[14/03/2026 03:55] Quadro de Bolsonaro é grave - Correio Braziliense

[13/03/2026 18:54] Análise: Bravata de Lula com assessor de Trump foi calculada - Valor Econômico

[13/03/2026 22:04] Vorcaro se machucou dando socos na parede após STF manter prisão - Brasil 247

[13/03/2026 21:39] 'Eu vou participar das eleições', diz Haddad - Folha de S.Paulo

[13/03/2026 21:07] Trump ameaça “demolir” infraestrutura crucial para o petróleo na ilha iraniana de Kharg - Correio do Povo

[13/03/2026 19:23] PSD do Rio entra com representação no STJ contra Castro e Curi por suposto uso político da polícia - G1

[14/03/2026 07:50] Corpo encontrado em Jaboticatubas é de jovem levado por enxurrada em Sabará - Estado de Minas

[14/03/2026 05:30] Registros de trabalho escravo crescem 38,3% em um ano no Brasil - UOL Economia

[14/03/2026 06:04] PT prepara ofensiva contra Flávio para usá-la "no momento certo" - Poder360

[13/03/2026 21:54] Alerta severo em BH: veja imagens da tempestade que atinge a cidade nesta sexta (13) - Rádio Itatiaia

[CVE-2025-10018] [Modified: 17-11-2025] [Analyzed] [V3.1 S4.8:MEDIUM] QuickCMS is vulnerable to multiple Stored XSS in language editor functionality (languages). Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

[CVE-2025-11918] [Modified: 17-11-2025] [Analyzed] [V3.1 S7.3:HIGH] Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability requires opening a malicious DOE file.

[CVE-2025-9982] [Modified: 17-11-2025] [Analyzed] [V3.1 S7.5:HIGH] A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to the source code or the server file system to retrieve authentication details, potentially leading to privilege escalation. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

[CVE-2024-21635] [Modified: 26-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update their password. In versions up to and including 0.18.1, though, the bad actor will still have access to their account because the bad actor's Access Token stays on the list as a valid token. The user will have to manually delete the bad actor's Access Token to secure their account. The list of Access Tokens has a generic Description which makes it hard to pinpoint a bad actor in a list of Access Tokens. A known patched version of Memos isn't available. To improve Memos security, all Access Tokens will need to be revoked when a user changes their password. This removes the session for all the user's devices and prompts the user to log in again. One can treat the old Access Tokens as "invalid" because those Access Tokens were created with the older password.

[CVE-2025-13168] [Modified: 09-01-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A weakness has been identified in ury-erp ury up to 0.2.0. This affects the function overrided_past_order_list of the file ury/ury/api/pos_extend.py. This manipulation of the argument search_term causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. Upgrading to version 0.2.1 is able to mitigate this issue. Patch name: 063384e0dddfd191847cd2d6524c342cc380b058. It is suggested to upgrade the affected component. The vendor replied and reacted very professional.

[CVE-2024-42749] [Modified: 19-11-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Cross Site Scripting vulnerability in Alto CMS v.1.1.13 allows a local attacker to execute arbitrary code via a crafted script.

[CVE-2024-44630] [Modified: 17-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country, state, city, padd, cadd, and gender.

[CVE-2024-44632] [Modified: 17-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the id and emailid parameters in password-recovery.php.

[CVE-2024-44633] [Modified: 17-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php.

[CVE-2024-44635] [Modified: 17-11-2025] [Analyzed] [V3.1 S6.1:MEDIUM] PHPGurukul Student Record System 3.20 is vulnerable to Cross Site Scripting (XSS) via adminname and aemailid parameters in /admin-profile.php.

[CVE-2024-44636] [Modified: 17-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the adminname and aemailid parameters in /admin-profile.php.

[CVE-2024-44639] [Modified: 17-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the sub1, sub2, sub3, sub4, and course-short parameters in add-subject.php.

[CVE-2024-44640] [Modified: 17-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the course-short, course-full, and cdate parameters in add-course.php.

[CVE-2024-55016] [Modified: 17-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] PHPGurukul Student Record Management System 3.20 is vulnerable to SQL Injection via the id and password parameters in login.php.

[CVE-2025-13169] [Modified: 17-11-2025] [Analyzed] [V3.1 S7.3:HIGH] A security vulnerability has been detected in code-projects Simple Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /add_query_reserve.php. Such manipulation of the argument room_id leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

[CVE-2025-64446] [Modified: 21-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.

[CVE-2025-13204] [Modified: 08-01-2026] [Analyzed] [V3.1 S7.3:HIGH] npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue.

[CVE-2025-13171] [Modified: 19-12-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was identified in ZZCMS 2023. This impacts an unknown function of the file /admin/wangkan_list.php. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.

[CVE-2025-54339] [Modified: 19-11-2025] [Analyzed] [V3.1 S10.0:CRITICAL] An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges.

[CVE-2025-54340] [Modified: 19-11-2025] [Analyzed] [V3.1 S4.1:MEDIUM] A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There is a Broken or Risky Cryptographic Algorithm.