2026 17:18] Pacheco diz a Lula que será candidato ao governo pelo MDB - Estado de Minas

[26/02/2026 18:59] A pesquisa Real Time Big Data sobre a eleição presidencial em 2026 com 8 cenários de 2º turno - CartaCapital

[26/02/2026 14:59] 'Brad Pitt do Irã': Fisiculturista morre 50 dias após ser baleado no olho durante protestos - O Globo

[26/02/2026 19:57] Maduro pede arquivamento de processo criminal nos EUA - CNN Brasil

[26/02/2026 20:08] Imagens de satélite mostram porta-aviões dos EUA no Mar Arábico - CNN Brasil

[25/02/2026 20:18] CIA faz post nas redes para recrutar espiões no Irã em meio às ameaças de Trump ao país - G1

NVD Feed

[CVE-2025-54459] [Modified: 06-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, server variables, and internal file paths.

[CVE-2025-61959] [Modified: 06-11-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could have facilitated reconnaissance by unauthenticated attackers.

[CVE-2025-47912] [Modified: 29-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.

[CVE-2025-58185] [Modified: 06-02-2026] [Analyzed] [V3.1 S5.3:MEDIUM] Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.

[CVE-2025-58187] [Modified: 29-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.

[CVE-2025-58188] [Modified: 29-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.

[CVE-2025-58189] [Modified: 29-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

[CVE-2025-61723] [Modified: 29-01-2026] [Analyzed] [V3.1 S7.5:HIGH] The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.

[CVE-2025-61724] [Modified: 29-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.

[CVE-2025-10926] [Modified: 12-12-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal JSON Field allows Cross-Site Scripting (XSS).This issue affects JSON Field: from 0.0.0 before 1.5.

[CVE-2025-10927] [Modified: 12-12-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Plausible tracking allows Cross-Site Scripting (XSS).This issue affects Plausible tracking: from 0.0.0 before 1.0.2.

[CVE-2025-10928] [Modified: 12-12-2025] [Analyzed] [V3.1 S6.3:MEDIUM] Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5.

[CVE-2025-10929] [Modified: 12-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.

[CVE-2025-10930] [Modified: 12-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.

[CVE-2025-10931] [Modified: 03-12-2025] [Analyzed] [V3.1 S3.8:LOW] Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Umami Analytics allows Cross-Site Scripting (XSS).This issue affects Umami Analytics: from 0.0.0 before 1.0.1.

[CVE-2025-12082] [Modified: 03-12-2025] [Analyzed] [V3.1 S7.5:HIGH] Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.

[CVE-2025-12083] [Modified: 03-12-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting (XSS).This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.

[CVE-2025-12466] [Modified: 04-12-2025] [Analyzed] [V3.1 S7.5:HIGH] Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass.This issue affects Simple OAuth (OAuth2) & OpenID Connect: from 6.0.0 before 6.0.7.

[CVE-2025-62257] [Modified: 10-11-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers to determine a user’s password even if account lockout is enabled via brute force attack.

[CVE-2025-9954] [Modified: 03-12-2025] [Analyzed] [V3.1 S7.5:HIGH] Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing.This issue affects Acquia DAM: from 0.0.0 before 1.1.5.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap