fweno.onefour.com.br

Current Conditions
São Paulo
nublado

15 ℃
90%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 15:30:02
  1. [USD] USD 76,741.04
  1. [BRL] BRL 386,383.47 [USD] USD 76,741.04 [GBP] GBP 57,071.16 [EUR] EUR 66,086.62
    Price index provided by blockchain.info.
  2. After Bitcoin Core 0.14.0 and before Bitcoin Core 29.0, validating a specially-crafted block may cause the node to access previously freed memory.
    During validation, necessary data required for checking inputs for each transaction is pre-calculated and cached. For specially crafted invalid blocks, it was possible for this data to be destroyed while it was still being accessed by a background validation thread. An attacker capable of mining a block with sufficient proof-of-work could have exploited this to crash victim nodes. Because of the nature of use-after-free bugs, it is possible that the crash could have been used for remote code execution, though constraints on the input (block) data make this unlikely.
    This issue is considered High severity.

    Details

    By default, script validation for new blocks is dispatched to background threads via a vector of CScriptCheck functors. Each CScriptCheck holds a pointer to a PrecomputedTransactionData object which stores some data needed by each input in the transaction. Because it stores a pointer and not the data itself, care must be taken to ensure that the PrecomputedTransactionData outlives the CScriptCheck.
    The script checks lifetime is enforced by an RAII class, CCheckQueueControl. However, the control is intantiated before the precomputed transaction data. Because local objects in C++ are destructed in reverse order of construction, this means the vector of PrecomputedTransactionData is destroyed before the CCheckQueueControl.
    This is not an issue when the block is valid, as CCheckQueueControl::Wait() will be called before the function returns and the PrecomputedTransactionData gets destroyed. However, in case of an early return (when a separate check fails) a background script thread may read the precomputed transaction data after it was destroyed. An attacker could exploit this to crash victim nodes at the expense of a valid PoW at tip.

    Attribution

    Cory Fields (MIT DCI) discovered this vulnerability and responsibly disclosed it in a detailed report containing a proof of concept for reproduction and a proposed mitigation.

    Timeline

    • 2024-11-02 Cory Fields privately reports the bug
    • 2024-11-06 Pieter Wuille pushes a covert fix to already open PR #31112 which works around the issue by removing the early returns
    • 2024-12-03 PR #31112 is merged
    • 2025-04-12 Bitcoin Core version 29.0 is released with a fix
    • 2026-04-19 The last vulnerable Bitcoin Core version (28.x) goes end of life
    • 2026-05-05 Public disclosure.

dog - 15:59:27 up 245 days, 30 min, 3 users, load average: 0.00, 0.00, 0.00

Google News

[22/05/2026 15:40] Datafolha 2º turno: Lula tem 47% e Flávio Bolsonaro, 43% - G1

[22/05/2026 10:33] Novo tremor de terra de magnitude 3,1 é registrado no litoral do RJ - G1

[22/05/2026 11:50] Danilo, do Botafogo, recusa proposta de € 35 milhões do Zenit; Palmeiras hoje é o time mais perto de contratação, diz repórter - FogãoNET

[22/05/2026 13:14] Dino não vai receber Mario Frias pessoalmente, e post valeu como intimação - UOL Notícias

[22/05/2026 09:50] De saída do Manchester City, Guardiola diz que não vai assumir outro clube: 'Não vou treinar por um tempo' - O Globo

[22/05/2026 11:58] STJ reconhece Arbitragem da FGV como órgão competente para julgar questões societárias da SAF do Botafogo, e Eagle pode retomar poder - FogãoNET

[22/05/2026 11:11] Mendonça vota pela manutenção da prisão do primo de Vorcaro; Gilmar pede mais tempo para análise - G1

[22/05/2026 10:42] Ebola: risco é elevado para 'muito alto' no Congo; chefe da OMS na África adverte contra subestimar propagação - G1

[21/05/2026 17:43] 'Pare de mentir': homem aborda astronautas e diz que Artemis 2 foi encenada - UOL

[22/05/2026 04:02] Inglês tenta cruzar Atlântico em barco de 1 metro após fracasso e acidente destruir primeira embarcação; entenda - O Globo

NVD Feed

[CVE-2025-13927] [Modified: 26-01-2026] [Analyzed] [V3.1 S7.5:HIGH] GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.9 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted requests with malformed authentication data.

[CVE-2025-13928] [Modified: 26-01-2026] [Analyzed] [V3.1 S7.5:HIGH] GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API endpoints.

