[25/04/2024 21:25] Pacheco critica o governo Lula e convoca reunião de líderes após Zanin suspender desoneração da folha - CartaCapital

[25/04/2024 21:06] Reforma tributária se compara com implementação do Plano Real no Brasil, diz Haddad - CNN Brasil

[25/04/2024 22:12] Governo aprova reajuste de 52% em auxílio-alimentação de servidores - CNN Brasil

[25/04/2024 19:53] Suspeita de invadir casa e matar 2 em MT sorriu e apontou arma para câmera após o crime; veja vídeo - UOL

[25/04/2024 18:41] Após morte do cachorro Joca, governo anuncia política de Transporte Aéreo de Animais - R7

[25/04/2024 21:08] Entenda a história de mãe e filha que moram, há três meses, dentro McDonald's - O Tempo

[25/04/2024 19:11] Governo vai tributar bebidas por teor alcoólico; ‘imposto do pecado’ será maior na vodca que na cerveja - G1

[26/04/2024 00:01] IBGE desmente lorota de Marina sobre ‘120 milhões passando fome’ no Brasil - Diário do Poder

[25/04/2024 11:52] Polícia Civil pede prisão de motorista de Porsche pela 3ª vez - Correio Braziliense

[25/04/2024 20:05] Lira denuncia Felipe Neto por ter sido chamado de 'excrementíssimo' - Estado de Minas

[CVE-2023-6497] [Modified: 01-02-2024] [Analyzed] [V3.1 S4.8:MEDIUM] The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

[CVE-2024-0664] [Modified: 01-02-2024] [Analyzed] [V3.1 S4.8:MEDIUM] The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

[CVE-2024-0667] [Modified: 01-02-2024] [Analyzed] [V3.1 S6.3:MEDIUM] The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. This is due to missing or incorrect nonce validation on the 'execute' function. This makes it possible for unauthenticated attackers to execute arbitrary methods in the 'BoosterController' class via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

[CVE-2024-0697] [Modified: 01-02-2024] [Analyzed] [V3.1 S4.9:MEDIUM] The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information.

[CVE-2024-0824] [Modified: 01-02-2024] [Analyzed] [V3.1 S5.4:MEDIUM] The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

[CVE-2023-48201] [Modified: 01-02-2024] [Analyzed] [V3.1 S5.4:MEDIUM] Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component.

[CVE-2023-48202] [Modified: 01-02-2024] [Analyzed] [V3.1 S5.4:MEDIUM] Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component.

[CVE-2024-0618] [Modified: 01-02-2024] [Analyzed] [V3.1 S4.8:MEDIUM] The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

[CVE-2024-0958] [Modified: 11-04-2024] [Modified] [V3.1 S5.4:MEDIUM] A vulnerability was found in CodeAstro Stock Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php of the component Add Category Handler. The manipulation of the argument Category Name/Category Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252203.

[CVE-2024-22860] [Modified: 02-02-2024] [Analyzed] [V3.1 S9.8:CRITICAL] Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.