[28/04/2026 07:00] Atlas Bloomberg: Lula empata com Flávio, Jair e Zema em eventual 2º turno - CNN Brasil

[28/04/2026 04:00] Às vésperas de sabatina de Messias, governo empenha R$ 12 bilhões em emendas em abril - G1

[27/04/2026 20:32] Ataque israelense mata dois brasileiros no Líbano, diz Itamaraty - CartaCapital

[28/04/2026 07:38] Frio congelante coloca mais de 120 cidades do Sul do Brasil em perigo - NSC Total

[27/04/2026 18:25] Polícia prende aliado de traficante Peixão em hospital no Centro do Rio - O GLOBO

[27/04/2026 06:04] Frentes querem transformar escala 6 X 1 em nova reforma trabalhista - Poder360

[27/04/2026 22:44] Secretário de Estado de Educação de Minas Gerais é exonerado do cargo - Estado de Minas

[26/04/2026 16:50] PT, PV e PCdoB acionam TSE contra perfil de IA que faz críticas à esquerda - CNN Brasil

[27/04/2026 22:08] Ex-vereadora do Rio Luciana Novaes tem protocolo de morte cerebral acionado - Extra online

[27/04/2026 16:20] “Não vejo Lula nem Flávio ganhando a eleição”, diz Kassab - Poder360

[CVE-2025-15177] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.2:HIGH] A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-15225] [Modified: 31-12-2025] [Analyzed] [V3.1 S7.5:HIGH] WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files.

[CVE-2025-15226] [Modified: 31-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

[CVE-2025-15178] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.2:HIGH] A vulnerability was found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/VirtualSer of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.

[CVE-2025-15179] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.2:HIGH] A vulnerability was determined in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/qossetting. This manipulation of the argument page causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-15227] [Modified: 31-12-2025] [Analyzed] [V3.1 S7.5:HIGH] BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.

[CVE-2025-15228] [Modified: 31-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

[CVE-2025-15180] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.2:HIGH] A vulnerability was identified in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/webExcptypemanFilte of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used.

[CVE-2025-15181] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A security flaw has been discovered in code-projects Refugee Food Management System 1.0. The impacted element is an unknown function of the file /home/pagenateRefugeesList.php. Performing manipulation of the argument rfid results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

[CVE-2025-15182] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.

[CVE-2025-15183] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This impacts an unknown function of the file /home/viewtakenfd.php. The manipulation of the argument tfid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

[CVE-2025-15184] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was detected in code-projects Refugee Food Management System 1.0. Affected is an unknown function of the file /home/refugeesreport2.php. The manipulation of the argument a results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.

[CVE-2025-15185] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A flaw has been found in code-projects Refugee Food Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /home/refugeesreport.php. This manipulation of the argument a causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

[CVE-2025-15186] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such manipulation of the argument a leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-15189] [Modified: 30-12-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.

[CVE-2025-15190] [Modified: 30-12-2025] [Analyzed] [V3.1 S8.8:HIGH] A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited.

[CVE-2025-15191] [Modified: 30-12-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.

[CVE-2025-57460] [Modified: 31-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] File upload vulnerability in machsol machpanel 8.0.32 allows attacker to gain a webshell.

[CVE-2025-15192] [Modified: 30-12-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

[CVE-2025-15193] [Modified: 30-12-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.