fweno.onefour.com.br

Current Conditions
São Paulo
céu limpo

22 ℃
66%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 07:00:02
  1. [USD] USD 79,850.57
  1. [BRL] BRL 393,319.94 [USD] USD 79,850.57 [GBP] GBP 58,649.28 [EUR] EUR 67,846.95
    Price index provided by blockchain.info.
  2. After Bitcoin Core 0.14.0 and before Bitcoin Core 29.0, validating a specially-crafted block may cause the node to access previously freed memory.
    During validation, necessary data required for checking inputs for each transaction is pre-calculated and cached. For specially crafted invalid blocks, it was possible for this data to be destroyed while it was still being accessed by a background validation thread. An attacker capable of mining a block with sufficient proof-of-work could have exploited this to crash victim nodes. Because of the nature of use-after-free bugs, it is possible that the crash could have been used for remote code execution, though constraints on the input (block) data make this unlikely.
    This issue is considered High severity.

    Details

    By default, script validation for new blocks is dispatched to background threads via a vector of CScriptCheck functors. Each CScriptCheck holds a pointer to a PrecomputedTransactionData object which stores some data needed by each input in the transaction. Because it stores a pointer and not the data itself, care must be taken to ensure that the PrecomputedTransactionData outlives the CScriptCheck.
    The script checks lifetime is enforced by an RAII class, CCheckQueueControl. However, the control is intantiated before the precomputed transaction data. Because local objects in C++ are destructed in reverse order of construction, this means the vector of PrecomputedTransactionData is destroyed before the CCheckQueueControl.
    This is not an issue when the block is valid, as CCheckQueueControl::Wait() will be called before the function returns and the PrecomputedTransactionData gets destroyed. However, in case of an early return (when a separate check fails) a background script thread may read the precomputed transaction data after it was destroyed. An attacker could exploit this to crash victim nodes at the expense of a valid PoW at tip.

    Attribution

    Cory Fields (MIT DCI) discovered this vulnerability and responsibly disclosed it in a detailed report containing a proof of concept for reproduction and a proposed mitigation.

    Timeline

    • 2024-11-02 Cory Fields privately reports the bug
    • 2024-11-06 Pieter Wuille pushes a covert fix to already open PR #31112 which works around the issue by removing the early returns
    • 2024-12-03 PR #31112 is merged
    • 2025-04-12 Bitcoin Core version 29.0 is released with a fix
    • 2026-04-19 The last vulnerable Bitcoin Core version (28.x) goes end of life
    • 2026-05-05 Public disclosure.

dog - 07:22:42 up 230 days, 15:54, 3 users, load average: 0.00, 0.01, 0.00

Google News

[07/05/2026 19:48] Encontro entre Lula e Trump repercute na mídia internacional - Poder360

[07/05/2026 18:38] Alessandro Vieira pede suspeição de Nunes Marques na CPI do Master - CNN Brasil

[07/05/2026 21:39] Gabinete de Mendonça nega acesso a proposta de delação de Vorcaro - O Antagonista

[07/05/2026 18:32] Previsão diz que há chance de neve no Brasil neste fim de semana; veja onde - UOL Notícias

[07/05/2026 06:08] Mina de terras-raras vendida a empresa dos EUA nunca foi brasileira - Poder360

[07/05/2026 16:59] Devemos nos preocupar com o hantavírus que já matou 3 em navio? - BBC

[07/05/2026 20:03] Governo Lula deve retaliar Alcolumbre em cargos de 2º e 3º escalão - Correio Braziliense

[07/05/2026 16:18] Dino pede vista e suspende julgamento dos royalties do petróleo no STF - Metrópoles

[07/05/2026 19:06] Empresário morto em queda de avião em BH era o dono da aeronave - Estado de Minas

[07/05/2026 14:05] Patroa que torturou e agrediu empregada doméstica grávida é presa no Piauí - O GLOBO

NVD Feed

[CVE-2026-0699] [Modified: 29-04-2026] [Analyzed] [V3.1 S4.7:MEDIUM] A vulnerability was found in code-projects Intern Membership Management System 1.0. This impacts an unknown function of the file /intern/admin/edit_activity.php. Performing a manipulation of the argument activity_id results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

[CVE-2026-0700] [Modified: 29-04-2026] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was determined in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /intern/admin/check_admin.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-13034] [Modified: 20-01-2026] [Analyzed] [V3.1 S5.9:MEDIUM] When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper check, thus not noticing a possible impostor. To skip this check, the connection had to be done with QUIC with ngtcp2 built to use GnuTLS and the user had to explicitly disable the standard certificate verification.

