[17/03/2026 06:19] Israel afirma que chefe da Segurança do Irã, Ali Larijani, e comandante da milícia Basij foram mortos em ataques - O Globo

[17/03/2026 18:34] STF condena deputados do PL acusados de desviar emendas - Poder360

[17/03/2026 15:52] Rockstar Games suspende venda no Brasil por causa da Lei Felca - Revista Oeste

[17/03/2026 16:10] Guerra no Irã: diretor de combate ao terrorismo no governo dos EUA se demite e aconselha Trump a 'reverter curso' - BBC

[17/03/2026 08:08] Carlos Viana confirma vídeos íntimos em celular de Vorcaro - Estado de Minas

[17/03/2026 21:04] Polícia conclui inquérito sobre morte de PM; coronel será indiciado - CNN Brasil

[17/03/2026 19:41] Desembargador derruba decisão e autoriza governo do DF a usar imóveis para capitalizar o BRB - O Globo

[17/03/2026 19:18] Lula visita Minas nesta sexta e deve ser acompanhado por Pacheco - Estado de Minas

[17/03/2026 15:09] Quebra de sigilos esvazia suspeitas e Planalto vê Lulinha fora do escândalo do INSS - CartaCapital

[17/03/2026 20:55] Crise no STF: Fachin estaria isolado e com desgaste interno - Estado de Minas

[CVE-2025-6599] [Modified: 16-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected.

[CVE-2025-8693] [Modified: 15-12-2025] [Analyzed] [V3.1 S8.8:HIGH] A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating system (OS) commands on an affected device.

[CVE-2025-48593] [Modified: 19-11-2025] [Analyzed] [V3.1 S8.0:HIGH] In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

[CVE-2025-26391] [Modified: 24-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account.

[CVE-2025-40545] [Modified: 24-11-2025] [Analyzed] [V3.1 S4.8:MEDIUM] SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.

[CVE-2025-40547] [Modified: 02-12-2025] [Analyzed] [V3.1 S9.1:CRITICAL] A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.

[CVE-2025-40548] [Modified: 02-12-2025] [Analyzed] [V3.1 S9.1:CRITICAL] A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.

[CVE-2025-40549] [Modified: 02-12-2025] [Analyzed] [V3.1 S9.1:CRITICAL] A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences in how paths and home directories are handled.

[CVE-2025-41346] [Modified: 19-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker could compromise another user's account, thereby affecting the confidentiality, integrity, and availability of the data stored in the application.

[CVE-2025-41347] [Modified: 19-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'.

[CVE-2025-41733] [Modified: 21-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials.

[CVE-2025-41734] [Modified: 21-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.

[CVE-2025-41735] [Modified: 21-11-2025] [Analyzed] [V3.1 S8.8:HIGH] A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.

[CVE-2025-41736] [Modified: 21-11-2025] [Analyzed] [V3.1 S8.8:HIGH] A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution.

[CVE-2025-41737] [Modified: 21-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules.

[CVE-2025-13343] [Modified: 20-11-2025] [Analyzed] [V3.1 S3.5:LOW] A security flaw has been discovered in SourceCodester Interview Management System 1.0. Affected is an unknown function of the file /editQuestion.php. The manipulation of the argument Question results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.

[CVE-2025-13344] [Modified: 19-11-2025] [Analyzed] [V3.1 S7.3:HIGH] A weakness has been identified in SourceCodester Train Station Ticketing System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=login. This manipulation of the argument Username causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.

[CVE-2025-13345] [Modified: 19-11-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A security vulnerability has been detected in SourceCodester Train Station Ticketing System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_ticket. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

[CVE-2025-41348] [Modified: 19-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the parameters 'val1' and 'cont in '/WinplusPortal/ws/sWinplus.svc/json/getacumper_post'.

[CVE-2025-41349] [Modified: 19-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'descripcion' parameter in '/WinplusPortal/ws/sWinplus. svc/json/savesolpla_post'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.