[04/02/2026 19:04] Missão aciona TSE para barrar Lula em desfile - O Antagonista

[04/02/2026 17:01] Oruam grava vídeo e diz que tornozeleira tem problema; rapper é procurado - CNN Brasil

[04/02/2026 14:42] Por um código de ética, só de sacanagem - Folha de S.Paulo

[04/02/2026 16:14] Blindagem a Lulinha é escancarada, diz relator da CPI do INSS - Poder360

[04/02/2026 13:07] Chefes dos Três Poderes lançam pacto nacional e cobram ação imediata contra o feminicídio - CartaCapital

[04/02/2026 14:42] Mulher que desapareceu no RS publicou sobre acidente que não aconteceu - UOL Notícias

[04/02/2026 17:17] Justiça barra venda e manda mansão de Ana Hickmann a leilão por R$ 35 milhões - Revista Oeste

[04/02/2026 14:40] ONU alerta para 'colapso' humanitário em Cuba por falta de petróleo - UOL Notícias

[04/02/2026 09:23] 'Rússia e China agem em sintonia', diz governo russo após ligação entre Putin e Xi Jinping; Trump confirma viagem a Pequim em abril - G1

[03/02/2026 09:50] Ucrânia ajustará negociação de paz após novo ataque da Rússia, diz Zelensky - CNN Brasil

[CVE-2025-11421] [Modified: 09-10-2025] [Analyzed] [V3.1 S3.5:LOW] A flaw has been found in code-projects Voting System 1.0. The affected element is an unknown function of the file /admin/candidates_edit.php. This manipulation of the argument Firstname/Lastname/Platform causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used.

[CVE-2025-11422] [Modified: 09-10-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability has been found in Campcodes Advanced Online Voting Management System 1.0. The impacted element is an unknown function of the file /admin/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-11423] [Modified: 14-10-2025] [Analyzed] [V3.1 S9.8:CRITICAL] A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. Performing manipulation of the argument page results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

[CVE-2025-11424] [Modified: 09-10-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. This impacts an unknown function of the file /login.php. Executing manipulation of the argument emailid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-61787] [Modified: 16-10-2025] [Analyzed] [V3.1 S8.1:HIGH] Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command Line Injection attacks on Windows when batch files are executed. In Windows, ``CreateProcess()`` always implicitly spawns ``cmd.exe`` if a batch file (.bat, .cmd, etc.) is being executed even if the application does not specify it via the command line. This makes Deno vulnerable to a command injection attack on Windows. Versions 2.5.3 and 2.2.15 fix the issue.

[CVE-2025-11425] [Modified: 09-10-2025] [Analyzed] [V3.1 S2.4:LOW] A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /edit_admin.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Other parameters might be affected as well.

[CVE-2025-11426] [Modified: 09-10-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_book.php. The manipulation of the argument image results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.

[CVE-2025-11430] [Modified: 09-10-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was found in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /cart.php. The manipulation of the argument remove results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

[CVE-2025-11431] [Modified: 09-10-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. The impacted element is an unknown function of the file /transaction.php. This manipulation of the argument shopid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-11432] [Modified: 09-10-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was identified in itsourcecode Leave Management System 1.0. This affects an unknown function of the file /reset.php. Such manipulation of the argument employid leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.

[CVE-2025-11433] [Modified: 09-10-2025] [Analyzed] [V3.1 S3.5:LOW] A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing manipulation of the argument ID results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.

[CVE-2025-11434] [Modified: 09-10-2025] [Analyzed] [V3.1 S7.3:HIGH] A weakness has been identified in itsourcecode Student Transcript Processing System 1.0. Affected is an unknown function of the file /login.php. Executing manipulation of the argument uname can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.

[CVE-2025-11435] [Modified: 09-10-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A security vulnerability has been detected in JhumanJ OpnForm up to 1.9.3. Affected by this vulnerability is an unknown functionality of the file /show/submissions. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The identifier of the patch is a2af1184e53953afa8cb052f4055f288adcaa608. To fix this issue, it is recommended to deploy a patch.

[CVE-2025-11436] [Modified: 09-10-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was detected in JhumanJ OpnForm up to 1.9.3. Affected by this issue is some unknown functionality of the file /answer. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used. The patch is identified as 95c3e23856465d202e6aec10bdb6ee0688b5305a. It is advisable to implement a patch to correct this issue.

[CVE-2025-11437] [Modified: 09-10-2025] [Analyzed] [V3.1 S2.4:LOW] A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This issue is currently under review for additional handling. As of right now the vendor has stated that the feature is disabled until the user has configured their own domain which will mitigate this attack vector.

[CVE-2025-11438] [Modified: 09-10-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability has been found in JhumanJ OpnForm up to 1.9.3. This vulnerability affects unknown code of the file /custom-domains of the component API Endpoint. Such manipulation leads to missing authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is beb153ce52dceb971c1518f98333328c95f1ba20. It is best practice to apply a patch to resolve this issue.

[CVE-2025-11439] [Modified: 09-10-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability was found in JhumanJ OpnForm up to 1.9.3. This issue affects some unknown processing of the file /show/integrations. Performing manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The patch is named 11d97d78f2de2cb49f79baed6bde8b611ec1f384. It is recommended to apply a patch to fix this issue.

[CVE-2025-11440] [Modified: 09-10-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability was determined in JhumanJ OpnForm up to 1.9.3. Impacted is an unknown function of the file /edit. Executing manipulation can lead to improper access controls. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is called b15e29021d326be127193a5dbbd528c4e37e6324. Applying a patch is advised to resolve this issue.

[CVE-2025-11441] [Modified: 09-10-2025] [Analyzed] [V3.1 S3.7:LOW] A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is described as difficult. The exploit is publicly available and might be used. The identifier of the patch is 11e99960e14ca986b1a001a56e7533223d2cfa5b. It is suggested to install a patch to address this issue.

[CVE-2025-11442] [Modified: 09-10-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A security flaw has been discovered in JhumanJ OpnForm up to 1.9.3. The impacted element is an unknown function of the component API Endpoint. The manipulation results in cross-site request forgery. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor has stated that API calls require authentication through Authorization Bearer Tokens, so classic CSRF attacks do not apply here. An attacker would need to possess the JWT through means such as XSS which were mitigated, disabling any form of initial access.