fweno.onefour.com.br

Current Conditions
São Paulo
nublado

21 ℃
77%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 14:30:01
  1. [USD] USD 64,037.50
  1. [BRL] BRL 324,996.74 [USD] USD 64,037.50 [GBP] GBP 47,789.14 [EUR] EUR 55,350.30
    Price index provided by blockchain.info.
  2. After Bitcoin Core 0.14.0 and before Bitcoin Core 29.0, validating a specially-crafted block may cause the node to access previously freed memory.
    During validation, necessary data required for checking inputs for each transaction is pre-calculated and cached. For specially crafted invalid blocks, it was possible for this data to be destroyed while it was still being accessed by a background validation thread. An attacker capable of mining a block with sufficient proof-of-work could have exploited this to crash victim nodes. Because of the nature of use-after-free bugs, it is possible that the crash could have been used for remote code execution, though constraints on the input (block) data make this unlikely.
    This issue is considered High severity.

    Details

    By default, script validation for new blocks is dispatched to background threads via a vector of CScriptCheck functors. Each CScriptCheck holds a pointer to a PrecomputedTransactionData object which stores some data needed by each input in the transaction. Because it stores a pointer and not the data itself, care must be taken to ensure that the PrecomputedTransactionData outlives the CScriptCheck.
    The script checks lifetime is enforced by an RAII class, CCheckQueueControl. However, the control is intantiated before the precomputed transaction data. Because local objects in C++ are destructed in reverse order of construction, this means the vector of PrecomputedTransactionData is destroyed before the CCheckQueueControl.
    This is not an issue when the block is valid, as CCheckQueueControl::Wait() will be called before the function returns and the PrecomputedTransactionData gets destroyed. However, in case of an early return (when a separate check fails) a background script thread may read the precomputed transaction data after it was destroyed. An attacker could exploit this to crash victim nodes at the expense of a valid PoW at tip.

    Attribution

    Cory Fields (MIT DCI) discovered this vulnerability and responsibly disclosed it in a detailed report containing a proof of concept for reproduction and a proposed mitigation.

    Timeline

    • 2024-11-02 Cory Fields privately reports the bug
    • 2024-11-06 Pieter Wuille pushes a covert fix to already open PR #31112 which works around the issue by removing the early returns
    • 2024-12-03 PR #31112 is merged
    • 2025-04-12 Bitcoin Core version 29.0 is released with a fix
    • 2026-04-19 The last vulnerable Bitcoin Core version (28.x) goes end of life
    • 2026-05-05 Public disclosure.

dog - 14:53:56 up 266 days, 23:25, 5 users, load average: 0.00, 0.00, 0.00

Google News

[13/06/2026 09:38] Trump anuncia morte do líder do grupo venezuelano Tren de Aragua: quem era Niño Guerrero? - BBC

[12/06/2026 09:07] Justiça italiana acusa Moraes de parcialidade em processo de Carla Zambelli - CartaCapital

[13/06/2026 10:02] Irã diz que assinatura de acordo provisório com EUA não será domingo (14) - CNN Brasil

[13/06/2026 12:28] Militante idoso do PT é agredido por bolsonaristas por usar adesivo de Benedita da Silva - Revista Fórum

[13/06/2026 06:46] Lula cresce, Flávio despenca com escândalo Master e direita segue sem alternativa, aponta diretor da Quaest - Brasil 247

[13/06/2026 06:00] Massa de ar polar chega ao país neste fim de semana - Revista Oeste

[13/06/2026 12:30] Mulher morre após ser jogada de altura de 40 metros sem cordas ao tentar pular de rope jump em SP - G1

[13/06/2026 09:14] Acidente com carro e caminhão deixa um morto e interdita BR-381, em Nova Era - Rádio Itatiaia

[13/06/2026 12:45] Eduardo Bolsonaro sugere rompimento total com o Novo após fala de Zema - CNN Brasil

[13/06/2026 07:42] Super El Niño: com 3 mil áreas de risco, SC não tem plano de contingência finalizado - ICL Notícias

NVD Feed

[CVE-2026-25531] [Modified: 13-02-2026] [Analyzed] [V3.1 S4.3:MEDIUM] Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into projects they cannot access. This vulnerability is fixed in 1.2.50.

[CVE-2025-70091] [Modified: 17-02-2026] [Analyzed] [V3.1 S6.5:MEDIUM] A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter.

[CVE-2025-70093] [Modified: 17-02-2026] [Analyzed] [V3.1 S7.4:HIGH] An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.

[CVE-2025-70094] [Modified: 17-02-2026] [Analyzed] [V3.1 S6.5:MEDIUM] A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Category parameter.

[CVE-2025-70095] [Modified: 17-02-2026] [Analyzed] [V3.1 S6.5:MEDIUM] A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.

[CVE-2025-70121] [Modified: 18-02-2026] [Analyzed] [V3.1 S7.5:HIGH] An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. The issue occurs in the GetSUCI method (NAS_MobileIdentity5GS.go) when accessing index 5 of a 5-element array, leading to a runtime panic and AMF crash.

