[26/04/2026 18:36] O que se sabe sobre Cole Allen, atirador do jantar de Trump - Poder360

[26/04/2026 10:32] Dino defende penas mais altas e perda automática de cargo para integrantes do Judiciário em casos de corrupção - G1

[26/04/2026 18:55] PT fala em ser “antissistema” e quer colar Bolsonaro à velha política - Poder360

[26/04/2026 18:30] Quem era estudante de medicina catarinense morta a facadas no Paraguai - Correio Braziliense

[26/04/2026 13:01] Zema mira Moraes, Gilmar e a ‘farra dos jatinhos’ em novo vídeo - Revista Oeste

[26/04/2026 13:36] 6x1: Veja quais profissões podem ficar de fora se redução for aprovada - CNN Brasil

[26/04/2026 22:24] Flamengo castiga Atlético-MG na Arena MRV e chega à quarta vitória seguida - CNN Brasil

[26/04/2026 17:17] Magnata albanês procurado internacionalmente é preso em Ilhabela (SP) - CNN Brasil

[26/04/2026 14:19] Zema diz que vai privatizar Petrobras e Banco do Brasil: ‘Plano implacável’ - Estado de Minas

[26/04/2026 13:54] Alckmin lança linha de R$ 10 bilhões para modernizar máquinas agrícolas no Brasil - Brasil 247

[CVE-2025-15118] [Modified: 07-01-2026] [Analyzed] [V3.1 S4.3:MEDIUM] A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

[CVE-2025-15119] [Modified: 07-01-2026] [Analyzed] [V3.1 S3.1:LOW] A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15120] [Modified: 30-12-2025] [Analyzed] [V3.1 S3.1:LOW] A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRoleList. This manipulation of the argument departId causes improper authorization. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15121] [Modified: 30-12-2025] [Analyzed] [V3.1 S2.4:LOW] A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15122] [Modified: 30-12-2025] [Analyzed] [V3.1 S3.1:LOW] A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId results in improper authorization. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15123] [Modified: 30-12-2025] [Analyzed] [V3.1 S3.1:LOW] A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15124] [Modified: 30-12-2025] [Analyzed] [V3.1 S3.1:LOW] A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. The attack's complexity is rated as high. The exploitability is said to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15125] [Modified: 30-12-2025] [Analyzed] [V3.1 S3.1:LOW] A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file /sys/permission/queryDepartPermission. The manipulation of the argument departId results in improper authorization. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15126] [Modified: 30-12-2025] [Analyzed] [V3.1 S3.1:LOW] A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the file /sys/position/getPositionUserList. This manipulation of the argument positionId causes improper authorization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15127] [Modified: 08-03-2026] [Analyzed] [V3.1 S7.3:HIGH] A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15131] [Modified: 07-01-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure.

[CVE-2025-15132] [Modified: 07-01-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2_api_open of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.

[CVE-2025-15133] [Modified: 07-01-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.

[CVE-2025-15136] [Modified: 07-01-2026] [Analyzed] [V3.1 S8.8:HIGH] A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function do_setWizard_asp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15137] [Modified: 07-01-2026] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function sub_F934  of the file NTPSyncWithHost.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15138] [Modified: 31-12-2025] [Analyzed] [V3.1 S4.7:MEDIUM] A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15139] [Modified: 07-01-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub_43ACF4  of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15145] [Modified: 07-01-2026] [Analyzed] [V3.1 S2.4:LOW] A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. This affects the function doTotalList of the file src/main/java/com/sohu/cache/web/controller/TotalManageController.java. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

[CVE-2025-15146] [Modified: 07-01-2026] [Analyzed] [V3.1 S2.4:LOW] A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This impacts the function doUserList of the file src/main/java/com/sohu/cache/web/controller/UserManageController.java. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

[CVE-2025-15150] [Modified: 31-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability was found in PX4 PX4-Autopilot up to 1.16.0. Affected by this issue is the function MavlinkLogHandler::state_listing/MavlinkLogHandler::log_entry_from_id of the file src/modules/mavlink/mavlink_log_handler.cpp. The manipulation results in stack-based buffer overflow. The attack is only possible with local access. The patch is identified as 338595edd1d235efd885fd5e9f45e7f9dcf4013d. It is best practice to apply a patch to resolve this issue.