[26/04/2026 09:46] Lula presta solidariedade a Trump após ataque em Washington - Correio Braziliense

[26/04/2026 10:36] Ciclone cria rota de perigo e deixa 4 estados em alerta para granizo e ventos de 100 km/h - NSC Total

[26/04/2026 08:27] Perícia revela 67 facadas no corpo da estudante de medicina brasileira morta no Paraguai - O Globo

[26/04/2026 04:45] Dosimetria: O que muda para Bolsonaro e condenados do 8/1 se veto cair - CNN Brasil

[25/04/2026 10:36] PT prepara alianças para reeleição de Lula em congresso nacional - Correio Braziliense

[26/04/2026 07:15] México diz que agentes dos EUA mortos em operação não tinham autorização para atuar no país - G1

[26/04/2026 08:00] Terras raras: Lula evoca soberania nacional e faz alerta aos EUA em fala que pode incendiar tensão global - Revista Sociedade Militar

[25/04/2026 18:13] Zema volta a criticar Gilmar e Moraes em vídeo que cita suposta relação com Vorcaro - Gazeta do Povo

[26/04/2026 10:26] Polícia investiga corpo de mulher encontrado decapitado em parque de BH - G1

[25/04/2026 23:00] Empresa da família Vorcaro movimentou R$ 1 bi em possível tentativa de esconder dinheiro, diz relatório - Folha de S.Paulo

[CVE-2025-54322] [Modified: 09-01-2026] [Analyzed] [V3.1 S10.0:CRITICAL] Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used.

[CVE-2025-14177] [Modified: 08-01-2026] [Analyzed] [V3.1 S7.5:HIGH] In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.

[CVE-2025-14180] [Modified: 09-01-2026] [Analyzed] [V3.1 S7.5:HIGH] In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.

[CVE-2025-68972] [Modified: 09-01-2026] [Analyzed] [V3.1 S5.9:MEDIUM] In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.

[CVE-2025-15118] [Modified: 07-01-2026] [Analyzed] [V3.1 S4.3:MEDIUM] A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

[CVE-2025-15119] [Modified: 07-01-2026] [Analyzed] [V3.1 S3.1:LOW] A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15120] [Modified: 30-12-2025] [Analyzed] [V3.1 S3.1:LOW] A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRoleList. This manipulation of the argument departId causes improper authorization. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15121] [Modified: 30-12-2025] [Analyzed] [V3.1 S2.4:LOW] A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15122] [Modified: 30-12-2025] [Analyzed] [V3.1 S3.1:LOW] A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId results in improper authorization. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15123] [Modified: 30-12-2025] [Analyzed] [V3.1 S3.1:LOW] A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15124] [Modified: 30-12-2025] [Analyzed] [V3.1 S3.1:LOW] A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. The attack's complexity is rated as high. The exploitability is said to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15125] [Modified: 30-12-2025] [Analyzed] [V3.1 S3.1:LOW] A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file /sys/permission/queryDepartPermission. The manipulation of the argument departId results in improper authorization. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15126] [Modified: 30-12-2025] [Analyzed] [V3.1 S3.1:LOW] A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the file /sys/position/getPositionUserList. This manipulation of the argument positionId causes improper authorization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15127] [Modified: 08-03-2026] [Analyzed] [V3.1 S7.3:HIGH] A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15131] [Modified: 07-01-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure.

[CVE-2025-15132] [Modified: 07-01-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2_api_open of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.

[CVE-2025-15133] [Modified: 07-01-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.

[CVE-2025-15136] [Modified: 07-01-2026] [Analyzed] [V3.1 S8.8:HIGH] A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function do_setWizard_asp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15137] [Modified: 07-01-2026] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function sub_F934  of the file NTPSyncWithHost.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15138] [Modified: 31-12-2025] [Analyzed] [V3.1 S4.7:MEDIUM] A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.