[CVE-2025-64097] [Modified: 17-02-2026] [Analyzed] [V3.1 S9.8:CRITICAL] NervesHub is a web service that allows users to manage over-the-air (OTA) firmware updates of devices in the field. A vulnerability present starting in version 1.0.0 and prior to version 2.3.0 allowed attackers to brute-force user API tokens due to the predictable format of previously issued tokens. Tokens included user-identifiable components and were not cryptographically secure, making them susceptible to guessing or enumeration. The vulnerability could have allowed unauthorized access to user accounts or API actions protected by these tokens. A fix is available in version 2.3.0 of NervesHub. This version introduces strong, cryptographically-random tokens using `:crypto.strong_rand_bytes/1`, hashing of tokens before database storage to prevent misuse even if the database is compromised, and context-aware token storage to distinguish between session and API tokens. There are no practical workarounds for this issue other than upgrading. In sensitive environments, as a temporary mitigation, firewalling access to the NervesHub server can help limit exposure until an upgrade is possible.

[CVE-2025-65098] [Modified: 30-01-2026] [Analyzed] [V3.1 S7.4:HIGH] Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI keys, Google Sheets tokens, and SMTP passwords. The `/api/trpc/credentials.getCredentials` endpoint returns plaintext API keys without verifying credential ownership. Version 3.13.2 fixes the issue.

[CVE-2026-0723] [Modified: 26-01-2026] [Analyzed] [V3.1 S7.4:HIGH] GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device responses.

[CVE-2026-1102] [Modified: 26-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending repeated malformed SSH authentication requests.

[CVE-2026-1324] [Modified: 30-01-2026] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2026-1325] [Modified: 30-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] A security flaw has been discovered in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function edit_pwd_mall of the file /fort/login/edit_pwd_mall. The manipulation of the argument flag results in weak password recovery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2026-1326] [Modified: 29-04-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

[CVE-2026-1327] [Modified: 29-04-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

[CVE-2026-1328] [Modified: 29-01-2026] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.

[CVE-2026-1329] [Modified: 03-02-2026] [Analyzed] [V3.1 S8.8:HIGH] A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet. Executing a manipulation of the argument guestWrlPwd/guestEn/guestSsid/hideSsid/guestSecurity can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.

[CVE-2026-23760] [Modified: 27-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. NOTE: SmarterMail system administrator privileges grant the ability to execute operating system commands via built-in management functionality, effectively providing administrative (SYSTEM or root) access on the underlying host.

[CVE-2025-69612] [Modified: 03-02-2026] [Analyzed] [V3.1 S6.5:MEDIUM] A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing authenticated users to read arbitrary files, such as the server's Web.config.

[CVE-2025-69764] [Modified: 26-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffer, which may result in memory corruption and remote code execution.

[CVE-2025-69820] [Modified: 02-02-2026] [Analyzed] [V3.1 S6.0:MEDIUM] Directory Traversal vulnerability in Beam beta9 v.0.1.521 allows a remote attacker to obtain sensitive information via the joinCleanPath function.

[CVE-2025-69821] [Modified: 02-02-2026] [Analyzed] [V3.1 S7.4:HIGH] An issue in Beat XP VEGA Smartwatch (Firmware Version - RB303ATV006229) allows an attacker to cause a denial of service via the BLE connection

[CVE-2025-69822] [Modified: 02-02-2026] [Analyzed] [V3.1 S7.4:HIGH] An issue in Atomberg Atomberg Erica Smart Fan Firmware Version: V1.0.36 allows an attacker to obtain sensitive information and escalate privileges via a crafted deauth frame

[CVE-2026-24009] [Modified: 09-04-2026] [Analyzed] [V3.1 S8.1:HIGH] Docling Core (or docling-core) is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution (RCE) vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version 2.48.4, specifically only if the application uses pyyaml prior to version 5.4 and invokes `docling_core.types.doc.DoclingDocument.load_from_yaml()` passing it untrusted YAML data. The vulnerability has been patched in docling-core version 2.48.4. The fix mitigates the issue by switching `PyYAML` deserialization from `yaml.FullLoader` to `yaml.SafeLoader`, ensuring that untrusted data cannot trigger code execution. Users who cannot immediately upgrade docling-core can alternatively ensure that the installed version of PyYAML is 5.4 or greater.

[CVE-2025-56589] [Modified: 02-02-2026] [Analyzed] [V3.1 S7.5:HIGH] A Local File Inclusion (LFI) and a Server-Side Request Forgery (SSRF) vulnerability was found in the InsertFromHtmlString() function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or external services. Both vulnerabilities could lead to the disclosure of sensitive data or potential system takeover.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap