[24/01/2026 07:31] Trump posta foto com pinguim e é zoado na web - Poder360

[24/01/2026 12:21] Zema diz que seguirá até o fim na disputa presidencial para elevar o debate - em.com.br

[24/01/2026 08:12] Lula anuncia ações de R$ 2,7 bi para reforma agrária - Poder360

[24/01/2026 07:48] Justiça suspende contrato de obras na avenida Roberto Marinho após recurso - Metrô CPTM

[23/01/2026 20:58] Modelo de negócio do Master era ‘100% baseado no FGC’, diz Vorcaro à PF - CartaCapital

[24/01/2026 12:08] Três estados seguem com risco de chuva volumosa; veja onde há alerta - metsul.com

[24/01/2026 06:31] Pentágono atualiza estratégia de defesa e diz que “Doutrina Monroe” deve ser mantida “em nosso tempo” - Brasil 247

[24/01/2026 11:56] Ucrânia reporta maior ataque do ano em meio a reunião com Rússia e EUA - CNN Brasil

[24/01/2026 13:30] Como é a economia na Groenlândia, ilha autônoma que se tornou alvo de Trump - CNN Brasil

[23/01/2026 22:31] Brasil condena repressão no Irã pela 1ª vez, mas se abstém em votação na ONU - Poder360

[CVE-2025-11046] [Modified: 07-10-2025] [Analyzed] [V3.1 S7.3:HIGH] A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. It is advisable to upgrade the affected component. The vendor responds: "We have confirmed that the issue mentioned in the report does not exist in the latest releases".

[CVE-2025-11047] [Modified: 07-10-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /module/Api/aluno. This manipulation of the argument aluno_id causes improper authorization. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.

[CVE-2025-11048] [Modified: 07-10-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

[CVE-2025-36144] [Modified: 03-10-2025] [Analyzed] [V3.1 S3.3:LOW] IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user.

[CVE-2025-59932] [Modified: 08-10-2025] [Analyzed] [V3.1 S8.6:HIGH] Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the platform. The issue has been fixed in FlagForge version 2.3.1.

[CVE-2025-59938] [Modified: 16-10-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions starting from 3.8.0 to before 4.11.0, wazuh-analysisd is vulnerable to a heap buffer overflow when parsing XML elements from Windows EventChannel messages. This issue has been patched in version 4.11.0.

[CVE-2025-59939] [Modified: 06-10-2025] [Analyzed] [V3.1 S8.8:HIGH] WeGIA is a Web manager for charitable institutions. Prior to version 3.5.0, WeGIA is vulnerable to SQL Injection attacks in the control.php endpoint with the following parameters: nomeClasse=ProdutoControle&metodo=excluir&id_produto=[malicious command]. It is necessary to apply prepared statements methods, sanitization, and validations on theid_produto parameter. This issue has been patched in version 3.5.0.

[CVE-2025-59945] [Modified: 11-12-2025] [Analyzed] [V3.1 S8.1:HIGH] SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged (non-admin) users can assign the is_project_admin permission to their own user. This allows users to read, modify and delete pentesting projects they are not members of and are therefore not supposed to access. This issue has been patched in version 2025.83.

[CVE-2024-43192] [Modified: 11-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

[CVE-2025-36239] [Modified: 11-12-2025] [Analyzed] [V3.1 S6.1:MEDIUM] IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

[CVE-2025-10498] [Modified: 23-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation when exporting CSV files. This makes it possible for unauthenticated attackers to delete those files granted they can trick an administrator into performing an action such as clicking on a link.

[CVE-2025-10499] [Modified: 23-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybe_opt_in() function. This makes it possible for unauthenticated attackers to opt an affected site into usage statistics collection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

[CVE-2025-11049] [Modified: 03-10-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /unificacao-aluno. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit is now public and may be used.

[CVE-2025-10954] [Modified: 03-10-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse() function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range".

[CVE-2025-11050] [Modified: 03-10-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /periodo-lancamento. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been published and may be used.

[CVE-2025-11051] [Modified: 03-10-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack is possible to be carried out remotely.

[CVE-2025-11052] [Modified: 16-10-2025] [Analyzed] [V3.1 S7.3:HIGH] A security flaw has been discovered in kidaze CourseSelectionSystem 1.0/5.php. The impacted element is an unknown function of the file /Profilers/PriProfile/COUNT3s5.php. Performing manipulation of the argument csslc results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.

[CVE-2025-11053] [Modified: 03-10-2025] [Analyzed] [V3.1 S7.3:HIGH] A weakness has been identified in PHPGurukul Small CRM 4.0. This affects an unknown function of the file /forgot-password.php. Executing manipulation of the argument email can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.

[CVE-2025-11054] [Modified: 03-10-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A security vulnerability has been detected in itsourcecode Open Source Job Portal 1.0. This impacts an unknown function of the file /jobportal/admin/category/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

[CVE-2025-11055] [Modified: 13-11-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was detected in SourceCodester Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/updateaddress.php. The manipulation of the argument address results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.