[23/04/2026 17:06] Justiça autoriza prisão de MC Ryan SP, Poze do Rodo e dono da página Choquei - Revista Oeste

[23/04/2026 13:58] Kataguiri defende escala 6x1: ‘Trabalhador vai enxergar que foi enganado’ - Estado de Minas

[23/04/2026 12:29] Vereador de Nova Iguaçu, na Baixada Fluminense (RJ), morre depois de atentado a tiros - Revista Oeste

[23/04/2026 09:58] Laudo confirma que advogada encontrada morta em Praia do Leblon se afogou - Extra online

[23/04/2026 14:08] Gilmar Mendes: 'Master mora na Faria Lima, não na Praça dos Três Poderes' - Correio Braziliense

[23/04/2026 08:47] Governo Lula contraria PT e rejeita criação de estatal 'Terrabras' para explorar minerais críticos - G1

[23/04/2026 15:55] Projeto “Times Square” em SP avança e expõe alinhamento entre Tarcisio e Nunes - InfoMoney

[23/04/2026 15:17] "Acabei de coletar o meu DNA", anuncia relator da CPMI do INSS - O Antagonista

[23/04/2026 15:18] Minas Gerais se tornou campo minado para Flávio Bolsonaro, avaliam aliados do centrão - Estado de Minas

[23/04/2026 11:30] Feminicídio de modelo e morte de suspeito em cela: o que se sabe sobre o caso - Jovem Pan

[CVE-2025-36154] [Modified: 30-12-2025] [Analyzed] [V3.1 S6.2:MEDIUM] IBM Concert 1.0.0 through 2.1.0 stores sensitive information in cleartext during recursive docker builds which could be obtained by a local user.

[CVE-2018-25139] [Modified: 31-12-2025] [Analyzed] [V3.1 S7.5:HIGH] FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage.

[CVE-2018-25143] [Modified: 26-01-2026] [Analyzed] [V3.1 S8.8:HIGH] Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root privileges.

[CVE-2018-25145] [Modified: 26-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/m_cli/', and '/tmp' to access system passwords and network settings.

[CVE-2018-25147] [Modified: 26-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations.

[CVE-2018-25148] [Modified: 21-01-2026] [Analyzed] [V3.1 S8.8:HIGH] Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges, including starting services, disabling firewalls, and writing files to the system.

[CVE-2019-25242] [Modified: 30-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by tricking authenticated users into loading a specially crafted webpage.

[CVE-2019-25243] [Modified: 30-12-2025] [Analyzed] [V3.1 S8.8:HIGH] FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort' parameters.

[CVE-2019-25253] [Modified: 14-01-2026] [Analyzed] [V3.1 S7.5:HIGH] KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity references to retrieve sensitive configuration data like database credentials through an out-of-band channel attack.

[CVE-2019-25258] [Modified: 09-01-2026] [Analyzed] [V3.1 S7.5:HIGH] LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to access sensitive system files like win.ini and /etc/passwd by manipulating path traversal sequences.

[CVE-2025-68914] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table.

[CVE-2025-68915] [Modified: 02-01-2026] [Analyzed] [V3.1 S5.5:MEDIUM] Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbanner_w.cgi XSS via a crafted banner.

[CVE-2025-68916] [Modified: 02-01-2026] [Analyzed] [V3.1 S9.1:CRITICAL] Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution.

[CVE-2025-15073] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was determined in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /contact_us.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-15074] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /customer_details.php. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

[CVE-2025-15075] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A security flaw has been discovered in itsourcecode Student Management System 1.0. This issue affects some unknown processing of the file /student_p.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.

[CVE-2025-15077] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A security vulnerability has been detected in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /form137.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

[CVE-2025-15078] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was detected in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /list_report.php. The manipulation of the argument sy results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.

[CVE-2025-32095] [Modified: 05-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.

[CVE-2025-32096] [Modified: 05-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.