[31/03/2026 08:03] Em despedida recorde, Lula passará o bastão para 20 novos ministros - Poder360

[31/03/2026 10:52] Filho de humorista morre atropelado com a mãe em acidente com bicicleta elétrica no Rio - Estadão

[31/03/2026 08:26] Os números da pesquisa Estadão/Atlas para o Senado em São Paulo - cartacapital.com.br

[31/03/2026 12:14] CPI do Crime Organizado restabelece quebras de sigilo, depois de decisão de Moraes - Revista Oeste

[31/03/2026 06:00] Alerta de tempestades e chuvas intensas atinge 24 Estados - Revista Oeste

[31/03/2026 12:56] Lula sanciona ampliação da licença-paternidade; veja o que muda e os próximos passos - G1

[31/03/2026 14:38] Governo Jorginho aceita proposta de Lula para baixar preço do diesel, mas impõe condições - NSC Total

[31/03/2026 08:21] Com mais de uma década de atraso, SP inaugura Linha 17-Ouro do Metrô - cnnbrasil.com.br

[30/03/2026 20:49] Lindbergh pede a Moraes que Bolsonaro volte para a Papudinha - Poder360

[31/03/2026 07:46] MPSP deflagra ação contra esquema criminoso que visava golpe contra espólio de fundador de Unip e Objetivo - Valor Econômico

[CVE-2024-56089] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.5:HIGH] An issue in Technitium through v13.2.2 enables attackers to conduct a DNS cache poisoning attack and inject fake responses by reviving the birthday attack.

[CVE-2025-63520] [Modified: 02-12-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fupdate).

[CVE-2025-63522] [Modified: 02-12-2025] [Analyzed] [V3.1 S4.6:MEDIUM] Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function

[CVE-2025-63523] [Modified: 02-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes.

[CVE-2025-63526] [Modified: 02-12-2025] [Analyzed] [V3.1 S8.5:HIGH] A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg parameter, which is then executed in the victim's browser when the page is viewed.

[CVE-2025-63527] [Modified: 02-12-2025] [Analyzed] [V3.1 S8.5:HIGH] A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the hname, hemail, hpassword, hphone, hcity parameters, which are then executed in the victim's browser when the page is viewed.

[CVE-2025-63528] [Modified: 02-12-2025] [Analyzed] [V3.1 S8.5:HIGH] A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the blooddinfo.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the error parameter, which is then executed in the victim's browser when the page is viewed.

[CVE-2025-63529] [Modified: 02-12-2025] [Analyzed] [V3.1 S6.1:MEDIUM] A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that allows an attacker to set or predict a user's session identifier prior to authentication. When the victim logs in, the application continues to use the attacker-supplied session ID rather than generating a new one, enabling the attacker to hijack the authenticated session and gain unauthorized access to the victim's account.

[CVE-2025-63531] [Modified: 02-12-2025] [Analyzed] [V3.1 S10.0:CRITICAL] A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and rpassword fields, an attacker can bypass authentication and gain unauthorized access to the system.

[CVE-2025-64030] [Modified: 29-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Eximbills Enterprise 4.1.5 (Built on 2020-10-30) is vulnerable to authenticated stored cross-site scripting (CWE-79) via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPL_INFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript execution in their browsers.

[CVE-2024-32384] [Modified: 23-12-2025] [Analyzed] [V3.1 S6.8:MEDIUM] Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device.

[CVE-2024-32388] [Modified: 23-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This allows an attacker to bypass the firewall and access UDP-based services that would otherwise be protected.

[CVE-2024-39148] [Modified: 23-12-2025] [Analyzed] [V3.1 S8.1:HIGH] The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall.

[CVE-2024-48882] [Modified: 05-12-2025] [Analyzed] [V3.1 S8.6:HIGH] A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.

[CVE-2024-48894] [Modified: 05-12-2025] [Analyzed] [V3.1 S5.9:MEDIUM] A cleartext transmission vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.

[CVE-2024-49572] [Modified: 05-12-2025] [Analyzed] [V3.1 S7.2:HIGH] A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service and weaken credentials resulting in default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.

[CVE-2024-53684] [Modified: 05-12-2025] [Analyzed] [V3.1 S7.5:HIGH] A cross-site request forgery (csrf) vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious webpage to trigger this vulnerability.

[CVE-2025-11699] [Modified: 19-12-2025] [Analyzed] [V3.1 S7.1:HIGH] nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid session cookie access to privileged endpoints (such as /admin) even after the legitimate user has logged out, enabling session hijacking. Any version above 4.70 that is not 4.80.3 fixes the vulnerability.

[CVE-2025-20085] [Modified: 05-12-2025] [Analyzed] [V3.1 S7.2:HIGH] A denial of service vulnerability exists in the Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service and weaken credentials resulting in default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.

[CVE-2025-23417] [Modified: 05-12-2025] [Analyzed] [V3.1 S8.6:HIGH] A denial of service vulnerability exists in the Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.