[25/04/2025 22:43] Fernando Collor está em presídio com "péssimas condições" e superlotado - NSC Total

[25/04/2025 17:29] Por maioria, STF condena Débora Rodrigues, que pichou estátua no 8/1, a 14 anos de prisão - G1

[25/04/2025 20:45] Veja fotos de Lula, Janja, Dilma e ministros no velório do papa - Poder360

[25/04/2025 20:26] Ataques de onças contra humanos são considerados raros; saiba como evitá-los - Folha de S.Paulo

[25/04/2025 18:22] Aposentados começam a receber devolução de descontos indevidos em maio - Correio Braziliense

[25/04/2025 19:44] Lula sanciona lei que autoriza tornozeleira para agressor de mulheres - UOL Notícias

[25/04/2025 17:00] TCE suspende concessão das rodovias do vetor Norte da Grande BH - Estado de Minas

[25/04/2025 13:56] Após piora, exames descartam complicações de Bolsonaro, diz novo boletim - UOL Notícias

[25/04/2025 19:45] O comentário que fez Hugo Motta bloquear a Associação dos Familiares e Vítimas do 8/1 - Revista Oeste

[25/04/2025 18:43] Concurso PF 2025: edital tem 192 vagas e salários de até R$ 11 mil - Correio Braziliense

[CVE-2024-12977] [Modified: 03-04-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 1.0. This affects an unknown part of the file /admin/state.php. The manipulation of the argument state leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

[CVE-2024-12978] [Modified: 18-02-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as critical. This vulnerability affects the function add_req of the file /_parse/_all_edits.php. The manipulation of the argument jid/limit leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

[CVE-2024-12979] [Modified: 18-02-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability was found in code-projects Job Recruitment 1.0 and classified as problematic. This issue affects the function cn_update of the file /_parse/_all_edits.php. The manipulation of the argument cname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

[CVE-2024-12980] [Modified: 18-02-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability was found in code-projects Job Recruitment 1.0. It has been classified as problematic. Affected is the function fln_update of the file /_parse/_all_edits.php. The manipulation of the argument fname/lname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

[CVE-2024-56519] [Modified: 21-04-2025] [Analyzed] [V3.1 S7.5:HIGH] An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.

[CVE-2024-56521] [Modified: 21-04-2025] [Analyzed] [V3.1 S9.8:CRITICAL] An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.

[CVE-2024-56522] [Modified: 17-04-2025] [Analyzed] [V3.1 S7.5:HIGH] An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.

[CVE-2024-12981] [Modified: 05-03-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was found in CodeAstro Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bookingconfirm.php. The manipulation of the argument driver_id_from_dropdown leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

[CVE-2024-12982] [Modified: 03-04-2025] [Analyzed] [V3.1 S2.4:LOW] A vulnerability was found in PHPGurukul Blood Bank & Donor Management System 2.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bbdms/admin/update-contactinfo.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2024-56527] [Modified: 17-04-2025] [Analyzed] [V3.1 S7.5:HIGH] An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.

[CVE-2024-12983] [Modified: 28-03-2025] [Analyzed] [V3.1 S2.4:LOW] A vulnerability classified as problematic has been found in code-projects Hospital Management System 1.0. This affects an unknown part of the file /hospital/hms/admin/manage-doctors.php of the component Edit Doctor Details Page. The manipulation of the argument Doctor Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

[CVE-2020-1818] [Modified: 10-01-2025] [Analyzed] [V3.1 S3.7:LOW] There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

[CVE-2020-1819] [Modified: 10-01-2025] [Analyzed] [V3.1 S3.7:LOW] There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

[CVE-2020-9080] [Modified: 10-01-2025] [Analyzed] [V3.1 S7.8:HIGH] There is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated attacker could craft a specific input to exploit this vulnerability. Successful exploitation may lead to local privilege escalation. (Vulnerability ID: HWPSIRT-2020-05272) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9080.

[CVE-2020-9081] [Modified: 10-01-2025] [Analyzed] [V3.1 S3.5:LOW] There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081.

[CVE-2020-9082] [Modified: 14-01-2025] [Analyzed] [V3.1 S3.5:LOW] There is an information disclosure vulnerability in several smartphones. The system has a logic judging error under certain scenario, the attacker should gain the permit to execute commands in ADB mode and then do a series of operation on the phone. Successful exploit could allow the attacker to gain certain information from certain apps locked by Applock. (Vulnerability ID: HWPSIRT-2019-07112) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9082.

[CVE-2020-9085] [Modified: 13-01-2025] [Analyzed] [V3.1 S5.3:MEDIUM] There is a NULL pointer dereference vulnerability in some Huawei products. An attacker may send specially crafted POST messages to the affected products. Due to insufficient validation of some parameter in the message, successful exploit may cause some process abnormal. (Vulnerability ID: HWPSIRT-2017-10105) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9085.

[CVE-2020-9086] [Modified: 13-01-2025] [Analyzed] [V3.1 S4.3:MEDIUM] There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.

[CVE-2020-9089] [Modified: 13-01-2025] [Analyzed] [V3.1 S3.3:LOW] There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit this vulnerability to obtain some information. This can lead to information leak. (Vulnerability ID: HWPSIRT-2019-12141) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9089.

[CVE-2020-9210] [Modified: 13-01-2025] [Analyzed] [V3.1 S6.8:MEDIUM] There is an insufficient integrity vulnerability in Huawei products. A module does not perform sufficient integrity check in a specific scenario. Attackers can exploit the vulnerability by physically install malware. This could compromise normal service of the affected device. (Vulnerability ID: HWPSIRT-2020-00145) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9210.