[26/03/2026 11:29] Justiça italiana autoriza extradição da ex-deputada Carla Zambelli - Metrópoles

[26/03/2026 03:21] Tendência do STF é ajudar Alcolumbre e derrubar CPMI do INSS - Poder360

[26/03/2026 03:55] STF impõe freios à farra dos penduricalhos - Correio Braziliense

[26/03/2026 07:10] Israel mata comandante da Marinha do Irã, líder do bloqueio de Ormuz - Correio Braziliense

[26/03/2026 06:49] Trump diz que Irã 'tem medo' de admitir que está negociando; Teerã volta a negar conversas com EUA - BBC

[25/03/2026 20:59] Lula comete lapso ao falar sobre respeito do Brasil 'no mundo do crime' - Revista Oeste

[26/03/2026 10:51] ‘Nikolas mentiu pra você de novo’, diz Tabata - Estado de Minas

[26/03/2026 07:23] MP deflagra operação contra esquema de corrupção na Secretaria da Fazenda de São Paulo - Brasil 247

[26/03/2026 06:42] Acusados de matar cantora gospel Sara Freitas são condenados; penas variam de 28 a 34 anos de prisão - G1

[26/03/2026 07:57] Carreta despenca de ribanceira e interdita BR-381 - O TEMPO

[CVE-2025-50399] [Modified: 02-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter password.

[CVE-2025-50402] [Modified: 02-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter string fac_password.

[CVE-2025-63938] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the strip_return_port() function within src/reqs.c.

[CVE-2025-65235] [Modified: 02-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function.

[CVE-2025-65236] [Modified: 02-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint.

[CVE-2025-65237] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] A reflected cross-site scripted (XSS) vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload.

[CVE-2025-65238] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information.

[CVE-2025-65239] [Modified: 30-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs.

[CVE-2025-11461] [Modified: 19-12-2025] [Analyzed] [V3.1 S8.8:HIGH] Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1.

[CVE-2025-2486] [Modified: 19-12-2025] [Analyzed] [V3.1 S8.8:HIGH] The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based decision to continue running inside the Shell itself, which is believed to be sufficient to enforce Secure Boot restrictions. This is an additional repair on top of the incomplete fix for CVE-2023-48733.

[CVE-2025-55469] [Modified: 05-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend.

[CVE-2025-55471] [Modified: 05-12-2025] [Analyzed] [V3.1 S7.5:HIGH] Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users.

[CVE-2025-26155] [Modified: 30-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability.

[CVE-2025-65669] [Modified: 03-12-2025] [Analyzed] [V3.1 S9.1:CRITICAL] An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction.

[CVE-2025-65672] [Modified: 05-12-2025] [Analyzed] [V3.1 S7.5:HIGH] Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course settings.

[CVE-2025-65675] [Modified: 05-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures.

[CVE-2025-65676] [Modified: 03-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images.

[CVE-2025-65681] [Modified: 30-12-2025] [Analyzed] [V3.1 S3.3:LOW] An issue was discovered in Overhang.IO (tutor-open-edx) (overhangio/tutor) 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks.

[CVE-2025-65966] [Modified: 05-12-2025] [Analyzed] [V3.1 S8.1:HIGH] OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. This issue has been patched in version 9.1.0.

[CVE-2025-66028] [Modified: 05-12-2025] [Analyzed] [V3.1 S8.2:HIGH] OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege escalation via Login Response Manipulation. During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying this parameter value from false to true, it is possible to gain access to the admin dashboard interface. However, an attacker may be unable to view or interact with the data if they still do not have sufficient permissions. This issue has been patched in version 8.0.5567.