[05/03/2026 21:21] Bases de interceptores dos EUA são atingidas na Jordânia e EAU - CNN Brasil

[05/03/2026 20:45] PMs são denunciados e presos por, fardados, assaltarem ônibus no Rio e roubarem 11 celulares - Extra online

[05/03/2026 22:48] Guerra sai dos limites do Oriente Médio. Povo dos EUA condena ataque ao Irã - UOL Notícias

[05/03/2026 17:17] Vídeo: Nikolas deixa de votar em projeto de socorro às chuvas em MG - Metrópoles

[05/03/2026 15:18] Como a Europa foi arrastada para o conflito no Oriente Médio - G1

[05/03/2026 16:52] Nova frente fria deve chegar com 'força acima do normal' no Sudeste - UOL Notícias

[04/03/2026 22:01] Veja a lista dos deputados que votaram contra a PEC da Segurança Pública - CartaCapital

[05/03/2026 14:50] Ibaneis afirma que não vai retirar Serrinha da lista de garantias ao BRB - Correio Braziliense

[05/03/2026 17:27] Relatório dos EUA acusa China de usar bases no Brasil para vigiar inimigos - CNN Brasil

[05/03/2026 16:46] EUA avisam que podem lançar ofensiva contra grupos criminosos na América Latina - Gazeta do Povo

[CVE-2025-36054] [Modified: 12-12-2025] [Analyzed] [V3.1 S6.1:MEDIUM] IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process Federation Server 24.0.0 through 24.0.1 and 25.0.0 are vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

[CVE-2025-28953] [Modified: 21-01-2026] [Analyzed] [V3.1 S8.5:HIGH] Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in axiomthemes smart SEO smartSEO allows SQL Injection.This issue affects smart SEO: from n/a through <= 4.0.

[CVE-2025-39466] [Modified: 29-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dør dor allows PHP Local File Inclusion.This issue affects Dør: from n/a through <= 2.4.

[CVE-2025-39467] [Modified: 29-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1.

[CVE-2025-59392] [Modified: 04-02-2026] [Analyzed] [V3.1 S6.8:MEDIUM] On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive (containing a publicly documented reset string) into a USB port.

[CVE-2025-63307] [Modified: 08-12-2025] [Analyzed] [V3.1 S8.1:HIGH] alexusmai laravel-file-manager 3.3.1 is vulnerable to Cross Site Scripting (XSS). The application permits user-controlled upload, create, and rename of files to HTML and SVG types and serves those files inline without adequate content-type validation or output sanitization.

[CVE-2025-64224] [Modified: 29-01-2026] [Analyzed] [V3.1 S7.1:HIGH] Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Reflected XSS.This issue affects Grand Conference Theme Custom Post Type: from n/a through < 2.6.4.

[CVE-2025-10885] [Modified: 12-11-2025] [Analyzed] [V3.1 S7.8:HIGH] A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM.

[CVE-2025-12485] [Modified: 10-11-2025] [Analyzed] [V3.1 S8.8:HIGH] Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account MFA verification step. This issue affects the following versions : * Devolutions Server 2025.3.2.0 through 2025.3.5.0 * Devolutions Server 2025.2.15.0 and earlier

[CVE-2025-12808] [Modified: 10-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : * Devolutions Server 2025.3.2.0 through 2025.3.5.0 * Devolutions Server 2025.2.15.0 and earlier

[CVE-2025-63560] [Modified: 04-02-2026] [Analyzed] [V3.1 S7.5:HIGH] An issue in KiloView Dual Channel 4k HDMI & 3G-SDI HEVC Video Encoder Firmware v.1.20.0006 allows a remote attacker to cause a denial of service via the systemctrl API System/reFactory component.

[CVE-2025-63588] [Modified: 10-11-2025] [Analyzed] [V3.1 S7.1:HIGH] An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via a crafted request (e.g., a maliciously crafted POST login). Successful exploitation may lead to theft of session cookies, credential disclosure, or other client-side impacts.

[CVE-2025-63589] [Modified: 10-11-2025] [Analyzed] [V3.1 S7.1:HIGH] A reflected XSS vulnerability exists in CMSimple_XH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML (navigation links, breadcrumbs, search form action, footer links). An attacker-controlled string placed in the URL path is reflected into multiple HTML elements, allowing execution of arbitrary JavaScript in victims' browsers visiting a crafted URL.

[CVE-2024-25621] [Modified: 31-12-2025] [Analyzed] [V3.1 S7.3:HIGH] containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri` and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were all created with incorrect permissions. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. Workarounds include updating system administrator permissions so the host can manually chmod the directories to not have group or world accessible permissions, or to run containerd in rootless mode.

[CVE-2025-22397] [Modified: 21-01-2026] [Analyzed] [V3.1 S6.7:MEDIUM] Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

[CVE-2025-31133] [Modified: 03-12-2025] [Analyzed] [V3.1 S7.8:HIGH] runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.

[CVE-2025-60541] [Modified: 31-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A Server-Side Request Forgery (SSRF) in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request.

[CVE-2025-63551] [Modified: 04-02-2026] [Analyzed] [V3.1 S7.5:HIGH] A Server-Side Request Forgery (SSRF) vulnerability, achievable through an XML External Entity (XXE) injection, exists in MetInfo Content Management System (CMS) thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the server to initiate an HTTP request to an arbitrary internal or external network address. Successful exploitation could lead to internal network reconnaissance, port scanning, or the retrieval of sensitive information. The vulnerability may be present in the backend API called by or associated with the path `/admin/#/webset/?head_tab_active=0`, where user-provided XML data is processed.

[CVE-2022-50589] [Modified: 24-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code.

[CVE-2022-50590] [Modified: 24-11-2025] [Analyzed] [V3.1 S5.3:MEDIUM] SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of the administrator.