[23/03/2026 18:50] Castro renuncia ao governo do Rio na véspera de julgamento no TSE, e presidente do TJ assume o cargo - O Globo

[23/03/2026 17:30] Ratinho Jr. fica no governo e desiste de candidatura à Presidência - Correio Braziliense

[23/03/2026 23:17] Avião militar cai na Colômbia com 125 pessoas a bordo - Poder360

[23/03/2026 22:14] Relator da CPMI do INSS: ‘Descobrimos uma rede de lavagem de quase R$ 40 bilhões’ - Revista Oeste

[23/03/2026 19:34] Rio de Janeiro, Santa Catarina e Pará: somente seis estados não atingiram meta de alfabetização; saiba quais - O Globo

[23/03/2026 12:02] Julgamento Henry Borel: defesa de Jairinho abandona Tribunal do Júri - CNN Brasil

[23/03/2026 21:15] Policial mata ex-namorada, comandante da Guarda de Vitória - Poder360

[23/03/2026 14:30] Qual efeito de apoios de Lula, Camilo, Cid, Tasso e Bolsonaro - O POVO

[23/03/2026 17:03] Moraes recebe Michelle após PGR recomendar prisão domiciliar para Bolsonaro: o que acontece agora? - BBC

[23/03/2026 19:50] STF autoriza mudança de cela de Vorcaro na PF após pedido da defesa Veja vídeo - Metrópoles

[CVE-2025-13586] [Modified: 02-12-2025] [Analyzed] [V3.1 S4.7:MEDIUM] A flaw has been found in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function of the file /Admin/changepassword.php. This manipulation of the argument txtconfirm_password causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

[CVE-2025-65493] [Modified: 01-12-2025] [Analyzed] [V3.1 S7.5:HIGH] NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL.

[CVE-2025-65494] [Modified: 01-12-2025] [Analyzed] [V3.1 S7.5:HIGH] NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL.

[CVE-2025-65495] [Modified: 01-12-2025] [Analyzed] [V3.1 S7.5:HIGH] Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter.

[CVE-2025-65496] [Modified: 01-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.

[CVE-2025-65497] [Modified: 01-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.

[CVE-2025-65498] [Modified: 01-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.

[CVE-2025-65499] [Modified: 01-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1.

[CVE-2025-65500] [Modified: 01-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.

[CVE-2025-65501] [Modified: 01-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL.

[CVE-2025-65502] [Modified: 12-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] Null pointer dereference in add_ca_certs() in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSL_CTX_get_cert_store() returns NULL.

[CVE-2025-65503] [Modified: 11-12-2025] [Analyzed] [V3.1 S5.5:MEDIUM] Use after free in endpoint destructors in Redboltz async_mqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction order between io_context and endpoint objects.

[CVE-2025-65998] [Modified: 26-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained access to the internal database content, to reconstruct the original cleartext password values. This is not affecting encrypted plain attributes, whose values are also stored using AES encryption. Users are recommended to upgrade to version 3.0.15 / 4.0.3, which fix this issue.

[CVE-2025-12978] [Modified: 28-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed access to these input endpoints can exploit this behavior to manipulate tags and redirect records to unintended destinations. This compromises the authenticity of ingested logs and can allow injection of forged data, alert flooding and routing manipulation.

[CVE-2025-10554] [Modified: 12-01-2026] [Analyzed] [V3.1 S8.7:HIGH] A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

[CVE-2025-56401] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.6:HIGH] ZIRA Group WBRM 7.0 is vulnerable to SQL Injection in referenceLookupsByTableNameAndColumnName.

[CVE-2025-56423] [Modified: 28-11-2025] [Analyzed] [V3.1 S5.3:MEDIUM] An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages

[CVE-2025-60632] [Modified: 01-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API.

[CVE-2025-60633] [Modified: 01-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm_SubscriberDataManagement API.

[CVE-2025-60638] [Modified: 01-12-2025] [Analyzed] [V3.1 S7.5:HIGH] An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability API.