Current Conditions
São Paulo
trovoada

25 ℃
81%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 17:30:01
  1. [USD] USD 68,842.61
  1. [BRL] BRL 352,797.73 [USD] USD 68,842.61 [GBP] GBP 50,794.07 [EUR] EUR 58,309.00
    Price index provided by blockchain.info.
  2. Bitcoin Core version 29.3 is now available for download. See the release notes for more information about the bug fixes in this release.
    If you have any questions, please stop by the #bitcoin IRC chatroom (IRC, web) and we’ll do our best to help you.

[CVE-2025-54604] [Modified: 07-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).

[CVE-2025-54605] [Modified: 07-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).

[CVE-2025-12422] [Modified: 07-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

[CVE-2025-60355] [Modified: 08-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

[CVE-2025-60800] [Modified: 06-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request.

[CVE-2025-12423] [Modified: 07-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

[CVE-2025-12424] [Modified: 07-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

[CVE-2025-12425] [Modified: 07-11-2025] [Analyzed] [V3.1 S7.8:HIGH] Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

[CVE-2025-40843] [Modified: 14-11-2025] [Analyzed] [V3.1 S5.9:MEDIUM] CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects CodeChecker: through 6.26.1.

[CVE-2025-59837] [Modified: 25-11-2025] [Analyzed] [V3.1 S7.2:HIGH] Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery (SSRF) and potentially cross-site scripting (XSS). This vulnerability exists due to an incomplete fix for CVE-2025-58179. Fixed in 5.13.10.

[CVE-2025-11374] [Modified: 22-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.

[CVE-2025-11375] [Modified: 22-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.

[CVE-2025-43017] [Modified: 21-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities.

[CVE-2025-61598] [Modified: 03-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning attacks. This vulnerability is fixed in 3.6.2 and 3.6.0.beta2.

[CVE-2025-62800] [Modified: 07-11-2025] [Analyzed] [V3.1 S6.1:MEDIUM] FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page (oauth_callback.py) where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScript execution in the callback server origin. The issue is fixed in version 2.13.0.

[CVE-2025-62801] [Modified: 04-11-2025] [Analyzed] [V3.1 S7.8:HIGH] FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the server_name field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This vulnerability is fixed in 2.13.0.

[CVE-2025-62802] [Modified: 03-11-2025] [Analyzed] [V3.1 S4.3:MEDIUM] DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most implementations. This vulnerability is fixed in 10.1.1.

[CVE-2025-64094] [Modified: 03-11-2025] [Analyzed] [V3.1 S6.4:MEDIUM] DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. This vulnerability exists because of an incomplete fix for CVE-2025-48378. This vulnerability is fixed in 10.1.1.

[CVE-2025-64095] [Modified: 03-11-2025] [Analyzed] [V3.1 S10.0:CRITICAL] DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads. This vulnerability is fixed in 10.1.1.

[CVE-2025-11702] [Modified: 03-11-2025] [Analyzed] [V3.1 S8.5:HIGH] GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permissions to hijack project runners from other projects.