[10/03/2026 20:23] Senado aprova criação de 17,5 mil cargos no Executivo - Correio Braziliense

[10/03/2026 23:42] TSE tem 2 a 0 para cassar Castro e Bacellar; Nunes Marques pede vista - Poder360

[10/03/2026 18:42] PCC e CV: a nova declaração do governo Trump que preocupa Lula - BBC

[10/03/2026 22:00] Moraes autoriza visita de assessor de Trump a Bolsonaro na prisão - CNN Brasil

[10/03/2026 15:55] Deputados do PL protocolam pedido de CPI na CLDF para investigar caso BRB-Master - Correio Braziliense

[10/03/2026 15:34] Tenente-coronel foi proibido de entrar no prédio onde esposa PM foi achada morta - O Globo

[10/03/2026 20:32] Mendonça desobriga ex-sócio de Vorcaro no Master de depor à CPMI - Metrópoles

[10/03/2026 17:50] Moraes, Toffoli, Gonet: quem participou de degustação de uísque bancada por Vorcaro em Londres - Gazeta do Povo

[10/03/2026 18:37] Pré-candidatos ao governo de Minas comentam pesquisa - Estado de Minas

[10/03/2026 19:11] Ausência de Lula na posse de Kast é irrelevante, diz Flávio - Poder360

[CVE-2025-11996] [Modified: 22-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] The Find Unused Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the fui_delete_image() and fui_delete_all_images() functiosn in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to delete all of a site's attachments.

[CVE-2025-12019] [Modified: 22-12-2025] [Analyzed] [V3.1 S4.4:MEDIUM] The Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image metadata in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

[CVE-2025-4645] [Modified: 24-11-2025] [Analyzed] [V3.1 S6.7:MEDIUM] An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

[CVE-2025-5452] [Modified: 24-11-2025] [Analyzed] [V3.1 S6.6:MEDIUM] A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

[CVE-2025-5454] [Modified: 24-11-2025] [Analyzed] [V3.1 S6.4:MEDIUM] An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

[CVE-2025-5718] [Modified: 24-11-2025] [Analyzed] [V3.1 S6.8:MEDIUM] The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

[CVE-2025-6298] [Modified: 21-01-2026] [Analyzed] [V3.1 S6.7:MEDIUM] ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

[CVE-2025-6779] [Modified: 24-11-2025] [Analyzed] [V3.1 S6.7:MEDIUM] An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

[CVE-2025-8108] [Modified: 24-11-2025] [Analyzed] [V3.1 S6.7:MEDIUM] An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

[CVE-2025-5317] [Modified: 08-12-2025] [Analyzed] [V3.1 S5.5:MEDIUM] An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the application directory (/Applications/Endpoint Security for Mac.app/) and the related directories within /Library/Bitdefender/AVP without needing the uninstall password.

[CVE-2025-7429] [Modified: 21-11-2025] [Analyzed] [V3.1 S7.3:HIGH] Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report.

[CVE-2017-20210] [Modified: 14-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research.

[CVE-2025-7430] [Modified: 21-11-2025] [Analyzed] [V3.1 S7.3:HIGH] Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report.

[CVE-2025-7632] [Modified: 21-11-2025] [Analyzed] [V3.1 S7.3:HIGH] Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report.

[CVE-2025-7633] [Modified: 24-11-2025] [Analyzed] [V3.1 S7.3:HIGH] Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report.

[CVE-2025-41101] [Modified: 17-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in'/projects/save'.

[CVE-2025-41102] [Modified: 17-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/events/save'.

[CVE-2025-41103] [Modified: 17-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'reply_message' in '/messages/reply'.

[CVE-2025-41104] [Modified: 17-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'custom_field_1' in '/estimate_requests/save_estimate_request'.

[CVE-2025-41105] [Modified: 17-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/tickets/save'.