[23/04/2026 20:45] Justiça decreta prisão preventiva de MC Ryan SP, Poze e outros investigados - UOL Notícias

[22/04/2026 21:38] Lula dá parabéns a Andrei por retirar credenciais de agente dos EUA - Poder360

[23/04/2026 19:29] Frente fria que muda o tempo está associada a um grande ciclone no Atlântico - MetSul Meteorologia

[24/04/2026 00:51] Lula realizará ceratose na cabeça; entenda procedimento - Correio Braziliense

[23/04/2026 13:58] Kataguiri defende escala 6x1: ‘Trabalhador vai enxergar que foi enganado’ - Estado de Minas

[23/04/2026 23:21] TSE publica acórdão sobre Castro; ex-governador não teve mandato cassado - CNN Brasil

[23/04/2026 23:36] Morre Lúcio Brasileiro, jornalista diário mais antigo do mundo - O POVO

[23/04/2026 16:52] Gaspar faz exame de DNA após ter sido chamado de "estuprador" - Poder360

[23/04/2026 17:34] UFMG se posiciona após pancadaria entre alunos e candidatos bolsonaristas - Estado de Minas

[23/04/2026 17:55] Baleado pelo pai e condenado por atropelamento: saiba quem era o suspeito de matar miss baiana no Rio - Jornal Correio

[CVE-2025-15074] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /customer_details.php. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

[CVE-2025-15075] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A security flaw has been discovered in itsourcecode Student Management System 1.0. This issue affects some unknown processing of the file /student_p.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.

[CVE-2025-15077] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A security vulnerability has been detected in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /form137.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

[CVE-2025-15078] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was detected in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /list_report.php. The manipulation of the argument sy results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.

[CVE-2025-32095] [Modified: 05-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.

[CVE-2025-32096] [Modified: 05-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.

[CVE-2025-48704] [Modified: 05-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service.

[CVE-2025-49088] [Modified: 05-01-2026] [Analyzed] [V3.1 S5.9:MEDIUM] Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.

[CVE-2025-59683] [Modified: 05-01-2026] [Analyzed] [V3.1 S8.2:HIGH] Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of service.

[CVE-2025-66377] [Modified: 05-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes within the installation.

[CVE-2025-66378] [Modified: 05-01-2026] [Analyzed] [V3.1 S5.9:MEDIUM] Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node.

[CVE-2025-66379] [Modified: 05-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service.

[CVE-2025-66443] [Modified: 05-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service.

[CVE-2025-15082] [Modified: 20-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15083] [Modified: 20-01-2026] [Analyzed] [V3.1 S2.0:LOW] A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to on-chip debug and test interface with improper access control. The physical device can be targeted for the attack. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15084] [Modified: 31-12-2025] [Analyzed] [V3.1 S3.1:LOW] A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15085] [Modified: 31-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-68935] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.4:MEDIUM] ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.

[CVE-2025-68936] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.4:MEDIUM] ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.

[CVE-2025-15086] [Modified: 31-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.