[28/04/2026 13:41] Damares diz que oposição votará contra Messias - Poder360

[28/04/2026 16:06] Motta anuncia presidente e relator do fim da escala 6×1 na comissão especial - CartaCapital

[28/04/2026 19:14] PF investiga entrada de malas sem passar pelo raio-x em voo de jatinho de dono de bets com Hugo Motta e Ciro Nogueira; veja fotos - O GLOBO

[28/04/2026 14:24] Constantino sobre Cleitinho: ‘Fio desencapado, sem preparo’ - Estado de Minas

[28/04/2026 14:45] Família de Moraes vai à Justiça contra Alessandro Vieira por danos morais - CartaCapital

[28/04/2026 22:58] Homem é morto a tiros em tentativa de assalto em São Cristóvão enquanto dirigia com o filho de 7 anos - O GLOBO

[28/04/2026 17:09] Moraes diz que parlamentares ‘querem likes’ ao atacar STF: ‘Eleitor não quer essa histeria’ - R7

[28/04/2026 16:59] Acordo entre Mercosul e União Europeia é oficializado e passa a valer em 1º de maio - G1

[28/04/2026 20:35] Agente dos EUA que atua no Brasil recebe credenciais da PF de volta - CNN Brasil

[28/04/2026 20:20] TSE retoma julgamento que pode tornar Denarium inelegível Siga no YouTube - Metrópoles

[CVE-2025-15284] [Modified: 26-02-2026] [Analyzed] [V3.1 S3.7:LOW] Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation (a[]=1&a[]=2), only for indexed notation (a[0]=1). This is a consistency bug; arrayLimit should apply uniformly across all array notations. Note: The default parameterLimit of 1000 effectively mitigates the DoS scenario originally described. With default options, bracket notation cannot produce arrays larger than parameterLimit regardless of arrayLimit, because each a[]=valueconsumes one parameter slot. The severity has been reduced accordingly. Details The arrayLimit option only checked limits for indexed notation (a[0]=1&a[1]=2) but did not enforce it for bracket notation (a[]=1&a[]=2). Vulnerable code (lib/parse.js:159-162): if (root === '[]' && options.parseArrays) { obj = utils.combine([], leaf); // No arrayLimit check } Working code (lib/parse.js:175): else if (index <= options.arrayLimit) { // Limit checked here obj = []; obj[index] = leaf; } The bracket notation handler at line 159 uses utils.combine([], leaf) without validating against options.arrayLimit, while indexed notation at line 175 checks index <= options.arrayLimit before creating arrays. PoC const qs = require('qs'); const result = qs.parse('a[]=1&a[]=2&a[]=3&a[]=4&a[]=5&a[]=6', { arrayLimit: 5 }); console.log(result.a.length); // Output: 6 (should be max 5) Note on parameterLimit interaction: The original advisory's "DoS demonstration" claimed a length of 10,000, but parameterLimit (default: 1000) caps parsing to 1,000 parameters. With default options, the actual output is 1,000, not 10,000. Impact Consistency bug in arrayLimit enforcement. With default parameterLimit, the practical DoS risk is negligible since parameterLimit already caps the total number of parsed parameters (and thus array elements from bracket notation). The risk increases only when parameterLimit is explicitly set to a very high value.

[CVE-2025-68120] [Modified: 06-01-2026] [Analyzed] [V3.1 S5.4:MEDIUM] To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.

[CVE-2025-69234] [Modified: 13-01-2026] [Analyzed] [V3.1 S9.1:CRITICAL] Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment.

[CVE-2025-69235] [Modified: 13-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment.

[CVE-2025-15215] [Modified: 02-01-2026] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-15216] [Modified: 02-01-2026] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

[CVE-2025-15229] [Modified: 07-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected by this vulnerability is the function fromDhcpListClient of the file /goform/DhcpListClient. Such manipulation of the argument LISTLEN leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-15232] [Modified: 02-01-2026] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was identified in Tenda M3 1.0.0.13(4903). This vulnerability affects the function formSetAdPushInfo of the file /goform/setAdPushInfo. The manipulation of the argument mac/terminal leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

[CVE-2025-15102] [Modified: 06-01-2026] [Analyzed] [V3.1 S9.1:CRITICAL] DVP-12SE11T - Password Protection Bypass

