[01/04/2025 20:19] Senado aprova Lei da Reciprocidade após manobra de Randolfe - Gazeta do Povo

[01/04/2025 15:17] Por anistia, bancada do PL obstrui trabalhos na Câmara; CCJ é suspensa - Valor Econômico

[01/04/2025 17:48] Paraguai suspende negociação com Brasil sobre Itaipu - Poder360

[01/04/2025 14:15] Senador democrata bate recorde com discurso de mais de 25 horas contra Trump – Mundo - CartaCapital

[01/04/2025 19:20] PGR pede prisão de primo de Carluxo - O Antagonista

[01/04/2025 19:54] Em greve nacional, entregadores brecam saída de pedidos em shoppings na capital paulista - Brasil de Fato

[01/04/2025 16:53] Zema revoga aumento do ICMS sobre produtos importados - Estado de Minas

[01/04/2025 19:06] Quem era o arquiteto que morreu após atropelar ladrão em SP - CNN Brasil

[01/04/2025 20:01] Segundo episódio de instabilidade trará chuva e risco de novos temporais - MetSul Meteorologia

[01/04/2025 13:55] Botafogo publica manifesto pela democracia no Brasil: ‘Ditadura nunca mais’ - FogãoNET

[CVE-2018-9441] [Modified: 18-12-2024] [Analyzed] [V3.1 S5.5:MEDIUM] In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

[CVE-2018-9449] [Modified: 18-12-2024] [Analyzed] [V3.1 S5.5:MEDIUM] In process_service_search_attr_rsp of sdp_discovery.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

[CVE-2024-8748] [Modified: 21-01-2025] [Analyzed] [V3.1 S7.5:HIGH] A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.

[CVE-2024-9197] [Modified: 21-01-2025] [Analyzed] [V3.1 S4.9:MEDIUM] A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled.

[CVE-2024-9200] [Modified: 21-01-2025] [Analyzed] [V3.1 S7.2:HIGH] A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.

[CVE-2024-10484] [Modified: 07-02-2025] [Analyzed] [V3.1 S6.4:MEDIUM] The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

[CVE-2024-49410] [Modified: 10-02-2025] [Analyzed] [V3.1 S5.9:MEDIUM] Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.

[CVE-2024-49411] [Modified: 10-02-2025] [Analyzed] [V3.1 S4.3:MEDIUM] Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.

[CVE-2024-49413] [Modified: 10-02-2025] [Analyzed] [V3.1 S7.1:HIGH] Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.

[CVE-2024-49414] [Modified: 10-02-2025] [Analyzed] [V3.1 S2.4:LOW] Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.

[CVE-2024-49415] [Modified: 10-02-2025] [Analyzed] [V3.1 S8.1:HIGH] Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.

[CVE-2024-9058] [Modified: 29-01-2025] [Analyzed] [V3.1 S6.4:MEDIUM] The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

[CVE-2024-11782] [Modified: 10-02-2025] [Analyzed] [V3.1 S6.4:MEDIUM] The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

[CVE-2024-12062] [Modified: 27-03-2025] [Analyzed] [V3.1 S4.3:MEDIUM] The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.

[CVE-2024-47476] [Modified: 03-02-2025] [Analyzed] [V3.1 S7.8:HIGH] Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution.

[CVE-2024-10074] [Modified: 11-12-2024] [Analyzed] [V3.1 S8.8:HIGH] in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free.

[CVE-2024-12082] [Modified: 11-12-2024] [Analyzed] [V3.1 S5.5:MEDIUM] in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

[CVE-2024-42422] [Modified: 03-02-2025] [Analyzed] [V3.1 S8.3:HIGH] Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

[CVE-2024-9978] [Modified: 11-12-2024] [Analyzed] [V3.1 S5.5:MEDIUM] in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

[CVE-2021-29892] [Modified: 11-12-2024] [Analyzed] [V3.1 S5.9:MEDIUM] IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.