[11/01/2026 14:32] Rio enfrenta calor intenso com temperatura de quase 40°C neste domingo - G1

[11/01/2026 09:11] Atualização: Atenção Meteorológica SDC/SC 11/01 09:15 - Temporais entre a tarde e noite deste domingo (11) - Secretaria de Estado da Proteção e Defesa Civil

[11/01/2026 07:58] Sequestrado nos EUA, Maduro envia mensagem: “estamos bem, somos lutadores” - Brasil 247

[11/01/2026 06:58] Policial civil é morto durante tentativa de assalto no Maracanã, Zona Norte do Rio - G1

[10/01/2026 20:55] Congresso independente e falhas na articulação encurralam Lula em ano eleitoral - Gazeta do Povo

[10/01/2026 06:54] Drones, luzes e recorde de público: show de Alok leva 338 mil pessoas ao Verão Maior - Governo do Estado do Paraná

[11/01/2026 12:20] Ciclone extratropical provoca "combo climático" e coloca SC em alerta - NSC Total

[11/01/2026 06:10] Falso médico é descoberto após citar vesícula de paciente que não tem o órgão durante ultrassom - G1

[11/01/2026 11:20] Agricultores acampam em porto francês para 'controlar' produtos do Mercosul - UOL Economia

[11/01/2026 06:15] Policial preso em dezembro sob acusações de traição à pátria morre sob custódia do Estado na Venezuela - O Globo

[CVE-2025-10366] [Modified: 02-10-2025] [Analyzed] [V3.1 S3.5:LOW] A flaw has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/inc.setWlanIpMail.php. This manipulation of the argument Email address causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-10367] [Modified: 16-10-2025] [Analyzed] [V3.1 S3.5:LOW] A vulnerability has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/cardEdit.php. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-10368] [Modified: 16-10-2025] [Analyzed] [V3.1 S3.5:LOW] A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this issue is some unknown functionality of the file /htdocs/manageFilesFolders.php. Performing manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-10369] [Modified: 16-10-2025] [Analyzed] [V3.1 S3.5:LOW] A vulnerability was determined in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This affects an unknown part of the file /htdocs/cardRegisterNew.php. Executing manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-10370] [Modified: 17-10-2025] [Analyzed] [V3.1 S3.5:LOW] A vulnerability was identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This vulnerability affects unknown code of the file /htdocs/userScripts.php. The manipulation of the argument Custom script leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-10384] [Modified: 10-10-2025] [Analyzed] [V3.1 S5.4:MEDIUM] A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-10387] [Modified: 14-11-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was determined in codesiddhant Jasmin Ransomware up to 1.0.1. This vulnerability affects unknown code of the file /handshake.php. This manipulation of the argument machine_name/computer_user/os/date/time/ip/location/systemid/password causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-10389] [Modified: 14-10-2025] [Analyzed] [V3.1 S5.4:MEDIUM] A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-10390] [Modified: 14-10-2025] [Analyzed] [V3.1 S5.4:MEDIUM] A weakness has been identified in CRMEB up to 5.6.1. The affected element is the function editAddress of the file app/services/user/UserAddressServices.php. Executing manipulation of the argument ID can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-10391] [Modified: 14-10-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument push_token_url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-10394] [Modified: 14-10-2025] [Analyzed] [V3.1 S4.7:MEDIUM] A vulnerability has been found in fcba_zzm ics-park Smart Park Management System 2.0. Affected is an unknown function of the file ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/JobController.java of the component Scheduled Task Module. Such manipulation leads to code injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

[CVE-2025-10395] [Modified: 08-10-2025] [Analyzed] [V3.1 S4.7:MEDIUM] A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function col_url of the component Scheduled Task Handler. Performing manipulation of the argument cjurl results in server-side request forgery. It is possible to initiate the attack remotely.

[CVE-2025-10396] [Modified: 18-09-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_role.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-10397] [Modified: 08-10-2025] [Analyzed] [V3.1 S4.7:MEDIUM] A vulnerability was identified in Magicblack MacCMS 2025.1000.4050. This affects an unknown part of the component API Handler. The manipulation of the argument cjurl leads to server-side request forgery. The attack can be initiated remotely. The exploit is publicly available and might be used.

[CVE-2025-10398] [Modified: 14-10-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A security flaw has been discovered in fcba_zzm ics-park Smart Park Management System 2.0. This vulnerability affects unknown code of the file FileUploadUtils.java. The manipulation of the argument File results in unrestricted upload. The attack can be launched remotely. The exploit has been released to the public and may be exploited.

[CVE-2025-0164] [Modified: 15-12-2025] [Analyzed] [V3.1 S2.3:LOW] IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment.

[CVE-2025-36035] [Modified: 19-12-2025] [Analyzed] [V3.1 S6.7:MEDIUM] IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources.

[CVE-2025-10400] [Modified: 18-09-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Impacted is an unknown function of the file /routers/ticket-message.php. Such manipulation of the argument ticket_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

[CVE-2025-10401] [Modified: 24-09-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was detected in D-Link DIR-823x up to 250416. The affected element is an unknown function of the file /goform/diag_ping. Performing manipulation of the argument target_addr results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

[CVE-2025-10402] [Modified: 18-09-2025] [Analyzed] [V3.1 S7.3:HIGH] A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/readenq.php. Executing manipulation of the argument delid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.