[03/04/2025 15:42] Autópsia obrigatória em caso de mortes, uso de câmeras: STF estabelece critérios para operações policiais em favelas no RJ - G1

[03/04/2025 13:52] Responderemos a qualquer tentativa de protecionismo, diz Lula - Poder360

[03/04/2025 14:54] Projeto que anistia condenados do 8 de janeiro começa tramitar na Câmara - Estado de Minas

[03/04/2025 15:09] Aposentados e pensionistas do INSS terão o 13º salário antecipado para abril e maio - www.gov.br

[03/04/2025 18:14] Felipe Neto anuncia pré-candidatura à presidência - Correio Braziliense

[03/04/2025 14:51] Temporal atinge o litoral de São Paulo com 100mm de chuva, raios e ventos de até 100 km/h - A Tribuna

[03/04/2025 19:06] Cenário de perigo por enchentes e deslizamentos na Região Sudeste - MetSul Meteorologia

[03/04/2025 14:53] Anvisa proíbe suplementos alimentares com ora-pro-nóbis - Correio do Povo

[03/04/2025 15:09] Queda na popularidade de Lula é responsabilidade de todos os ministros, diz Sidônio – Política - CartaCapital

[03/04/2025 17:32] MP/SP denuncia juiz aposentado acusado de falsa identidade por 40 anos - Migalhas

[CVE-2024-12182] [Modified: 10-12-2024] [Analyzed] [V3.1 S3.5:LOW] A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Affected by this issue is some unknown functionality of the file /member/soft_add.php. The manipulation of the argument body leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2024-12183] [Modified: 10-12-2024] [Analyzed] [V3.1 S3.5:LOW] A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

[CVE-2018-9397] [Modified: 19-12-2024] [Analyzed] [V3.1 S6.7:MEDIUM] In WMT_unlocked_ioctl of MTK WMT device driver, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

[CVE-2018-9398] [Modified: 19-12-2024] [Analyzed] [V3.1 S6.7:MEDIUM] In fm_set_stat of mediatek FM radio driver, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

[CVE-2018-9399] [Modified: 19-12-2024] [Analyzed] [V3.1 S6.7:MEDIUM] In /proc/driver/wmt_dbg driver, there are several possible out of bounds writes. These could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

[CVE-2018-9400] [Modified: 19-12-2024] [Analyzed] [V3.1 S6.7:MEDIUM] In gt1x_debug_write_proc and gt1x_tool_write of drivers/input/touchscreen/mediatek/GT1151/gt1x_generic.c and gt1x_tools.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

[CVE-2018-9402] [Modified: 19-12-2024] [Analyzed] [V3.1 S7.8:HIGH] In multiple functions of gl_proc.c, there is a buffer overwrite due to a missing bounds check. This could lead to escalation of privileges in the kernel.

[CVE-2018-9403] [Modified: 19-12-2024] [Analyzed] [V3.1 S6.7:MEDIUM] In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_- interface.c, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege in a privileged process with System execution privileges needed. User interaction is not needed for exploitation.

[CVE-2018-9404] [Modified: 19-12-2024] [Analyzed] [V3.1 S6.7:MEDIUM] In oemCallback of ril.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

[CVE-2018-9407] [Modified: 19-12-2024] [Analyzed] [V3.1 S5.5:MEDIUM] In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. This could lead to Information Disclosure of kernel data.

[CVE-2018-9408] [Modified: 19-12-2024] [Analyzed] [V3.1 S4.4:MEDIUM] In m3326_gps_write and m3326_gps_read of gps.s, there is a possible Out Of Bounds Read due to a missing bounds check. This could lead to a local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

[CVE-2018-9416] [Modified: 18-12-2024] [Analyzed] [V3.1 S6.7:MEDIUM] In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to an unusual root cause. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

[CVE-2018-9439] [Modified: 19-12-2024] [Analyzed] [V3.1 S6.7:MEDIUM] In __unregister_prot_hook and packet_release of af_packet.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.

[CVE-2018-9462] [Modified: 19-12-2024] [Analyzed] [V3.1 S6.7:MEDIUM] In store_cmd of ftm4_pdc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

[CVE-2018-9463] [Modified: 19-12-2024] [Analyzed] [V3.1 S6.7:MEDIUM] In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

[CVE-2024-12185] [Modified: 10-12-2024] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability has been found in code-projects Hotel Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Administrator Login Password Handler. The manipulation of the argument Str2 leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

[CVE-2024-12186] [Modified: 10-12-2024] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability was found in code-projects Hotel Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file hotelnew.c of the component Available Room Handler. The manipulation of the argument admin_entry leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

[CVE-2024-12187] [Modified: 10-12-2024] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was found in 1000 Projects Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /showbook.php. The manipulation of the argument q leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

[CVE-2024-12188] [Modified: 10-12-2024] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was found in 1000 Projects Library Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /brains/stu.php. The manipulation of the argument useri leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2024-11420] [Modified: 03-02-2025] [Analyzed] [V3.1 S6.4:MEDIUM] The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.