fweno.onefour.com.br

Current Conditions
São Paulo
nuvens quebradas

21 ℃
78%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 16:30:01
  1. [USD] USD 87,473.01
  1. [BRL] BRL 472,704.12 [USD] USD 87,473.01 [GBP] GBP 66,877.92 [EUR] EUR 75,943.01
    Price index provided by blockchain.info.
  2. Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
    This issue is considered Low severity.

    Details

    Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
    This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

    Attribution

    Pieter Wuille discovered this bug and disclosed it responsibly.
    Antoine Poinsot proposed and implemented a covert mitigation.

    Timeline

    • 2025-04-24 - Pieter Wuille reports the issue
    • 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
    • 2025-06-26 - PR #32530 is merged into master
    • 2025-09-04 - Version 29.1 is released with the fix
    • 2025-10-10 - Version 30.0 is released with the fix
    • 2025-10-24 - Public Disclosure

dog - 16:42:22 up 65 days, 1:13, 4 users, load average: 0.01, 0.01, 0.00

Google News

[23/11/2025 12:54] Bolsonaro tem prisão preventiva mantida pelo STF e diz que teve 'alucinação' ao violar tornozeleira eletrônica - O Globo

[23/11/2025 12:35] Mulher de Ramagem comenta fuga do marido e ida da família para os EUA: 'Perseguição política desumana' - O Globo

[23/11/2025 09:46] Com Bolsonaro na PF, Moraes prepara últimos atos para decretar cumprimento da pena - Estado de Minas

[23/11/2025 10:13] Homem agredido em vigília pró-Bolsonaro é de grupo evangélico de Janja - Poder360

[23/11/2025 11:03] Ausências no G20 não enfraquecem o encontro, diz Lula - CartaCapital

[23/11/2025 07:35] Defesa Civil emite alerta para tempestades e risco de deslizamentos em São Paulo - Jovem Pan

[23/11/2025 15:30] Nikolas descumpriu medida de Moraes e usou celular em visita a Bolsonaro - Estado de Minas

[23/11/2025 13:08] Imagens mostram homem em trilha do Matadeiro antes de atacar mulher - CNN Brasil

[23/11/2025 13:15] Plano da Europa para guerra na Ucrânia inclui cessão de território à Rússia - CNN Brasil

[22/11/2025 19:26] Pelo menos três companhias aéreas cancelam voos para a Venezuela em meio a planos de nova fase de operação dos EUA, diz agência - O Globo

NVD Feed

[CVE-2025-8204] [Modified: 31-07-2025] [Analyzed] [V3.1 S3.1:LOW] A vulnerability classified as problematic was found in Comodo Dragon up to 134.0.6998.179. Affected by this vulnerability is an unknown functionality of the component HSTS Handler. The manipulation leads to security check for standard. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-8205] [Modified: 31-07-2025] [Analyzed] [V3.1 S3.7:LOW] A vulnerability, which was classified as problematic, has been found in Comodo Dragon up to 134.0.6998.179. Affected by this issue is some unknown functionality of the component IP DNS Leakage Detector. The manipulation leads to cleartext transmission of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-8206] [Modified: 31-07-2025] [Analyzed] [V3.1 S3.1:LOW] A vulnerability, which was classified as problematic, was found in Comodo Dragon up to 134.0.6998.179. This affects an unknown part of the component IP DNS Leakage Detector. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-8207] [Modified: 31-07-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability was found in Canara ai1 Mobile Banking App 3.6.23 on Android and classified as problematic. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.canarabank.mobility. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-8210] [Modified: 26-08-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability was found in Yeelink Yeelight App up to 3.5.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component com.yeelight.cherry. The manipulation leads to improper export of android application components. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-8211] [Modified: 31-07-2025] [Analyzed] [V3.1 S3.5:LOW] A vulnerability was found in Roothub up to 2.6. It has been declared as problematic. Affected by this vulnerability is the function Edit of the file src/main/java/cn/roothub/web/admin/SystemConfigAdminController.java. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-54597] [Modified: 07-08-2025] [Analyzed] [V3.1 S7.2:HIGH] LinuxServer.io Heimdall before 2.7.3 allows XSS via the q parameter.

[CVE-2025-8219] [Modified: 28-08-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. It has been rated as critical. This issue affects some unknown processing of the file /crm/crmapi/erp/tabdetail_moduleSave_dxkp.php of the component HTTP POST Request Handler. The manipulation of the argument getvaluestring leads to sql injection. The attack may be initiated remotely. Upgrading to version 8.6.5.2 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains: "All SQL injection vectors were patched via parameterized queries and input sanitization in v8.6.5+. We strongly advise all customers to upgrade to the current version (v8.6.5.2), which includes this fix and additional security enhancements."

[CVE-2025-8221] [Modified: 31-10-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability classified as problematic was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. Affected by this vulnerability is the function goodsSearch of the file GoodsCustController.java. The manipulation of the argument keyword leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

[CVE-2025-8222] [Modified: 31-10-2025] [Analyzed] [V3.1 S3.5:LOW] A vulnerability, which was classified as problematic, has been found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. Affected by this issue is some unknown functionality of the file GoodsController.java. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. Multiple endpoints are affected.

[CVE-2025-8223] [Modified: 31-10-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability, which was classified as problematic, was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. This affects an unknown part of the file AdminTypeCustController.java. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

[CVE-2025-8224] [Modified: 01-08-2025] [Analyzed] [V3.1 S3.3:LOW] A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.

[CVE-2025-5120] [Modified: 07-08-2025] [Analyzed] [V3.1 S10.0:CRITICAL] A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution (RCE). The vulnerability stems from the local_python_executor.py module, which inadequately restricts Python code execution despite employing static and dynamic checks. Attackers can exploit whitelisted modules and functions to execute arbitrary code, compromising the host system. This flaw undermines the core security boundary intended to isolate untrusted code, posing risks such as unauthorized code execution, data leakage, and potential integration-level compromise. The issue is resolved in version 1.17.0.

[CVE-2025-8225] [Modified: 01-08-2025] [Analyzed] [V3.1 S3.3:LOW] A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.

[CVE-2025-8226] [Modified: 26-08-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been classified as problematic. Affected is an unknown function of the file /sysApp/find. The manipulation of the argument accessKey/secretKey leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component.

[CVE-2025-8227] [Modified: 26-08-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /collect/getArticle. The manipulation of the argument taskUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The patch is named 33d9bb464353015aaaba84e27638ac9a3912795d. It is recommended to upgrade the affected component.

[CVE-2025-8228] [Modified: 26-08-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function getPages of the file /cms/collect/getPages. The manipulation of the argument targetUrl leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component.

[CVE-2025-8229] [Modified: 07-08-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability classified as critical has been found in Campcodes Courier Management System 1.0. This affects an unknown part of the file /parcel_list.php. The manipulation of the argument s leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-8230] [Modified: 06-08-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability classified as critical was found in Campcodes Courier Management System 1.0. This vulnerability affects unknown code of the file /manage_user.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-8231] [Modified: 06-08-2025] [Analyzed] [V3.1 S6.8:MEDIUM] A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap