[07/02/2026 16:19] Lula chama eleição de "guerra" e diz que acabou o "Lulinha paz e amor" - Poder360

[07/02/2026 09:20] Lula afirma que vai ao encontro de Trump nos EUA para um diálogo 'sério, olho no olho e sem guerra' - Brasil 247

[07/02/2026 10:30] Chuva localmente forte a intensa em São Paulo, Rio de Janeiro e Minas Gerais - MetSul Meteorologia

[07/02/2026 11:00] Defesa Civil de SP alerta para risco de chuvas ‘fortes e persistentes’ - Jovem Pan

[07/02/2026 08:38] Alckmin justifica aliança com Lula por 'apreço pela democracia' - Revista Oeste

[07/02/2026 08:40] STJ condena escola a indenizar em R$ 1 milhão pai de aluna morta em excursão - O Globo

[07/02/2026 17:31] Estuprador foragido da Bahia é reconhecido por câmeras e preso em bloco de Carnaval de SP - R7

[07/02/2026 18:37] Temporal atinge BH no início da noite deste sábado (7/2) - Estado de Minas

[07/02/2026 21:08] Temporal chega com vento forte e granizo em SC após alerta da Defesa Civil - NSC Total

[07/02/2026 07:07] Caso Epstein: Bill e Hillary Clinton solicitam depoimento público no Congresso dos EUA - O Globo

[CVE-2025-11584] [Modified: 23-10-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability has been found in code-projects Online Job Search Engine 1.0. The affected element is an unknown function of the file /searchjob.php. The manipulation of the argument txtspecialization leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

[CVE-2025-11585] [Modified: 23-10-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

[CVE-2025-11586] [Modified: 20-10-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was determined in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/setNotUpgrade. This manipulation of the argument newVersion causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-11588] [Modified: 20-10-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was identified in CodeAstro Gym Management System 1.0. This impacts an unknown function of the file /customer/index.php. Such manipulation of the argument fullname leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.

[CVE-2025-11589] [Modified: 20-10-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.

[CVE-2025-61911] [Modified: 04-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of special characters when a crafted `list` or `dict` is supplied as the `assertion_value` parameter, and the non-default `escape_mode=1` is configured. The method `ldap.filter.escape_filter_chars` supports 3 different escaping modes. `escape_mode=0` (default) and `escape_mode=2` happen to raise exceptions when a `list` or `dict` object is supplied as the `assertion_value` parameter. However, `escape_mode=1` computes without performing adequate logic to ensure a fully escaped return value. If an application relies on the vulnerable method in the `python-ldap` library to escape untrusted user input, an attacker might be able to abuse the vulnerability to launch ldap injection attacks which could potentially disclose or manipulate ldap data meant to be inaccessible to them. Version 3.4.5 fixes the issue by adding a type check at the start of the `ldap.filter.escape_filter_chars` method to raise an exception when the supplied `assertion_value` parameter is not of type `str`.

[CVE-2025-61912] [Modified: 04-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP server (e.g., AD), resulting in a client-side denial of service. Version 3.4.5 contains a patch for the issue.

[CVE-2025-11626] [Modified: 03-12-2025] [Analyzed] [V3.1 S5.5:MEDIUM] MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service

[CVE-2025-8093] [Modified: 05-01-2026] [Analyzed] [V3.1 S8.8:HIGH] Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8.

[CVE-2025-9549] [Modified: 05-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.

[CVE-2025-9550] [Modified: 05-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.

[CVE-2025-9551] [Modified: 05-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0.

[CVE-2025-9552] [Modified: 05-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] Vulnerability in Drupal Synchronize composer.Json With Contrib Modules.This issue affects Synchronize composer.Json With Contrib Modules: *.*.

[CVE-2025-9553] [Modified: 05-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Vulnerability in Drupal API Key manager.This issue affects API Key manager: *.*.

[CVE-2025-9554] [Modified: 05-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Vulnerability in Drupal Owl Carousel 2.This issue affects Owl Carousel 2: *.*.

[CVE-2025-11590] [Modified: 20-10-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A weakness has been identified in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/equipment-entry.php. Executing manipulation of the argument ename can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.

[CVE-2025-54654] [Modified: 16-10-2025] [Analyzed] [V3.1 S6.2:MEDIUM] Permission control vulnerability in the Gallery module. Successful exploitation of this vulnerability may affect service confidentiality

[CVE-2025-58277] [Modified: 22-10-2025] [Analyzed] [V3.1 S4.0:MEDIUM] Permission verification bypass vulnerability in the Camera app. Successful exploitation of this vulnerability may affect service confidentiality.

[CVE-2025-58278] [Modified: 16-10-2025] [Analyzed] [V3.1 S6.2:MEDIUM] Identity authentication bypass vulnerability in the Gallery app. Successful exploitation of this vulnerability may affect service confidentiality.

[CVE-2025-58282] [Modified: 16-10-2025] [Analyzed] [V3.1 S2.8:LOW] Permission control vulnerability in the camera module. Successful exploitation of this vulnerability may affect service confidentiality.