[CVE-2025-15103] [Modified: 06-01-2026] [Analyzed] [V3.1 S8.1:HIGH] DVP-12SE11T - Authentication Bypass via Partial Password Disclosure

[CVE-2025-15358] [Modified: 06-01-2026] [Analyzed] [V3.1 S7.5:HIGH] DVP-12SE11T - Denial of Service Vulnerability

[CVE-2025-15359] [Modified: 05-01-2026] [Analyzed] [V3.1 S9.1:CRITICAL] DVP-12SE11T - Out-of-bound memory write Vulnerability

[CVE-2025-69092] [Modified: 29-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows DOM-Based XSS.This issue affects Essential Addons for Elementor: from n/a through <= 6.5.3.

[CVE-2023-54207] [Modified: 26-02-2026] [Analyzed] [V3.1 S7.8:HIGH] In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Correct devm device reference for hidinput input_dev name Reference the HID device rather than the input device for the devm allocation of the input_dev name. Referencing the input_dev would lead to a use-after-free when the input_dev was unregistered and subsequently fires a uevent that depends on the name. At the point of firing the uevent, the name would be freed by devres management. Use devm_kasprintf to simplify the logic for allocating memory and formatting the input_dev name string.

[CVE-2023-54285] [Modified: 26-02-2026] [Analyzed] [V3.1 S7.8:HIGH] In the Linux kernel, the following vulnerability has been resolved: iomap: Fix possible overflow condition in iomap_write_delalloc_scan folio_next_index() returns an unsigned long value which left shifted by PAGE_SHIFT could possibly cause an overflow on 32-bit system. Instead use folio_pos(folio) + folio_size(folio), which does this correctly.

[CVE-2023-54321] [Modified: 26-02-2026] [Analyzed] [V3.1 S5.5:MEDIUM] In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential null-ptr-deref in device_add() I got the following null-ptr-deref report while doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058 CPU: 2 PID: 278 Comm: 37-i2c-ds2482 Tainted: G B W N 6.1.0-rc3+ RIP: 0010:klist_put+0x2d/0xd0 Call Trace: <TASK> klist_remove+0xf1/0x1c0 device_release_driver_internal+0x196/0x210 bus_remove_device+0x1bd/0x240 device_add+0xd3d/0x1100 w1_add_master_device+0x476/0x490 [wire] ds2482_probe+0x303/0x3e0 [ds2482] This is how it happened: w1_alloc_dev() // The dev->driver is set to w1_master_driver. memcpy(&dev->dev, device, sizeof(struct device)); device_add() bus_add_device() dpm_sysfs_add() // It fails, calls bus_remove_device. // error path bus_remove_device() // The dev->driver is not null, but driver is not bound. __device_release_driver() klist_remove(&dev->p->knode_driver) <-- It causes null-ptr-deref. // normal path bus_probe_device() // It's not called yet. device_bind_driver() If dev->driver is set, in the error path after calling bus_add_device() in device_add(), bus_remove_device() is called, then the device will be detached from driver. But device_bind_driver() is not called yet, so it causes null-ptr-deref while access the 'knode_driver'. To fix this, set dev->driver to null in the error path before calling bus_remove_device().

[CVE-2025-15252] [Modified: 02-01-2026] [Analyzed] [V3.1 S8.8:HIGH] A flaw has been found in Tenda M3 1.0.0.13(4903). The affected element is the function formSetRemoteDhcpForAp of the file /goform/setDhcpAP. This manipulation of the argument startip/endip/leasetime/gateway/dns1/dns2 causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.

[CVE-2025-15253] [Modified: 02-01-2026] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability has been found in Tenda M3 1.0.0.13(4903). The impacted element is an unknown function of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-61557] [Modified: 14-01-2026] [Analyzed] [V3.1 S7.5:HIGH] nixseparatedebuginfod before v0.4.1 is vulnerable to Directory Traversal.

[CVE-2025-64528] [Modified: 20-02-2026] [Analyzed] [V3.1 S5.3:MEDIUM] Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of a username can find the user and their full name via UI or API, even when `enable_names` is disabled. Versions 3.5.3, 2025.11.1, and 2025.12.0 contain a fix.