[27/04/2026 06:27] A disputa pela Presidência no 1º turno, segundo nova pesquisa Nexus - CartaCapital

[27/04/2026 08:00] Quaest: Intenção de voto para governador no RJ - 1º turno - G1

[26/04/2026 18:36] O que se sabe sobre Cole Allen, atirador do jantar de Trump - Poder360

[27/04/2026 01:14] SC deve “congelar” com chegada de massa de ar frio e temperaturas abaixo de 5ºC - NSC Total

[26/04/2026 03:31] Mapa do Crime revela endereços recordistas de roubos em São Paulo: rua boêmia em Pinheiros, estádio da Portuguesa e avenida alvo da gangue 'quebra-vidros' lideram; veja lista - O Globo

[26/04/2026 23:00] Gilmar briga com fantoches - Folha de S.Paulo

[26/04/2026 20:13] Alexadre de Moraes autoriza prisão domiciliar para idosos condenados pelo 8/1, incluindo Fátima de Tubarão - O Globo

[27/04/2026 07:39] Cratera se abre na CE-025 em Aquiraz e deixa vítimas - Diário do Nordeste

[27/04/2026 06:12] Fogo na BR-381: carreta incendeia e interdita rodovia em MG; veja o vídeo - Estado de Minas

[27/04/2026 07:05] PM é morto pela polícia após confusão por som alto que teve dois mortos e ferido em Nova Lima - Rádio Itatiaia

[CVE-2025-15131] [Modified: 07-01-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure.

[CVE-2025-15132] [Modified: 07-01-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2_api_open of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.

[CVE-2025-15133] [Modified: 07-01-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.

[CVE-2025-15136] [Modified: 07-01-2026] [Analyzed] [V3.1 S8.8:HIGH] A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function do_setWizard_asp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15137] [Modified: 07-01-2026] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function sub_F934  of the file NTPSyncWithHost.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15138] [Modified: 31-12-2025] [Analyzed] [V3.1 S4.7:MEDIUM] A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15139] [Modified: 07-01-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub_43ACF4  of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15145] [Modified: 07-01-2026] [Analyzed] [V3.1 S2.4:LOW] A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. This affects the function doTotalList of the file src/main/java/com/sohu/cache/web/controller/TotalManageController.java. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

[CVE-2025-15146] [Modified: 07-01-2026] [Analyzed] [V3.1 S2.4:LOW] A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This impacts the function doUserList of the file src/main/java/com/sohu/cache/web/controller/UserManageController.java. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

[CVE-2025-15150] [Modified: 31-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability was found in PX4 PX4-Autopilot up to 1.16.0. Affected by this issue is the function MavlinkLogHandler::state_listing/MavlinkLogHandler::log_entry_from_id of the file src/modules/mavlink/mavlink_log_handler.cpp. The manipulation results in stack-based buffer overflow. The attack is only possible with local access. The patch is identified as 338595edd1d235efd885fd5e9f45e7f9dcf4013d. It is best practice to apply a patch to resolve this issue.

[CVE-2025-15154] [Modified: 30-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

[CVE-2025-15155] [Modified: 06-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability was detected in floooh sokol up to 16cbcc864012898793cd2bc57f802499a264ea40. The impacted element is the function _sg_pipeline_desc_defaults in the library sokol_gfx.h. The manipulation results in stack-based buffer overflow. The attack requires a local approach. The exploit is now public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is identified as 5d11344150973f15e16d3ec4ee7550a73fb995e0. It is advisable to implement a patch to correct this issue.

[CVE-2025-15160] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.2:HIGH] A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-15163] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.2:HIGH] A vulnerability was identified in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

[CVE-2025-15165] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability has been found in itsourcecode Online Cake Ordering System 1.0. The impacted element is an unknown function of the file /updatecustomer.php?action=edit. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-15166] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown function of the file /updatesupplier.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.

[CVE-2025-15167] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was determined in itsourcecode Online Cake Ordering System 1.0. This impacts an unknown function of the file /detailtransac.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-15168] [Modified: 09-01-2026] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was identified in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /statistical.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.

[CVE-2025-52691] [Modified: 27-01-2026] [Analyzed] [V3.1 S10.0:CRITICAL] Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

[CVE-2025-15170] [Modified: 07-01-2026] [Analyzed] [V3.1 S4.3:MEDIUM] A security vulnerability has been detected in Advaya Softech GEMS ERP Portal up to 2.1. This affects an unknown part of the file /home.jsp?isError=true of the component Error Message Handler. The manipulation of the argument Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.