[09/01/2026 16:07] Após ser chamado de próximo alvo por Trump, presidente da Colômbia, Gustavo Petro, deve ir à Casa Branca em fevereiro - G1

[09/01/2026 15:29] VÍDEO: Novas imagens feitas por agente do ICE mostram momento em que mulher é morta a tiros em Minneapolis - G1

[09/01/2026 12:45] Incêndio na Suíça: dono de estação de esqui é detido após tragédia que deixou 40 mortos - BBC

[09/01/2026 06:57] Veto de Lula à redução de penas por atos antidemocráticos divide governo e oposição - Senado Federal

[09/01/2026 09:22] Atenção Meteorológica SDC/SC 09/01 09:20 - Temporais com chuva pontualmente intensa entre a sexta-feira (09) e a madrugada de domingo (11) - Secretaria de Estado da Proteção e Defesa Civil

[09/01/2026 11:29] Presidente Lula vai reajustar piso do magistério acima da inflação, afirma ministro da Educação - APP-Sindicato

[09/01/2026 11:33] Governo começa a renovar CNH para 'bons condutores' de forma automática e gratuita - G1

[09/01/2026 00:01] Lula quer usar saída de Lewandowski para destravar indicação de ‘Bessias’ ao STF - Diário do Poder - Diário do Poder

[09/01/2026 11:27] A 10 dias do Sisu, Inep não confirma data de divulgação das notas do Enem 2025 - G1

[09/01/2026 18:45] Tio e ex-tutor de Andreas von Richthofen é encontrado morto em casa em SP - G1

[CVE-2025-36222] [Modified: 02-10-2025] [Analyzed] [V3.1 S8.7:HIGH] IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions.

[CVE-2025-10271] [Modified: 02-10-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability was found in erjinzhi 10OA 1.0. This impacts an unknown function of the file /trial/mvc/finder. The manipulation of the argument Name results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-10272] [Modified: 02-10-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability was determined in erjinzhi 10OA 1.0. Affected is an unknown function of the file /trial/mvc/catalogue. This manipulation of the argument Name causes cross site scripting. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-10273] [Modified: 02-10-2025] [Analyzed] [V3.1 S3.5:LOW] A vulnerability was identified in erjinzhi 10OA 1.0. Affected by this vulnerability is an unknown functionality of the file /view/file.aspx. Such manipulation of the argument File leads to path traversal. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-10274] [Modified: 02-10-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A security flaw has been discovered in erjinzhi 10OA 1.0. Affected by this issue is some unknown functionality of the file /trial/mvc/item. Performing manipulation of the argument Name results in cross site scripting. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-10275] [Modified: 14-11-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-55319] [Modified: 24-09-2025] [Analyzed] [V3.1 S8.8:HIGH] Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.

[CVE-2025-58754] [Modified: 24-10-2025] [Analyzed] [V3.1 S7.5:HIGH] Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: 'stream'`. Versions 0.30.2 and 1.12.0 contain a patch for the issue.

[CVE-2025-10276] [Modified: 14-11-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A security vulnerability has been detected in YunaiV ruoyi-vue-pro up to 2025.09. This vulnerability affects unknown code of the file /crm/contract/transfer. The manipulation of the argument id/newOwnerUserId leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-10277] [Modified: 14-11-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was detected in YunaiV yudao-cloud up to 2025.09. This issue affects some unknown processing of the file /crm/receivable/submit. The manipulation of the argument ID results in improper authorization. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-43788] [Modified: 16-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] The organization selector in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q1.1 through 2024.Q1.12 and 7.4 update 81 through update 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations.

[CVE-2025-43789] [Modified: 23-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 published to OSGi are registered and invoked directly as classes which allows Service Access Policies get executed.

[CVE-2025-10278] [Modified: 14-11-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A flaw has been found in YunaiV ruoyi-vue-pro up to 2025.09. Impacted is an unknown function of the file /crm/contact/transfer. This manipulation of the argument ids/newOwnerUserId causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-10094] [Modified: 20-09-2025] [Analyzed] [V3.1 S6.5:MEDIUM] An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access to token listings and related administrative operations by creating tokens with excessively large names.

[CVE-2025-10291] [Modified: 31-10-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A weakness has been identified in linlinjava litemall up to 1.8.0. This affects the function WxAftersaleController of the file /wx/aftersale/cancel. Executing manipulation of the argument ID can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-1250] [Modified: 20-09-2025] [Analyzed] [V3.1 S6.5:MEDIUM] An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or notes.

[CVE-2025-2256] [Modified: 20-09-2025] [Analyzed] [V3.1 S7.5:HIGH] An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed unauthorized users to render the GitLab instance unresponsive to legitimate users by sending multiple concurrent large SAML responses.

[CVE-2025-6454] [Modified: 20-09-2025] [Analyzed] [V3.1 S8.5:HIGH] An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences.

[CVE-2025-6769] [Modified: 20-09-2025] [Analyzed] [V3.1 S4.3:MEDIUM] An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view administrator-only maintenance notes by accessing runner details through specific interfaces.

[CVE-2025-7337] [Modified: 20-09-2025] [Analyzed] [V3.1 S6.5:MEDIUM] An issue has been discovered in GitLab CE/EE affecting all versions from 7.8 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user with Developer-level access to cause a persistent denial of service affecting all users on a GitLab instance by uploading large files.