[01/05/2026 22:51] Bombeiros confirmam quatro mortes por fortes chuvas; duas crianças estão entre as vítimas - Folha PE

[01/05/2026 19:16] Pentágono anuncia retirada de cerca de 5 mil soldados da Alemanha após chanceler Merz dizer que EUA foram 'humilhados' pelo Irã - O Globo

[01/05/2026 12:27] 1º de maio: Manifestação no Eixão Sul pede fim da jornada 6x1 - Correio Braziliense

[01/05/2026 10:47] Lula apoia Pacheco, mas veto a Messias ameaça aliança em Minas Gerais - Estado de Minas

[01/05/2026 22:17] Trump diz que EUA vão tomar o controle de Cuba 'quase imediatamente' - UOL Notícias

[01/05/2026 18:12] Débora do Batom pede redução de pena após queda de veto à dosimetria - CNN Brasil

[01/05/2026 19:31] Alerta máximo: cidades do Sul entram em zona de perigo com tempestade e ventos de 100 km/h - NSC Total

[01/05/2026 19:40] Von der Leyen agradece a Lula e líderes do Mercosul por acordo com a União Europeia - Brasil 247

[01/05/2026 07:59] Bolsonaro é internado em Brasília para cirurgia no ombro - Correio Braziliense

[01/05/2026 16:57] Ato bolsonarista na Paulista: extrema direita reserva avenida e entrega flop de 95 pessoas - Revista Fórum

[CVE-2025-15434] [Modified: 29-04-2026] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. The manipulation of the argument zpjhid results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15435] [Modified: 29-04-2026] [Analyzed] [V3.1 S7.3:HIGH] A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_update.jsp. This manipulation of the argument Report causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15436] [Modified: 29-04-2026] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/work_edit.jsp. Such manipulation of the argument Report leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15437] [Modified: 29-04-2026] [Analyzed] [V3.1 S3.5:LOW] A vulnerability was found in LigeroSmart up to 6.1.24. This affects an unknown part of the component Environment Variable Handler. Performing a manipulation of the argument REQUEST_URI results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could be used. Upgrading to version 6.1.26 and 6.3 is able to mitigate this issue. The patch is named 264ac5b2be5b3c673ebd8cb862e673f5d300d9a7. The affected component should be upgraded.

[CVE-2026-0546] [Modified: 29-04-2026] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was determined in code-projects Content Management System 1.0. This impacts an unknown function of the file search.php. This manipulation of the argument Value causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

[CVE-2026-0547] [Modified: 29-04-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used.

[CVE-2024-55374] [Modified: 12-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts.

[CVE-2025-15438] [Modified: 29-04-2026] [Analyzed] [V3.1 S4.7:MEDIUM] A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::__destruct of the file core/admin/medias.php of the component Media Management Module. Executing a manipulation of the argument File can lead to deserialization. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was informed early about this issue and announced that "[w]e fix this issue in the next version 5.8.23". A patch for it is ready.

[CVE-2025-44013] [Modified: 05-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

[CVE-2025-45286] [Modified: 07-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] A cross-site scripting (XSS) vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

[CVE-2025-47208] [Modified: 05-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later

[CVE-2025-52426] [Modified: 05-01-2026] [Analyzed] [V3.1 S4.9:MEDIUM] A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

[CVE-2025-52430] [Modified: 05-01-2026] [Analyzed] [V3.1 S4.9:MEDIUM] A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

[CVE-2025-52431] [Modified: 05-01-2026] [Analyzed] [V3.1 S4.9:MEDIUM] A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

[CVE-2025-52863] [Modified: 05-01-2026] [Analyzed] [V3.1 S8.1:HIGH] A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.0.3192 build 20250716 and later

[CVE-2025-52864] [Modified: 05-01-2026] [Analyzed] [V3.1 S8.1:HIGH] A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.0.3192 build 20250716 and later

[CVE-2025-52872] [Modified: 05-01-2026] [Analyzed] [V3.1 S8.1:HIGH] A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.0.3192 build 20250716 and later

[CVE-2025-53405] [Modified: 05-01-2026] [Analyzed] [V3.1 S4.9:MEDIUM] A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

[CVE-2025-53414] [Modified: 05-01-2026] [Analyzed] [V3.1 S4.9:MEDIUM] A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

[CVE-2025-53589] [Modified: 05-01-2026] [Analyzed] [V3.1 S4.9:MEDIUM] A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later