[17/03/2026 08:25] INSS: Mendonça impõe tornozeleira à deputada do MDB em operação da PF - Jovem Pan

[17/03/2026 05:40] Mendonça restringe acesso da CPMI a celular de Vorcaro após envio de conteúdo íntimo - ICL Notícias

[17/03/2026 05:50] Esnobado e isolado, Donald Trump critica aliados por omissão no Irã - Correio Braziliense

[17/03/2026 07:04] Israel diz que Chefe do Conselho de Segurança do Irã foi morto - Jovem Pan

[17/03/2026 12:13] Bolsonaro tem melhora clínica, mas segue na UTI sem previsão de alta - G1

[17/03/2026 00:00] Tenente-coronel marido de PM que morreu com tiro na cabeça já foi condenado por abuso de autoridade contra colega: 'Objetivo de atingir sua dignidade' - G1

[17/03/2026 10:27] ECA Digital começa a valer nesta terça; confira principais pontos - Agência Brasil

[17/03/2026 05:01] Vorcaro e Mansur unidos contra a República - Valor Econômico

[17/03/2026 11:43] Bolsonaro quer diálogo com Zema e avalia composição de chapa - Estado de Minas

[17/03/2026 11:44] Amanda Cotrim: Foragido do 8/1 usou fake news para obter refúgio político na Argentina - UOL Notícias

[CVE-2025-13287] [Modified: 19-11-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A weakness has been identified in itsourcecode Online Voting System 1.0. This affects an unknown function of the file /index.php?page=categories. Executing manipulation of the argument id/category can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.

[CVE-2025-13288] [Modified: 19-11-2025] [Analyzed] [V3.1 S8.8:HIGH] A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

[CVE-2025-13289] [Modified: 19-11-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was detected in 1000projects Design & Development of Student Database Management System 1.0. Affected is an unknown function of the file /TeacherLogin/Academics/SubjectDetails.php. The manipulation of the argument SubCode results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.

[CVE-2025-63708] [Modified: 20-11-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Cross-Site Scripting (XSS) vulnerability exists in SourceCodester AI Font Matcher (nid=18425, 2025-10-10) that allows remote attackers to execute arbitrary JavaScript in victims' browsers. The vulnerability occurs in the webfonts API handling mechanism where font family names are not properly sanitized. An attacker can intercept fetch requests to the webfonts endpoint and inject malicious JavaScript payloads through font family names, resulting in session cookie theft, account hijacking, and unauthorized actions performed on behalf of authenticated users. The vulnerability can be exploited by injecting a fetch hook that returns controlled font data containing malicious scripts.

[CVE-2025-63747] [Modified: 26-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Because the account provides administrative privileges in the default configuration, an attacker who can reach the login page can gain administrative access.

[CVE-2025-63748] [Modified: 26-11-2025] [Analyzed] [V3.1 S8.8:HIGH] QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View Attachment" option, which executes the PHP payload on the server.

[CVE-2025-63916] [Modified: 16-01-2026] [Analyzed] [V3.1 S8.1:HIGH] MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the user running the application. The vulnerability exists in the CMD() function within GIFSicleTool\Form_gif_sicle_tool.cs, which constructs shell commands by concatenating unsanitized user input (file paths) and executes them via cmd.exe.

[CVE-2025-64046] [Modified: 19-11-2025] [Analyzed] [V3.1 S6.1:MEDIUM] OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /system/update-run.php.

[CVE-2024-44641] [Modified: 19-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpass parameter in change-password.php.

[CVE-2024-44644] [Modified: 19-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the frm_id and aremark parameters in manage-tickets.php.

[CVE-2024-44647] [Modified: 19-11-2025] [Analyzed] [V3.1 S6.1:MEDIUM] PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via the aremark parameter in manage-tickets.php.

[CVE-2024-44648] [Modified: 19-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adminremark parameters in quote-details.php.

[CVE-2024-44652] [Modified: 19-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email, username, user_firstname, user_lastname, and user_address parameters in user_register.php.

[CVE-2024-46334] [Modified: 19-11-2025] [Analyzed] [V3.1 S6.1:MEDIUM] kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the formuser and formpassword parameters in /adminLogin.php.

[CVE-2024-46336] [Modified: 19-11-2025] [Analyzed] [V3.1 S6.1:MEDIUM] kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php.

[CVE-2025-13290] [Modified: 19-11-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability has been found in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /saveorder.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-58410] [Modified: 12-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This is caused by improper handling of the memory protections for the buffer resource.

[CVE-2025-62519] [Modified: 05-01-2026] [Analyzed] [V3.1 S7.2:HIGH] phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitation can lead to a full compromise of the database, including reading, modifying, or deleting all data, as well as potential remote code execution depending on the database configuration. This issue has been patched in version 4.0.14.

[CVE-2025-63917] [Modified: 08-01-2026] [Analyzed] [V3.1 S7.1:HIGH] PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity (XXE) references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem, exfiltrate sensitive data via out-of-band (OOB) HTTP requests, perform SSRF attacks against internal network resources, or cause a denial of service via entity expansion attacks.

[CVE-2025-63918] [Modified: 08-01-2026] [Analyzed] [V3.1 S6.2:MEDIUM] PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations.