[07/04/2026 12:54] Irã ameaça Oriente Médio com "escuridão total" se EUA atacarem usinas - CNN Brasil

[07/04/2026 07:14] Governo atualiza 'lista suja' do trabalho escravo e inclui Amado Batista e BYD - G1

[07/04/2026 10:38] Delação de Vorcaro caminha para ser 'do fim do mundo' - Revista Oeste

[07/04/2026 05:30] Daniela Lima: RJ: Ao usar renúncia para burlar TSE, Castro comprometeu eleição indireta - UOL Notícias

[07/04/2026 12:03] Com veto de China e Rússia, Conselho de Segurança da ONU rejeita uso da força para reabrir o Estreito de Ormuz - G1

[07/04/2026 08:21] Irã sofre novos ataques antes de ultimato de Trump - Correio do Povo

[07/04/2026 10:33] Juiz determina remoção de conteúdo que liga Flávio Bolsonaro a facção - Metrópoles

[07/04/2026 16:25] Governo do Rio antecipa datas para pagamento de servidores em novo calendário divulgado - Extra online

[07/04/2026 13:56] Rota do ciclone: chuvas e ventos severos prometem castigar essas regiões pelo país - NSC Total

[07/04/2026 10:22] Guerra de manifestos entre a esquerda gaúcha pressiona Lula por unificação - CartaCapital

[CVE-2025-14258] [Modified: 09-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /newsubject.php. The manipulation of the argument sub leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-65804] [Modified: 11-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE).

[CVE-2025-65231] [Modified: 17-12-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Barix Instreamer v04.06 and earlier is vulnerable to Cross Site Scripting (XSS) in the Web UI I/O & Serial configuration page, specifically the CTS close command user-input field which is stored and later rendered on the Status page.

[CVE-2025-65271] [Modified: 12-12-2025] [Analyzed] [V3.1 S8.8:HIGH] Client-side template injection (CSTI) in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render untrusted user input, potentially enabling privilege escalation to an administrative account. Fixed in Azuriom 1.2.7.

[CVE-2025-65548] [Modified: 15-12-2025] [Analyzed] [V3.1 S9.1:CRITICAL] NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell (cashubtc/nuts) before 0.18.0 do not validate the size of preimage when the token is spent. The preimage is stored by the mint and attacker can exploit this vulnerability to fill the mint's db nd disk with arbitrary data.

[CVE-2025-65230] [Modified: 17-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Barix Instreamer v04.06 and v04.05 contains a stored cross-site scripting (XSS) vulnerability in the Web UI Configuration Streaming Destination input.

[CVE-2025-65228] [Modified: 11-12-2025] [Analyzed] [V3.1 S3.5:LOW] A stored cross-site scripting vulnerability exists in the web management interface of the R.V.R. Elettronica TLK302T telemetry controller (firmware 1.5.1799).

[CVE-2025-12635] [Modified: 11-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site.

[CVE-2025-12832] [Modified: 10-12-2025] [Analyzed] [V3.1 S4.6:MEDIUM] IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

[CVE-2025-33111] [Modified: 10-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks.

[CVE-2025-36015] [Modified: 10-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow an authenticated user to cause a denial of service due to improper validation of a specified quantity size input.

[CVE-2025-36017] [Modified: 10-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables files which can be obtained by an authenticated user.

[CVE-2025-36102] [Modified: 10-12-2025] [Analyzed] [V3.1 S2.7:LOW] IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security.

[CVE-2025-62408] [Modified: 02-02-2026] [Analyzed] [V3.1 S5.9:MEDIUM] c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.

[CVE-2025-64650] [Modified: 10-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files.

[CVE-2025-36140] [Modified: 10-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.

[CVE-2025-64497] [Modified: 10-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to access file release system information in projects they do not have access to. This issue is fixed in version 17.0.99.1762431347 of the Tuleap Community Edition and versions 17.0-2, 16.13-7 and 16.12-10 of Tuleap Enterprise Edition.

[CVE-2025-64498] [Modified: 10-12-2025] [Analyzed] [V3.1 S4.6:MEDIUM] Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. This issue is fixed in version Tuleap Community Edition version 17.0.99.1762444754 and Tuleap Enterprise Edition versions 17.0-2, 16.13-7 and 16.12-10.

[CVE-2025-64499] [Modified: 10-12-2025] [Analyzed] [V3.1 S4.6:MEDIUM] Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API. Attackers have access to create, edit or remove plans. This issue is fixed in Tuleap Community Edition version 17.0.99.1762456922 and Tuleap Enterprise Edtion versions 17.0-2, 16.13-7 and 16.12-10.

[CVE-2025-64760] [Modified: 10-12-2025] [Analyzed] [V3.1 S4.6:MEDIUM] Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to create or remove tracker triggers. This issue is fixed in Tuleap Community Edition version 17.0.99.1763126988 and Tuleap Enterprise Edition versions 17.0-3 and 16.13-8.