[11/02/2026 09:10] Comissão do Senado se reúne nesta quarta com PF e presidente do STF - Correio Braziliense

[11/02/2026 10:33] Piloto da Latam foi preso após voltar de "lua de mel"; veja o que se sabe - CNN Brasil

[11/02/2026 06:56] Corte de Roma nega pedido e mantém juízas no caso de Zambelli - Revista Oeste

[11/02/2026 06:47] Daniela Lima: Por penduricalhos, entidades de classe iniciam périplo no Supremo - UOL Notícias

[11/02/2026 12:55] Lula passa por cauterização para remover excesso de pele do couro cabeludo - CNN Brasil

[11/02/2026 08:50] Menina é estuprada no Rio por sete pessoas após ordem do ‘tribunal do tráfico’, diz polícia - Jovem Pan

[11/02/2026 09:43] Sisu 2026: instituições iniciam convocação da lista de espera — Ministério da Educação - www.gov.br

[11/02/2026 16:41] Rio atmosférico vai reforçar instabilidade e favorecer chuva forte e temporais - MetSul Meteorologia

[10/02/2026 18:38] Lula posa com prefeitos do PL e diz respeitar voto popular - Revista Oeste

[11/02/2026 09:28] Rússia diz que continuará a limitar arsenal nuclear se EUA 'fizerem o mesmo' - UOL Notícias

[CVE-2025-11736] [Modified: 16-10-2025] [Analyzed] [V3.1 S7.3:HIGH] A flaw has been found in itsourcecode Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

[CVE-2025-8459] [Modified: 22-10-2025] [Analyzed] [V3.1 S7.7:HIGH] Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Monitoring recurrent downtime scheduler modules) allows Stored XSS.This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.

[CVE-2025-54273] [Modified: 14-10-2025] [Analyzed] [V3.1 S7.8:HIGH] Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

[CVE-2025-54274] [Modified: 14-10-2025] [Analyzed] [V3.1 S7.8:HIGH] Substance3D - Viewer versions 0.25.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

[CVE-2025-54275] [Modified: 14-10-2025] [Analyzed] [V3.1 S5.5:MEDIUM] Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this vulnerability to crash the application or make it unavailable. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

[CVE-2025-54280] [Modified: 14-10-2025] [Analyzed] [V3.1 S7.8:HIGH] Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

[CVE-2025-34267] [Modified: 27-10-2025] [Analyzed] [V3.1 S9.9:CRITICAL] Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules (Puppeteer and Playwright) within the nodevm execution environment. An authenticated attacker able to create or run a tool that leverages Puppeteer/Playwright can specify attacker-controlled browser binary paths and parameters. When the tool executes, the attacker-controlled executable/parameters are run on the host and circumvent the intended nodevm sandbox restrictions, resulting in execution of arbitrary code in the context of the host. This vulnerability was incorrectly assigned as a duplicate CVE-2025-26319 by the developers and should be considered distinct from that identifier.

[CVE-2025-54276] [Modified: 17-10-2025] [Analyzed] [V3.1 S7.8:HIGH] Substance3D - Modeler versions 1.22.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

[CVE-2025-54281] [Modified: 17-10-2025] [Analyzed] [V3.1 S7.8:HIGH] Adobe Framemaker versions 2020.9, 2022.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

[CVE-2025-54282] [Modified: 17-10-2025] [Analyzed] [V3.1 S7.8:HIGH] Adobe Framemaker versions 2020.9, 2022.7 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

[CVE-2025-54283] [Modified: 16-10-2025] [Analyzed] [V3.1 S7.8:HIGH] Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

[CVE-2025-54284] [Modified: 16-10-2025] [Analyzed] [V3.1 S7.8:HIGH] Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

[CVE-2025-59429] [Modified: 20-01-2026] [Analyzed] [V3.1 S5.4:MEDIUM] FreePBX is an open source GUI for managing Asterisk. In versions prior to 16.0.68.39 for FreePBX 16 and versions prior to 17.0.18.38 for FreePBX 17, a reflected cross-site scripting vulnerability is present on the Asterisk HTTP Status page. The Asterisk HTTP status page is exposed by FreePBX and is available by default on version 16 via any bound IP address at port 8088. By default on version 17, the binding is only to localhost IP, making it significantly less vulnerable. The vulnerability can be exploited by unauthenticated attackers to obtain cookies from logged-in users, allowing them to hijack a session of an administrative user. The theft of admin session cookies allows attackers to gain control over the FreePBX admin interface, enabling them to access sensitive data, modify system configurations, create backdoor accounts, and cause service disruption. This issue has been patched in version 16.0.68.39 for FreePBX 16 and version 17.0.18.38 for FreePBX 17.

[CVE-2025-61798] [Modified: 16-10-2025] [Analyzed] [V3.1 S7.8:HIGH] Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

[CVE-2025-61799] [Modified: 16-10-2025] [Analyzed] [V3.1 S7.8:HIGH] Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

[CVE-2025-61800] [Modified: 16-10-2025] [Analyzed] [V3.1 S7.8:HIGH] Dimension versions 4.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

[CVE-2025-61801] [Modified: 16-10-2025] [Analyzed] [V3.1 S7.8:HIGH] Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

[CVE-2025-61802] [Modified: 16-10-2025] [Analyzed] [V3.1 S7.8:HIGH] Substance3D - Stager versions 3.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

[CVE-2025-61803] [Modified: 16-10-2025] [Analyzed] [V3.1 S7.8:HIGH] Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

[CVE-2025-61805] [Modified: 16-10-2025] [Analyzed] [V3.1 S7.8:HIGH] Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.