Current Conditions
São Paulo
nuvens dispersas

18 ℃
83%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 08:00:02
  1. [USD] USD 77,775.10
  1. [BRL] BRL 393,098.69 [USD] USD 77,775.10 [GBP] GBP 57,669.30 [EUR] EUR 66,470.88
    Price index provided by blockchain.info.
  2. Bitcoin Core version 31.0 is now available for download. See the release notes for more information about the bug fixes in this release.
    If you have any questions, please stop by the #bitcoin IRC chatroom (IRC, web) and we’ll do our best to help you.

[CVE-2025-15082] [Modified: 20-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15083] [Modified: 20-01-2026] [Analyzed] [V3.1 S2.0:LOW] A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to on-chip debug and test interface with improper access control. The physical device can be targeted for the attack. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15084] [Modified: 31-12-2025] [Analyzed] [V3.1 S3.1:LOW] A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15085] [Modified: 31-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-68935] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.4:MEDIUM] ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.

[CVE-2025-68936] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.4:MEDIUM] ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.

[CVE-2025-15086] [Modified: 31-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15089] [Modified: 31-12-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. This affects the function strcpy of the file /goform/APSecurity. The manipulation of the argument wepkey1 leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-15090] [Modified: 31-12-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This vulnerability affects the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.

[CVE-2025-15091] [Modified: 31-12-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was determined in UTT 进取 512W up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/formPictureUrl. This manipulation of the argument importpictureurl causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-15092] [Modified: 31-12-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was identified in UTT 进取 512W up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/ConfigExceptMSN. Such manipulation of the argument remark leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

[CVE-2025-68938] [Modified: 02-01-2026] [Analyzed] [V3.1 S4.3:MEDIUM] Gitea before 1.25.2 mishandles authorization for deletion of releases.

[CVE-2025-68939] [Modified: 02-01-2026] [Analyzed] [V3.1 S8.2:HIGH] Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.

[CVE-2025-68940] [Modified: 02-01-2026] [Analyzed] [V3.1 S3.1:LOW] In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.

[CVE-2025-68941] [Modified: 02-01-2026] [Analyzed] [V3.1 S4.9:MEDIUM] Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.

[CVE-2025-68942] [Modified: 02-01-2026] [Analyzed] [V3.1 S5.4:MEDIUM] Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.

[CVE-2025-15099] [Modified: 08-01-2026] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNAL_API_SECRET leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is e359dc2946b12ed5e45a0ec9c95ecf91bd18502a. Applying a patch is the recommended action to fix this issue.

[CVE-2025-68943] [Modified: 31-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.

[CVE-2025-68944] [Modified: 31-12-2025] [Analyzed] [V3.1 S5.0:MEDIUM] Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.

[CVE-2025-68945] [Modified: 31-12-2025] [Analyzed] [V3.1 S5.8:MEDIUM] In Gitea before 1.21.2, an anonymous user can visit a private user's project.