[06/03/2026 23:58] 'Sicário' de Vorcaro morre no hospital, diz advogado - G1

[06/03/2026 14:45] Homem é preso após matar filho da ex-namorada, estuprá-la e atacar a mãe dela - O Globo

[06/03/2026 11:20] Réu por morte do advogado Rodrigo Crespo diz que foi contratado por marido traído - G1

[06/03/2026 09:37] De sugar baby a ex-bailarina do Faustão: quem são as mulheres citadas no celular de Vorcaro - ND Mais

[06/03/2026 20:16] EUA realizam operações letais no Equador, diz exército - CNN Brasil

[06/03/2026 21:18] Guarda Revolucionária desafia Trump a escoltar navios no Estreito de Hormuz - UOL Notícias

[06/03/2026 22:45] "Não adianta simplesmente querer tirar o PT do poder", diz Leite - O Antagonista

[06/03/2026 23:50] Nikolas pede prisão de Moraes por troca de mensagens com banqueiro - Revista Oeste

[06/03/2026 16:06] Personal que ficou com 80% do corpo queimado após explosão morre no PR - UOL Notícias

[06/03/2026 07:38] Frente fria com força "acima do normal" se aproxima do Brasil e terá potencial para atingir regiões do Nordeste - Brasil 247

[CVE-2025-64187] [Modified: 04-12-2025] [Analyzed] [V3.1 S4.4:MEDIUM] OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully convinces a victim to print a specially crafted file could exploit this issue to disrupt ongoing prints, extract information (including sensitive configuration settings, if the targeted user has the necessary permissions for that), or perform other actions on behalf of the targeted user within the OctoPrint instance. This issue is fixed in version 1.11.4.

[CVE-2025-64328] [Modified: 24-02-2026] [Analyzed] [V3.1 S7.2:HIGH] FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to obtain remote access to the system as an asterisk user. This issue is fixed in version 17.0.3.

[CVE-2025-4519] [Modified: 04-12-2025] [Analyzed] [V3.1 S8.8:HIGH] The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_password() function in versions 2.1.5 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to initiate a password reset for any user (including administrators) and elevate their privileges for full site takeover.

[CVE-2025-4522] [Modified: 04-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin_post_donor_delete() function in versions 2.0.0 to 2.1.9. By supplying an arbitrary user_id parameter value to the wp_delete_user() function, authenticated attackers, with Subscriber-level access and above could delete arbitrary user accounts, including those of administrators.

[CVE-2025-64329] [Modified: 31-12-2025] [Analyzed] [V3.1 S5.5:MEDIUM] containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.

[CVE-2025-64336] [Modified: 05-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Photos feature is vulnerable to stored Cross-site Scripting (XSS). An authenticated regular user can upload a photo with a malicious Photo Title containing HTML/JavaScript code. While the payload does not execute in the user-facing photo gallery or detail pages, it is rendered unsafely in the Admin → Manage Photos section, resulting in JavaScript execution in the administrator’s browser. This issue is fixed in version 5.5.2-#147.

[CVE-2025-64338] [Modified: 31-12-2025] [Analyzed] [V3.1 S9.0:CRITICAL] ClipBucket v5 is an open source video sharing platform. In versions 5.5.2 - #156 and below, an authenticated regular user can create a photo collection whose Collection Name contains HTML/JavaScript payloads, which making ClipBucket’s Manage Photos feature vulnerable to Stored XSS. The payload is rendered unsafely in the Admin → Manage Photos interface, causing it to execute in the administrator’s browser, therefore allowing an attacker to target administrators and perform actions with elevated privileges. This issue is fixed in version 5.5.2 - #157.

[CVE-2025-64339] [Modified: 26-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Playlists feature is vulnerable to stored Cross-site Scripting (XSS),specifically in the Playlist Name field. An authenticated low-privileged user can create a playlist with a malicious name containing HTML/JavaScript code, which is rendered unescaped on playlist detail and listing pages. This results in arbitrary JavaScript execution in every viewer’s browser, including administrators. This issue is fixed in version 5.5.2-#147.

[CVE-2025-10966] [Modified: 20-01-2026] [Analyzed] [V3.1 S4.3:MEDIUM] curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.

[CVE-2025-12853] [Modified: 18-11-2025] [Analyzed] [V3.1 S4.7:MEDIUM] A vulnerability was determined in SourceCodester Best House Rental Management System 1.0. This affects the function delete_house of the file /admin_class.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-12855] [Modified: 17-11-2025] [Analyzed] [V3.1 S4.7:MEDIUM] A security flaw has been discovered in code-projects Responsive Hotel Site 1.0. This issue affects some unknown processing of the file /admin/newsletterdel.php. The manipulation of the argument eid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.

[CVE-2025-12856] [Modified: 17-11-2025] [Analyzed] [V3.1 S4.7:MEDIUM] A weakness has been identified in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/reservation.php. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.

[CVE-2025-12857] [Modified: 17-11-2025] [Analyzed] [V3.1 S4.7:MEDIUM] A security vulnerability has been detected in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/roombook.php. Such manipulation of the argument rid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

[CVE-2025-34299] [Modified: 10-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server.

[CVE-2025-12859] [Modified: 20-11-2025] [Analyzed] [V3.1 S4.7:MEDIUM] A vulnerability has been found in DedeBIZ up to 6.3.2. This impacts an unknown function of the file /admin/templets_one_edit.php. The manipulation of the argument ids leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

[CVE-2025-12860] [Modified: 20-11-2025] [Analyzed] [V3.1 S4.7:MEDIUM] A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelist_main.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

[CVE-2025-12861] [Modified: 20-11-2025] [Analyzed] [V3.1 S4.7:MEDIUM] A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/spec_add.php. This manipulation of the argument flags[] causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-47207] [Modified: 14-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] A NULL pointer dereference vulnerability has been reported to affect several product versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later

[CVE-2025-52425] [Modified: 14-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] An SQL injection vulnerability has been reported to affect QuMagie. A remote attacker can exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QuMagie 2.7.0 and later

[CVE-2025-52865] [Modified: 14-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later