[CVE-2025-70122] [Modified: 18-02-2026] [Analyzed] [V3.1 S7.5:HIGH] A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. The issue occurs in the SDFFilterFields.UnmarshalBinary function (sdf-filter.go) when processing a declared length that exceeds the actual buffer capacity, leading to a runtime panic and UPF crash.

[CVE-2025-70123] [Modified: 18-02-2026] [Analyzed] [V3.1 S7.5:HIGH] An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This places the UPF in an inconsistent state where a subsequent valid PFCP Session Establishment Request triggers a cascading failure, disrupting the SMF connection and causing service degradation.

[CVE-2026-26268] [Modified: 18-02-2026] [Analyzed] [V3.1 S8.0:HIGH] Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time they are triggered. No user interaction was required as Git executes these commands automatically. Fixed in version 2.5.

[CVE-2026-2026] [Modified: 24-02-2026] [Analyzed] [V3.1 S6.1:MEDIUM] A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.

[CVE-2025-66676] [Modified: 25-03-2026] [Analyzed] [V3.1 S6.2:MEDIUM] An issue in IObit Unlocker v1.3.0.11 allows attackers to cause a Denial of Service (DoS) via a crafted request.

[CVE-2026-21870] [Modified: 18-02-2026] [Analyzed] [V3.1 S5.5:MEDIUM] BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash (SIGABRT) when processing string literals longer than the buffer limit. The tokenizer_string function in src/bacnet/basic/program/ubasic/tokenizer.c incorrectly handles null termination for maximum-length strings. It writes a null byte to dest[40] when the buffer size is only 40 (indices 0-39), triggering a stack overflow.

[CVE-2026-21878] [Modified: 18-02-2026] [Analyzed] [V3.1 S7.5:HIGH] BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allowing attackers to write files to arbitrary directories. This affects apps/readfile/main.c and ports/posix/bacfile-posix.c. This vulnerability is fixed in 1.5.0.rc3.

[CVE-2026-25964] [Modified: 17-02-2026] [Analyzed] [V3.1 S4.9:MEDIUM] Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import permissions to read arbitrary files on the server. This vulnerability stems from a lack of input validation in the file_path parameter and insufficient checks in the Local storage backend, enabling an attacker to bypass storage directory restrictions and access sensitive system files (e.g., /etc/passwd) or application configuration files (e.g., settings.py), potentially leading to full system compromise. This vulnerability is fixed in 2.5.1.

[CVE-2026-25991] [Modified: 17-02-2026] [Analyzed] [V3.1 S7.7:HIGH] Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forgery (SSRF) vulnerability in the Cookmate recipe import feature of Tandoor Recipes. The application fails to validate the destination URL after following HTTP redirects, allowing any authenticated user (including standard users without administrative privileges) to force the server to connect to arbitrary internal or external resources. The vulnerability lies in cookbook/integration/cookmate.py, within the Cookmate integration class. This vulnerability can be leveraged to scan internal network ports, access cloud instance metadata (e.g., AWS/GCP Metadata Service), or disclose the server's real IP address. This vulnerability is fixed in 2.5.1.

[CVE-2026-26187] [Modified: 18-02-2026] [Analyzed] [V3.1 S8.1:HIGH] lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter (pkg/block/local/adapter.go) allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used strings.HasPrefix() to verify that requested paths fall within the configured storage directory. This check was insufficient because it validated only the path prefix without requiring a path separator, allowing access to sibling directories with similar names. Also, the adapter verified that resolved paths stayed within the adapter's base path, but did not verify that object identifiers stayed within their designated storage namespace. This allowed attackers to use path traversal sequences in the object identifier to access files in other namespaces. Fixed in version v1.77.0.

[CVE-2026-26190] [Modified: 18-02-2026] [Analyzed] [V3.1 S9.8:CRITICAL] Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath (default: by-dev), enabling arbitrary expression evaluation. The full REST API (/api/v1/*) is registered on the metrics/management port without any authentication, allowing unauthenticated access to all business operations including data manipulation and credential management. This vulnerability is fixed in 2.5.27 and 2.6.10.

[CVE-2026-26264] [Modified: 18-02-2026] [Analyzed] [V3.1 S8.1:HIGH] BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0rc4 and 1.4.3rc2, a malformed WriteProperty request can trigger a length underflow in the BACnet stack, leading to an out‑of‑bounds read and a crash (DoS). The issue is in wp.c within wp_decode_service_request. When decoding the optional priority context tag, the code passes apdu_len - apdu_size to bacnet_unsigned_context_decode without validating that apdu_size <= apdu_len. If a truncated APDU reaches this path, apdu_len - apdu_size underflows, resulting in a large size being used for decoding and an out‑of‑bounds read. This vulnerability is fixed in 1.5.0rc4 and 1.4.3rc2.

[CVE-2026-2441] [Modified: 23-02-2026] [Analyzed] [V3.1 S8.8:HIGH] Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

[CVE-2026-26269] [Modified: 18-02-2026] [Analyzed] [V3.1 S5.4:MEDIUM] Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in special_keys() (in src/netbeans.c). The while (*tok) loop writes two bytes per iteration into a 64-byte stack buffer (keybuf) with no bounds check. A malicious NetBeans server can overflow keybuf with a single specialKeys command. The issue has been fixed as of Vim patch v9.1.2148.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap