fweno.onefour.com.br

Current Conditions
São Paulo
céu limpo

24 ℃
73%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 22:00:02
  1. [USD] USD 65,936.36
  1. [BRL] BRL 343,732.79 [USD] USD 65,936.36 [GBP] GBP 48,419.45 [EUR] EUR 55,550.66
    Price index provided by blockchain.info.
  2. Bitcoin Core version 29.3 is now available for download. See the release notes for more information about the bug fixes in this release.
    If you have any questions, please stop by the #bitcoin IRC chatroom (IRC, web) and we’ll do our best to help you.

dog - 22:28:12 up 146 days, 6:59, 7 users, load average: 0.00, 0.00, 0.00

Google News

[12/02/2026 11:59] TSE rejeita liminares contra Lula, PT e escola de samba por propaganda antecipada em enredo de Carnaval - G1

[12/02/2026 21:39] Marido de mulher que morreu intoxicada após entrar em piscina é extubado - UOL Notícias

[12/02/2026 19:48] Julgamento sobre extradição de Zambelli acaba na Itália - Jovem Pan

[12/02/2026 16:46] Frente fria quebrará sequência de dias de forte calor com chuva e temporais - MetSul Meteorologia

[12/02/2026 16:17] Por que comer o "caranguejo do diabo" pode ser fatal? Entenda - CNN Brasil

[12/02/2026 13:14] Justiça suspende regras de escolas cívico-militares de Tarcísio e proíbe que PMs deem aulas em SP - G1

[12/02/2026 20:47] Lula insiste e Pacheco admite a possibilidade de disputar o governo de MG - CNN Brasil

[12/02/2026 11:35] Ataque a padaria: suspeito foi trabalhar após matar três, diz testemunha - Rádio Itatiaia

[11/02/2026 23:11] De Maduro a presos políticos: procurador aposta em 'pacificação real' da Venezuela com anistia - UOL Notícias

[12/02/2026 05:27] Kim Jong-un prepara filha para sucessão, diz inteligência sul-coreana - CNN Brasil

NVD Feed

[CVE-2025-62579] [Modified: 28-10-2025] [Analyzed] [V3.1 S7.8:HIGH] ASDA-Soft Stack-based Buffer Overflow Vulnerability

[CVE-2025-62580] [Modified: 28-10-2025] [Analyzed] [V3.1 S7.8:HIGH] ASDA-Soft Stack-based Buffer Overflow Vulnerability

[CVE-2025-0274] [Modified: 21-10-2025] [Analyzed] [V3.1 S5.3:MEDIUM] HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.

[CVE-2025-0275] [Modified: 21-10-2025] [Analyzed] [V3.1 S5.3:MEDIUM] HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.

[CVE-2025-55084] [Modified: 21-10-2025] [Analyzed] [V3.1 S5.3:MEDIUM] In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field.

[CVE-2025-55089] [Modified: 20-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a crafted sequence of packets

[CVE-2025-55090] [Modified: 21-10-2025] [Analyzed] [V3.1 S6.5:MEDIUM] In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet.

[CVE-2025-62583] [Modified: 21-10-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.

[CVE-2025-62584] [Modified: 21-10-2025] [Analyzed] [V3.1 S7.5:HIGH] Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment.

[CVE-2025-62585] [Modified: 21-10-2025] [Analyzed] [V3.1 S7.5:HIGH] Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.

[CVE-2025-41018] [Modified: 21-10-2025] [Analyzed] [V3.1 S9.8:CRITICAL] SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'.

[CVE-2025-41020] [Modified: 21-10-2025] [Analyzed] [V3.1 S7.5:HIGH] Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticket_a4.php'.

[CVE-2025-41021] [Modified: 21-10-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Stored Cross-Site Scripting (XSS) in Sergestec's Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'obs' parameter in '/admin/index.php?action=product_update'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.

[CVE-2025-55091] [Modified: 21-10-2025] [Analyzed] [V3.1 S6.5:MEDIUM] In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data.

[CVE-2025-0276] [Modified: 21-10-2025] [Analyzed] [V3.1 S6.5:MEDIUM] HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.

[CVE-2025-0277] [Modified: 21-10-2025] [Analyzed] [V3.1 S6.5:MEDIUM] HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.

[CVE-2025-10545] [Modified: 21-10-2025] [Analyzed] [V3.1 S3.1:LOW] Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the `/api/v4/channels/{channel_id}/members` endpoint

[CVE-2025-41410] [Modified: 21-10-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Mattermost versions 10.10.x <= 10.10.2, 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictions

[CVE-2025-54499] [Modified: 21-10-2025] [Analyzed] [V3.1 S3.1:LOW] Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets

[CVE-2025-58073] [Modified: 21-10-2025] [Analyzed] [V3.1 S8.1:HIGH] Mattermost versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x <= 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap