[31/03/2026 10:27] Lula anuncia trocas em quase metade dos ministérios para a eleição: 'Missões mais importantes nos próximos meses' - oglobo.globo.com

[31/03/2026 07:01] Irã lança mísseis contra países do Oriente Médio após ameaça de Trump - cartacapital.com.br

[31/03/2026 08:26] Os números da pesquisa Estadão/Atlas para o Senado em São Paulo - cartacapital.com.br

[30/03/2026 23:39] Trump está disposto a encerrar a guerra mesmo sem reabrir Ormuz, diz jornal - CNN Brasil

[31/03/2026 05:00] Submarino nuclear: 'Brasil não pode abrir mão do submarino nem ceder à pressão para revelar seus detalhes' - BBC

[30/03/2026 17:20] Caiado diz que primeiro ato como presidente será anistiar Bolsonaro - Estado de Minas

[31/03/2026 08:02] Zanin condena ex-aluno que fazia calouras jurar aceitar coito com veteranos - Migalhas

[31/03/2026 07:26] Grupo suspeito de desviar quase R$ 900 milhões de herança do fundador do grupo Unip/Objetivo é alvo de operação - GZH

[30/03/2026 21:52] Prefeito do Rio e governador interino decretam ponto facultativo na Quinta-Feira Santa - oglobo.globo.com

[31/03/2026 02:00] Justiça manda governo pagar vale-refeição em férias e licenças - Estado de Minas

[CVE-2025-58408] [Modified: 29-12-2025] [Analyzed] [V3.1 S5.9:MEDIUM] Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data that can lead to kernel exceptions and write use-after-free. The Use After Free common weakness enumeration was chosen as the stale data can include handles to resources in which the reference counts can become unbalanced. This can lead to the premature destruction of a resource while in use.

[CVE-2025-12106] [Modified: 30-12-2025] [Analyzed] [V3.1 S9.1:CRITICAL] Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses

[CVE-2025-27232] [Modified: 06-02-2026] [Analyzed] [V3.1 S4.9:MEDIUM] An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.

[CVE-2025-49643] [Modified: 06-02-2026] [Analyzed] [V3.1 S6.5:MEDIUM] An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.

[CVE-2024-56089] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.5:HIGH] An issue in Technitium through v13.2.2 enables attackers to conduct a DNS cache poisoning attack and inject fake responses by reviving the birthday attack.

[CVE-2025-63520] [Modified: 02-12-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fupdate).

[CVE-2025-63522] [Modified: 02-12-2025] [Analyzed] [V3.1 S4.6:MEDIUM] Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function

[CVE-2025-63523] [Modified: 02-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes.

[CVE-2025-63526] [Modified: 02-12-2025] [Analyzed] [V3.1 S8.5:HIGH] A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg parameter, which is then executed in the victim's browser when the page is viewed.

[CVE-2025-63527] [Modified: 02-12-2025] [Analyzed] [V3.1 S8.5:HIGH] A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the hname, hemail, hpassword, hphone, hcity parameters, which are then executed in the victim's browser when the page is viewed.

[CVE-2025-63528] [Modified: 02-12-2025] [Analyzed] [V3.1 S8.5:HIGH] A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the blooddinfo.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the error parameter, which is then executed in the victim's browser when the page is viewed.

[CVE-2025-63529] [Modified: 02-12-2025] [Analyzed] [V3.1 S6.1:MEDIUM] A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that allows an attacker to set or predict a user's session identifier prior to authentication. When the victim logs in, the application continues to use the attacker-supplied session ID rather than generating a new one, enabling the attacker to hijack the authenticated session and gain unauthorized access to the victim's account.

[CVE-2025-63531] [Modified: 02-12-2025] [Analyzed] [V3.1 S10.0:CRITICAL] A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and rpassword fields, an attacker can bypass authentication and gain unauthorized access to the system.

[CVE-2025-64030] [Modified: 29-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Eximbills Enterprise 4.1.5 (Built on 2020-10-30) is vulnerable to authenticated stored cross-site scripting (CWE-79) via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPL_INFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript execution in their browsers.

[CVE-2024-32384] [Modified: 23-12-2025] [Analyzed] [V3.1 S6.8:MEDIUM] Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device.

[CVE-2024-32388] [Modified: 23-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This allows an attacker to bypass the firewall and access UDP-based services that would otherwise be protected.

[CVE-2024-39148] [Modified: 23-12-2025] [Analyzed] [V3.1 S8.1:HIGH] The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall.

[CVE-2024-48882] [Modified: 05-12-2025] [Analyzed] [V3.1 S8.6:HIGH] A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.

[CVE-2024-48894] [Modified: 05-12-2025] [Analyzed] [V3.1 S5.9:MEDIUM] A cleartext transmission vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.

[CVE-2024-49572] [Modified: 05-12-2025] [Analyzed] [V3.1 S7.2:HIGH] A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service and weaken credentials resulting in default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.