[01/04/2026 05:47] EUA vão sair do Irã “muito em breve”, diz Trump - Poder360

[31/03/2026 11:25] Lula anuncia Alckmin como vice na chapa para as eleições de 2026 - Estado de Minas

[31/03/2026 14:36] Humorista Cacofonias fala de sentimento por velório do filho, que morreu atropelado: 'Destroçado' - Extra online

[01/04/2026 07:54] Licença-paternidade: entenda como funcionará nova lei que permite 20 dias de benefício - R7

[01/04/2026 09:38] Vamos ter que colocar alguém na cadeia, diz Lula sobre alta do diesel - CNN Brasil

[31/03/2026 23:00] Grupo de ministros se irrita com Fachin e fala em presidente do STF desmoralizado - Folha de S.Paulo

[01/04/2026 09:03] Lula diz que Ciro Gomes é "destemperado" e se acha "referência" partidária - CNN Brasil

[31/03/2026 14:38] Governo Jorginho aceita proposta de Lula para baixar preço do diesel, mas impõe condições - NSC Total

[01/04/2026 06:00] ITA Ceará recebe Lula hoje para inauguração do primeiro bloco estudantil; veja imagens - Diário do Nordeste

[01/04/2026 09:39] ‘Beijo da morte’: adolescente mata namorada em MG - Estado de Minas

[CVE-2025-13295] [Modified: 12-02-2026] [Analyzed] [V3.1 S7.5:HIGH] Insertion of Sensitive Information Into Sent Data vulnerability in Argus Technology Inc. BILGER allows Choosing Message Identifier.This issue affects BILGER: before 2.4.9.

[CVE-2025-41013] [Modified: 03-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'.

[CVE-2025-41014] [Modified: 03-12-2025] [Analyzed] [V3.1 S7.5:HIGH] User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in '/WS/PDAWebService.asmx'.

[CVE-2025-41015] [Modified: 03-12-2025] [Analyzed] [V3.1 S7.5:HIGH] User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in '/WS/PDAWebService.asmx'.

[CVE-2025-41066] [Modified: 03-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the specified user exists, the server will return the download of an empty file; if it does not exist, no download will be initiated, which unequivocally reveals the validity of the user.

[CVE-2025-41086] [Modified: 03-02-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculate the checksum and generate a valid license to grant themselves full privileges without credentials or access to the source code, allowing them unrestricted access to GAMS's mathematical models and commercial solvers.

[CVE-2025-65858] [Modified: 23-12-2025] [Analyzed] [V3.1 S3.5:LOW] A Stored Cross-Site Scripting (XSS) vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field during user creation. The payload is stored unsanitized and later executed when the /ajax/listusers endpoint is accessed.

[CVE-2025-13505] [Modified: 30-01-2026] [Analyzed] [V3.1 S4.8:MEDIUM] Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Datateam Information Technologies Inc. Datactive allows Stored XSS.This issue affects Datactive: from 2.13.34 before 2.14.0.6.

[CVE-2025-13876] [Modified: 26-02-2026] [Analyzed] [V3.1 S5.3:MEDIUM] A security vulnerability has been detected in Rareprob HD Video Player All Formats App 12.1.372 on Android. Impacted is an unknown function of the component com.rocks.music.videoplayer. The manipulation leads to path traversal. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-59693] [Modified: 15-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without leaving evidence, and accessing the JTAG connector. This is called F02.

[CVE-2025-59694] [Modified: 15-12-2025] [Analyzed] [V3.1 S6.8:MEDIUM] The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence the (insecurely configured) appliance boot process. To exploit this, the attacker must modify the firmware via JTAG or perform an upgrade to the chassis management board firmware. This is called F03.

[CVE-2025-59695] [Modified: 15-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board (without Authentication). This is called F04.

[CVE-2025-59696] [Modified: 08-12-2025] [Analyzed] [V3.1 S3.2:LOW] Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper events via the Chassis management board.

[CVE-2025-59697] [Modified: 08-12-2025] [Analyzed] [V3.1 S7.2:HIGH] Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is called F06.

[CVE-2025-59698] [Modified: 08-12-2025] [Analyzed] [V3.1 S6.8:MEDIUM] Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, might allow a physically proximate attacker to gain access to the EOL legacy bootloader.

[CVE-2025-59699] [Modified: 08-12-2025] [Analyzed] [V3.1 S6.8:MEDIUM] Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by booting from a USB device with a valid root filesystem. This occurs because of insecure default settings in the Legacy GRUB Bootloader.

[CVE-2025-59701] [Modified: 08-12-2025] [Analyzed] [V3.1 S4.1:MEDIUM] Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker (with elevated privileges) to read and modify the Appliance SSD contents (because they are unencrypted).

[CVE-2025-59702] [Modified: 08-12-2025] [Analyzed] [V3.1 S7.2:HIGH] Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to falsify tamper events by accessing internal components.

[CVE-2025-59705] [Modified: 08-12-2025] [Analyzed] [V3.1 S6.8:MEDIUM] Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to Escalate Privileges by enabling the USB interface through chassis probe insertion during system boot, aka "Unauthorized Reactivation of the USB interface" or F01.

[CVE-2025-13372] [Modified: 12-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. `FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Stackered for reporting this issue.