[01/02/2026 00:10] O delegado do Senado que quer apurar tudo — doa a quem doer - Brazil Journal

[01/02/2026 17:03] Menino de cinco anos detido pelo ICE volta para casa - Jovem Pan

[31/01/2026 20:56] EUA advertem Irã sobre exercícios militares - Revista Oeste

[31/01/2026 18:57] Como Paulo Gonet virou despachante do STF - Revista Oeste

[31/01/2026 19:21] Chuva forte causa transtornos em vários pontos da cidade do Rio - O Dia

[01/02/2026 15:56] Enem: filho de doméstica e pedreiro é 1º colocado em medicina na USP - Estado de Minas

[31/01/2026 13:06] Os objetivos de Kassab nas eleições - Revista Oeste

[01/02/2026 00:00] O teste de Minneapolis: Mortes de americanos por agentes federais põem Trump e democracia dos EUA em xeque - O Globo

[01/02/2026 21:34] Nevasca histórica provoca mil colisões na Carolina do Norte, nos EUA - CNN Brasil

[01/02/2026 15:12] Protestos contrários ao ICE se espalham pelos EUA durante fim de semana - CNN Brasil

[CVE-2025-11282] [Modified: 07-10-2025] [Analyzed] [V3.1 S2.4:LOW] A vulnerability was found in Frappe LMS 2.34.x/2.35.0. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The affected component should be upgraded. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them.

[CVE-2025-11283] [Modified: 07-10-2025] [Analyzed] [V3.1 S2.4:LOW] A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. It is suggested to upgrade the affected component. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them.

[CVE-2025-11285] [Modified: 09-10-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was found in samanhappy MCPHub up to 0.9.10. Affected by this issue is some unknown functionality of the file src/controllers/serverController.ts. The manipulation of the argument command/args results in os command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-11286] [Modified: 09-10-2025] [Analyzed] [V3.1 S4.7:MEDIUM] A vulnerability was determined in samanhappy MCPHub up to 0.9.10. This affects an unknown part of the file src/controllers/serverController.ts of the component MCPRouter Service. This manipulation of the argument baseUrl causes server-side request forgery. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-11287] [Modified: 09-10-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was identified in samanhappy MCPHub up to 0.9.10. This vulnerability affects the function handleSseConnectionfunction of the file src/services/sseService.ts. Such manipulation leads to improper authentication. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-11288] [Modified: 07-10-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A security flaw has been discovered in CRMEB up to 5.6. This issue affects some unknown processing of the file /adminapi/product/product of the component GET Parameter Handler. Performing manipulation of the argument cate_id results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-8406] [Modified: 30-10-2025] [Analyzed] [V3.1 S7.8:HIGH] ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer` class. The `load` function uses `is_path_within_directory` to validate files during `data.tar.gz` extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file writes, potentially resulting in arbitrary command execution if critical files are overwritten.

[CVE-2025-11289] [Modified: 16-01-2026] [Analyzed] [V3.1 S2.4:LOW] A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-11290] [Modified: 07-10-2025] [Analyzed] [V3.1 S5.6:MEDIUM] A vulnerability was identified in CRMEB up to 5.6.1. This affects an unknown function of the component JWT HMAC Secret Handler. Such manipulation of the argument secret with the input default leads to use of hard-coded cryptographic key . It is possible to launch the attack remotely. Attacks of this nature are highly complex. The exploitability is reported as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-11292] [Modified: 07-10-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A weakness has been identified in Belkin F9K1015 1.00.10. Affected is an unknown function of the file /goform/formBSSetSitesurvey. Executing manipulation of the argument wan_ipaddr can lead to command injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-11293] [Modified: 07-10-2025] [Analyzed] [V3.1 S8.8:HIGH] A security vulnerability has been detected in Belkin F9K1015 1.00.10. Affected by this vulnerability is an unknown functionality of the file /goform/formConnectionSetting. The manipulation of the argument max_Conn leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-11294] [Modified: 07-10-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was detected in Belkin F9K1015 1.00.10. Affected by this issue is some unknown functionality of the file /goform/formL2TPSetup. The manipulation of the argument L2TPUserName results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-11295] [Modified: 07-10-2025] [Analyzed] [V3.1 S8.8:HIGH] A flaw has been found in Belkin F9K1015 1.00.10. This affects an unknown part of the file /goform/formPPPoESetup. This manipulation of the argument pppUserName causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-11296] [Modified: 07-10-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability has been found in Belkin F9K1015 1.00.10. This vulnerability affects unknown code of the file /goform/formPPTPSetup. Such manipulation of the argument pptpUserName leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-11297] [Modified: 07-10-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was found in Belkin F9K1015 1.00.10. This issue affects some unknown processing of the file /goform/formSetLanguage. Performing manipulation of the argument webpage results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-11298] [Modified: 07-10-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was determined in Belkin F9K1015 1.00.10. Impacted is an unknown function of the file /goform/formSetWanStatic. Executing manipulation of the argument m_wan_ipaddr can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-11299] [Modified: 07-10-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was identified in Belkin F9K1015 1.00.10. The affected element is an unknown function of the file /goform/formWanTcpipSetup. The manipulation of the argument pppUserName leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-11300] [Modified: 07-10-2025] [Analyzed] [V3.1 S8.8:HIGH] A security flaw has been discovered in Belkin F9K1015 1.00.10. The impacted element is an unknown function of the file /goform/formWlanMP. The manipulation of the argument ateFunc results in buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-11301] [Modified: 07-10-2025] [Analyzed] [V3.1 S8.8:HIGH] A weakness has been identified in Belkin F9K1015 1.00.10. This affects an unknown function of the file /goform/formWlanSetupWPS. This manipulation of the argument webpage causes buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-11302] [Modified: 07-10-2025] [Analyzed] [V3.1 S8.8:HIGH] A security vulnerability has been detected in Belkin F9K1015 1.00.10. This impacts an unknown function of the file /goform/formWpsStart. Such manipulation of the argument pinCode leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.