[03/02/2026 14:48] Câmara aprova reajuste e folga a servidores do Congresso - Metrópoles

[03/02/2026 06:45] Advogado critica choro de delegado e diz que piloto que deixou jovem em coma no DF está preso 'por ser branco e de classe média' - O Globo

[02/02/2026 20:16] No TSE, Cármen Lúcia pede que juízes não recebam presentes - Poder360

[03/02/2026 10:43] Vestido de Chewbacca, brasileiro é espancado em estação de esqui na França - CNN Brasil

[03/02/2026 14:09] Pais saem para ajudar filha que sofreu acidente e os três desaparecem no RS - UOL Notícias

[02/02/2026 15:50] Pai de adolescente investigado na morte do cão Orelha afirma: "Se ele errou, tem que responder - NSC Total

[03/02/2026 11:43] Frei Sérgio Görgen, fundador do MST e ex-deputado do RS, morre aos 70 anos - G1

[03/02/2026 15:18] Médica que raptou bebê em MG se torna ré por homicídio de farmacêutica - Estado de Minas

[03/02/2026 13:42] Base do governo vai assinar CPI do Banco Master, diz Lindbergh - Brasil 247

[03/02/2026 06:55] Suspeito de agiotagem é morto a tiros; dívida de R$ 425 mil é investigada - Estado de Minas

[CVE-2025-11339] [Modified: 19-11-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability has been found in D-Link DI-7100G C1 up to 20250928. This issue affects the function sub_4BD4F8 of the file /webchat/hi_block.asp of the component jhttpd. The manipulation of the argument popupId leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-11341] [Modified: 16-01-2026] [Analyzed] [V3.1 S7.3:HIGH] A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

[CVE-2025-36354] [Modified: 15-12-2025] [Analyzed] [V3.1 S7.3:HIGH] IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input.

[CVE-2025-36355] [Modified: 15-12-2025] [Analyzed] [V3.1 S8.5:HIGH] IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.

[CVE-2025-36356] [Modified: 15-12-2025] [Analyzed] [V3.1 S9.3:CRITICAL] IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required.

[CVE-2025-60956] [Modified: 10-10-2025] [Analyzed] [V3.1 S8.0:HIGH] Cross Site Request Forgery (CSRF) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.

[CVE-2025-60957] [Modified: 10-10-2025] [Analyzed] [V3.1 S9.9:CRITICAL] OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.

[CVE-2025-60958] [Modified: 10-10-2025] [Analyzed] [V3.1 S7.3:HIGH] Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information.

[CVE-2025-60959] [Modified: 10-10-2025] [Analyzed] [V3.1 S8.2:HIGH] OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information.

[CVE-2025-60960] [Modified: 10-10-2025] [Analyzed] [V3.1 S8.2:HIGH] OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.

[CVE-2025-60961] [Modified: 10-10-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts.

[CVE-2025-60962] [Modified: 10-10-2025] [Analyzed] [V3.1 S8.2:HIGH] OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts.

[CVE-2025-60963] [Modified: 10-10-2025] [Analyzed] [V3.1 S8.2:HIGH] OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information.

[CVE-2025-60964] [Modified: 10-10-2025] [Analyzed] [V3.1 S9.1:CRITICAL] OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts.

[CVE-2025-60965] [Modified: 10-10-2025] [Analyzed] [V3.1 S9.1:CRITICAL] OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts.

[CVE-2025-60967] [Modified: 10-10-2025] [Analyzed] [V3.1 S7.3:HIGH] Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information.

[CVE-2025-60969] [Modified: 10-10-2025] [Analyzed] [V3.1 S5.7:MEDIUM] Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information.

[CVE-2025-61769] [Modified: 09-10-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including version 2.5.22 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authenticated user it is possible to upload .svg file that contains JavaScript code that is later being executed. Commit 052f9c4226b2c0014bcd857fec47677340b185b1 fixes the issue.

[CVE-2025-61777] [Modified: 30-10-2025] [Analyzed] [V3.1 S9.4:CRITICAL] Flag Forge is a Capture The Flag (CTF) platform. Starting in version 2.0.0 and prior to version 2.3.2, the `/api/admin/badge-templates` (GET) and `/api/admin/badge-templates/create` (POST) endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized users to retrieve all badge templates and sensitive metadata (createdBy, createdAt, updatedAt) and/or create arbitrary badge templates in the database. This could lead to data exposure, database pollution, or abuse of the badge system. The issue has been fixed in FlagForge v2.3.2. GET, POST, UPDATE, and DELETE endpoints now require authentication. Authorization checks ensure only admins can access and modify badge templates. No reliable workarounds are available.

[CVE-2025-11342] [Modified: 14-10-2025] [Analyzed] [V3.1 S4.7:MEDIUM] A weakness has been identified in code-projects Online Course Registration 1.0. This impacts an unknown function of the file /admin/edit-course.php. Executing manipulation of the argument coursecode can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.