Current Conditions
São Paulo
céu pouco nublado

15 ℃
90%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 05:30:01
  1. [USD] USD 76,398.78
  1. [BRL] BRL 378,410.80 [USD] USD 76,398.78 [GBP] GBP 56,607.22 [EUR] EUR 64,946.14
    Price index provided by blockchain.info.
  2. Bitcoin Core version 31.0 is now available for download. See the release notes for more information about the bug fixes in this release.
    If you have any questions, please stop by the #bitcoin IRC chatroom (IRC, web) and we’ll do our best to help you.

[CVE-2025-11540] [Modified: 15-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Path Traversal vulnerability in Sharp Display Solutions projectors allows a attacker may access and read any files within the projector.

[CVE-2025-11541] [Modified: 15-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.

[CVE-2025-11542] [Modified: 15-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.

[CVE-2025-11543] [Modified: 15-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.

[CVE-2025-12049] [Modified: 15-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the authoring software to the affected product without authentication.

[CVE-2025-15012] [Modified: 24-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. This manipulation of the argument a causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-12514] [Modified: 26-01-2026] [Analyzed] [V3.1 S7.2:HIGH] Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.

[CVE-2025-54890] [Modified: 26-01-2026] [Analyzed] [V3.1 S6.8:MEDIUM] Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hostgroup configuration page) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19, from 23.10.0 before 23.10.29.

[CVE-2025-8460] [Modified: 26-01-2026] [Analyzed] [V3.1 S6.8:MEDIUM] Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.

[CVE-2025-14273] [Modified: 29-12-2025] [Analyzed] [V3.1 S7.2:HIGH] Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows a valid user ID to issue authenticated GET and POST requests to the Jira server via crafted plugin payloads that spoof the user ID and inject arbitrary issue key paths. Mattermost Advisory ID: MMSA-2025-00555

[CVE-2025-67826] [Modified: 02-01-2026] [Analyzed] [V3.1 S7.7:HIGH] An issue was discovered in K7 Ultimate Security 17.0.2045. A Local Privilege Escalation (LPE) vulnerability in the K7 Ultimate Security antivirus can be exploited by a local unprivileged user on default installations of the product. Insecure access to a named pipe allows unprivileged users to edit any registry key, leading to a full compromise as SYSTEM.

[CVE-2025-67443] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting (XSS). Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel.

[CVE-2025-68333] [Modified: 26-02-2026] [Analyzed] [V3.1 S5.5:MEDIUM] In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix possible deadlock in the deferred_irq_workfn() For PREEMPT_RT=y kernels, the deferred_irq_workfn() is executed in the per-cpu irq_work/* task context and not disable-irq, if the rq returned by container_of() is current CPU's rq, the following scenarios may occur: lock(&rq->__lock); <Interrupt> lock(&rq->__lock); This commit use IRQ_WORK_INIT_HARD() to replace init_irq_work() to initialize rq->scx.deferred_irq_work, make the deferred_irq_workfn() is always invoked in hard-irq context.

[CVE-2025-65270] [Modified: 05-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] Reflected cross-site scripting (XSS) vulnerability in ClinCapture EDC 3.0 and 2.2.3, allowing an unauthenticated remote attacker to execute JavaScript code in the context of the victim's browser.

[CVE-2025-67289] [Modified: 02-01-2026] [Analyzed] [V3.1 S9.6:CRITICAL] An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file.

[CVE-2025-68645] [Modified: 23-01-2026] [Analyzed] [V3.1 S8.8:HIGH] A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.

[CVE-2024-25814] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] MyNET up to v26.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the msg parameter.

[CVE-2024-35321] [Modified: 05-01-2026] [Analyzed] [V3.1 S4.3:MEDIUM] MyNET up to v26.08 was discovered to contain a Reflected cross-site scripting (XSS) vulnerability via the msgtipo parameter.

[CVE-2025-26787] [Modified: 05-01-2026] [Analyzed] [V3.1 S4.7:MEDIUM] An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to configure Certificate access to the initial startup of the container sets a property of "allowany" to allow any user with a valid and trusted client auth certificate to connect. Admins can then set more restricted access to specific certificates. A logic error caused this admin CLI command to be run on each restart of the container instead of only the first startup as intended resetting the configuration to "allowany".

[CVE-2025-63662] [Modified: 05-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Insecure permissions in the /api/v1/agents API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access sensitive information.