[CVE-2025-14017] [Modified: 27-01-2026] [Analyzed] [V3.1 S6.3:MEDIUM] When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.

[CVE-2025-14524] [Modified: 20-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

[CVE-2025-14819] [Modified: 20-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.

[CVE-2025-15079] [Modified: 20-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.

[CVE-2025-15224] [Modified: 20-01-2026] [Analyzed] [V3.1 S3.1:LOW] When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.

[CVE-2026-21871] [Modified: 15-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, there is a XSS risk in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push() or ui.navigate.history.replace(). These helpers are documented as History API wrappers for updating the browser URL without page reload. However, if the URL argument is embedded into generated JavaScript without proper escaping, a crafted payload can break out of the intended string context and execute arbitrary JavaScript in the victim’s browser. Applications that do not pass untrusted input into ui.navigate.history.push/replace are not affected. This issue has been patched in version 3.5.0.

[CVE-2026-21872] [Modified: 15-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the click event listener used by ui.sub_pages, combined with attacker-controlled link rendering on the page, causes XSS when the user actively clicks on the link. This issue has been patched in version 3.5.0.

[CVE-2026-21873] [Modified: 15-01-2026] [Analyzed] [V3.1 S7.2:HIGH] NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the pushstate event listener used by ui.sub_pages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. This issue has been patched in version 3.5.0.

[CVE-2026-21874] [Modified: 15-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] NiceGUI is a Python-based UI framework. From versions v2.10.0 to 3.4.1, an unauthenticated attacker can exhaust Redis connections by repeatedly opening and closing browser tabs on any NiceGUI application using Redis-backed storage. Connections are never released, leading to service degradation when Redis hits its connection limit. NiceGUI continues accepting new connections - errors are logged but the app stays up with broken storage functionality. This issue has been patched in version 3.5.0.

[CVE-2026-21894] [Modified: 20-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stripe webhook signing secret when registering the webhook endpoint, but incoming webhook requests were not verified against this secret. As a result, any HTTP client that knows the webhook URL could send a POST request containing a matching event type, causing the workflow to execute as if a legitimate Stripe event had been received. This issue affects n8n users who have active workflows using the Stripe Trigger node. An attacker could potentially fake payment or subscription events and influence downstream workflow behavior. The practical risk is reduced by the fact that the webhook URL contains a high-entropy UUID; however, authenticated n8n users with access to the workflow can view this webhook ID. This issue has been patched in version 2.2.2. A temporary workaround for this issue involves users deactivating affected workflows or restricting access to workflows containing Stripe Trigger nodes to trusted users only.

[CVE-2026-22242] [Modified: 12-01-2026] [Analyzed] [V3.1 S4.9:MEDIUM] CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using boolean-based or time-based techniques. The database account used by the application is read-only and non-DBA, limiting impact to confidential data disclosure only. No data modification or service disruption is possible. This issue has been patched in version 4.1.8.

[CVE-2025-69258] [Modified: 15-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.

[CVE-2025-69259] [Modified: 15-01-2026] [Analyzed] [V3.1 S7.5:HIGH] A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability..

[CVE-2025-69260] [Modified: 15-01-2026] [Analyzed] [V3.1 S7.5:HIGH] A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability.

[CVE-2026-21885] [Modified: 12-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint (`GET /proxy/{encodedDigest}/{encodedURL}`) can be abused to perform Server-Side Request Forgery (SSRF). An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs embedded in feed entry content, including internal addresses (e.g., localhost, private RFC1918 ranges, or link-local metadata endpoints). Requesting the resulting `/proxy/...` URL makes Miniflux fetch and return the internal response. Version 2.2.16 fixes the issue.

[CVE-2026-21891] [Modified: 12-01-2026] [Analyzed] [V3.1 S9.4:CRITICAL] ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application checks the validity of the username but appears to skip, misinterpret, or incorrectly validate the password when the provided username matches a known system service account. The application's login function fails to properly handle the password validation result for these users, effectively granting authenticated access to anyone who knows one of these common usernames and provides any password. As of time of publication, no known patched versions are available.

[CVE-2026-21892] [Modified: 20-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting (Python % operator) with user-supplied input (workflow_id) directly from URL routes. This allows an unauthenticated attacker with access to the visualization dashboard to inject arbitrary SQL commands, potentially leading to data exfiltration or denial of service against the monitoring database. Version 2026.01.05 fixes the issue.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap