[06/03/2026 08:34] Rússia ajudou Irã a localizar alvos dos EUA atacados no Oriente Médio, diz jornal - G1

[06/03/2026 11:20] Réu por morte do advogado Rodrigo Crespo diz que foi contratado por marido traído - G1

[05/03/2026 20:02] Ministros do STF querem Toffoli sem julgar o caso Master - Diário do Poder - Diário do Poder

[05/03/2026 21:21] Bases de interceptores dos EUA são atingidas na Jordânia e EAU - CNN Brasil

[06/03/2026 16:16] Governo Trump autoriza venda de ouro da Venezuela aos Estados Unidos - G1

[06/03/2026 07:39] Entenda elos de Lulinha com escândalo do INSS e o que se sabe até agora - Estado de Minas

[06/03/2026 04:30] Lula inaugura no Rio túnel que vai desafogar trânsito na Zona Oeste; saiba onde fica - Extra online

[06/03/2026 13:39] Polícia dos EUA mata brasileiro com quatro tiros após família pedir ajuda a serviço de saúde mental - Estadão

[06/03/2026 16:06] Personal que ficou com 80% do corpo queimado após explosão morre no PR - UOL Notícias

[06/03/2026 05:45] Caso Epstein: mulher diz ter sido violentada por Trump na adolescência; veja o que revelam novos documentos - O Globo

[CVE-2024-25621] [Modified: 31-12-2025] [Analyzed] [V3.1 S7.3:HIGH] containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri` and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were all created with incorrect permissions. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. Workarounds include updating system administrator permissions so the host can manually chmod the directories to not have group or world accessible permissions, or to run containerd in rootless mode.

[CVE-2025-22397] [Modified: 21-01-2026] [Analyzed] [V3.1 S6.7:MEDIUM] Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

[CVE-2025-31133] [Modified: 03-12-2025] [Analyzed] [V3.1 S7.8:HIGH] runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.

[CVE-2025-60541] [Modified: 31-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A Server-Side Request Forgery (SSRF) in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request.

[CVE-2025-63551] [Modified: 04-02-2026] [Analyzed] [V3.1 S7.5:HIGH] A Server-Side Request Forgery (SSRF) vulnerability, achievable through an XML External Entity (XXE) injection, exists in MetInfo Content Management System (CMS) thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the server to initiate an HTTP request to an arbitrary internal or external network address. Successful exploitation could lead to internal network reconnaissance, port scanning, or the retrieval of sensitive information. The vulnerability may be present in the backend API called by or associated with the path `/admin/#/webset/?head_tab_active=0`, where user-provided XML data is processed.

[CVE-2022-50589] [Modified: 24-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code.

[CVE-2022-50590] [Modified: 24-11-2025] [Analyzed] [V3.1 S5.3:MEDIUM] SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of the administrator.

[CVE-2022-50591] [Modified: 24-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_config_id’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords.

[CVE-2022-50592] [Modified: 24-11-2025] [Analyzed] [V3.1 S7.2:HIGH] Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges.

[CVE-2022-50593] [Modified: 08-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘search_term’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges.

[CVE-2022-50594] [Modified: 24-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords.

[CVE-2022-50595] [Modified: 24-11-2025] [Analyzed] [V3.1 S7.2:HIGH] Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_search_value’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges.

[CVE-2022-50596] [Modified: 28-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to execute arbitrary commands on the device with root privileges. The flaw specifically exists within the SetDest/Dest/Target arguments to the GetDeviceSettings form. The management interface is accessible over HTTP and HTTPS on the local and Wi-Fi networks and optionally from the Internet.

[CVE-2025-34236] [Modified: 28-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via NetworksController.addNetworkAction(). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.

[CVE-2025-34237] [Modified: 28-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction(). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.

[CVE-2025-34238] [Modified: 04-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction() that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web user (www-data) can access.

[CVE-2025-34239] [Modified: 04-12-2025] [Analyzed] [V3.1 S7.2:HIGH] Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated system administrator to execute arbitrary commands as the web server user (www-data) by supplying a crafted uploaded filename.

[CVE-2025-34240] [Modified: 28-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.

[CVE-2025-34241] [Modified: 28-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.

[CVE-2025-34242] [Modified: 28-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.