[24/04/2026 13:38] Moraes determina prisão domiciliar definitiva para ex-diretora da PF - Revista Oeste

[24/04/2026 14:06] Zanin decide que presidente do TJ deve ser mantido como governador do Rio mesmo após eleição de Ruas na Alerj - O GLOBO

[24/04/2026 14:51] Maioria da 2ª Turma do STF mantém a prisão de ex-presidente do BRB no Caso Master - CartaCapital

[24/04/2026 18:51] Nikolas diz que Jair Renan tem capacidade cognitiva de "toupeira cega" - CNN Brasil

[24/04/2026 12:35] Zampolli, amigo de Trump que pediu para deportar ex-mulher, diz que brasileiras são prostitutas - Estadão

[23/04/2026 13:58] Kataguiri defende escala 6x1: ‘Trabalhador vai enxergar que foi enganado’ - Estado de Minas

[24/04/2026 11:16] El Niño deve retornar em maio com impacto no clima, diz agência da ONU - Agência Brasil

[24/04/2026 12:24] Gilmar pede desculpas por citar homossexualidade ao mencionar falas de Zema - Estado de Minas

[24/04/2026 14:11] Câncer basocelular, como o de Lula, é comum e tem alta taxa de cura - Poder360

[24/04/2026 15:09] Ex-vereador de Januária morre em acidente com caminhão-tanque na BR-135 - Estado de Minas

[CVE-2025-15086] [Modified: 31-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15089] [Modified: 31-12-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. This affects the function strcpy of the file /goform/APSecurity. The manipulation of the argument wepkey1 leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-15090] [Modified: 31-12-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This vulnerability affects the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.

[CVE-2025-15091] [Modified: 31-12-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was determined in UTT 进取 512W up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/formPictureUrl. This manipulation of the argument importpictureurl causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-15092] [Modified: 31-12-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was identified in UTT 进取 512W up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/ConfigExceptMSN. Such manipulation of the argument remark leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

[CVE-2025-68938] [Modified: 02-01-2026] [Analyzed] [V3.1 S4.3:MEDIUM] Gitea before 1.25.2 mishandles authorization for deletion of releases.

[CVE-2025-68939] [Modified: 02-01-2026] [Analyzed] [V3.1 S8.2:HIGH] Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.

[CVE-2025-68940] [Modified: 02-01-2026] [Analyzed] [V3.1 S3.1:LOW] In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.

[CVE-2025-68941] [Modified: 02-01-2026] [Analyzed] [V3.1 S4.9:MEDIUM] Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.

[CVE-2025-68942] [Modified: 02-01-2026] [Analyzed] [V3.1 S5.4:MEDIUM] Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.

[CVE-2025-15099] [Modified: 08-01-2026] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNAL_API_SECRET leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is e359dc2946b12ed5e45a0ec9c95ecf91bd18502a. Applying a patch is the recommended action to fix this issue.

[CVE-2025-68943] [Modified: 31-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.

[CVE-2025-68944] [Modified: 31-12-2025] [Analyzed] [V3.1 S5.0:MEDIUM] Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.

[CVE-2025-68945] [Modified: 31-12-2025] [Analyzed] [V3.1 S5.8:MEDIUM] In Gitea before 1.21.2, an anonymous user can visit a private user's project.

[CVE-2025-52598] [Modified: 16-01-2026] [Analyzed] [V3.1 S3.7:LOW] Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

[CVE-2025-52599] [Modified: 07-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

[CVE-2025-52600] [Modified: 07-01-2026] [Analyzed] [V3.1 S7.2:HIGH] Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in camera video analytics that Improper input validation. This vulnerability could allow an attacker to execute specific commands on the user's host PC.The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

[CVE-2025-52601] [Modified: 07-01-2026] [Analyzed] [V3.1 S7.8:HIGH] Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

[CVE-2025-68946] [Modified: 31-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS.

[CVE-2025-8075] [Modified: 07-01-2026] [Analyzed] [V3.1 S5.4:MEDIUM] Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.