[17/04/2026 17:00] 'Lenda': veja a repercussão internacional da morte de Oscar Schmidt - G1

[17/04/2026 15:31] Irã ameaça fechar novamente Estreito de Ormuz após ação dos EUA - Correio Braziliense

[17/04/2026 11:44] Novo presidente da Alerj entra na linha sucessória e assume como governador do Rio? Entenda - O GLOBO

[17/04/2026 05:37] Lula na Espanha: por que presença em reunião global da esquerda pode ser campo minado para o presidente - BBC

[17/04/2026 11:20] Alice Ribeiro, repórter que teve morte encefálica confirmada após acidente em MG, deixa bebê de nove meses - GZH

[17/04/2026 14:06] Veja foto do ex-presidente do BRB na Papuda - Revista Oeste

[17/04/2026 08:01] Lula prepara ofensiva contra as bets em decreto presidencial - Brasil 247

[17/04/2026 19:33] Fintech citada em esquema de MC Ryan é investigada no caso Master - Folha de S.Paulo

[17/04/2026 14:48] Caso Henry: Gilmar Mendes restabelece prisão de Monique Medeiros - Correio Braziliense

[17/04/2026 10:41] Motta marca sessão para PEC da escala 6x1 e articula com o governo - Correio Braziliense

[CVE-2019-25228] [Modified: 24-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] An information disclosure vulnerability in Kentico Xperience allows attackers to leak virtual context URLs via the HTTP Referer header when users interact with third-party domains. Sensitive virtual context information can be exposed to external domains through page builder interactions and link/image loading.

[CVE-2019-25229] [Modified: 24-12-2025] [Analyzed] [V3.1 S8.8:HIGH] An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types via MVC form file uploader components. Attackers can manipulate file names and upload potentially malicious files to the system, enabling unauthorized file uploads.

[CVE-2019-25230] [Modified: 24-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through the live site widget properties dialog. Attackers can exploit this vulnerability to access unauthorized system information without proper access controls.

[CVE-2020-36890] [Modified: 24-12-2025] [Analyzed] [V3.1 S7.2:HIGH] An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges via unauthorized requests. Attackers could potentially compromise global administrator accounts and invalidate security-sensitive macros by manipulating user privilege levels.

[CVE-2021-47711] [Modified: 24-12-2025] [Analyzed] [V3.1 S8.8:HIGH] A SQL injection vulnerability in Kentico Xperience allows authenticated editors to inject malicious SQL queries via online marketing macro method parameters. This enables unauthorized database access and potential data manipulation by exploiting macro method input validation weaknesses.

[CVE-2021-47712] [Modified: 24-12-2025] [Analyzed] [V3.1 S7.5:HIGH] A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hashing mechanisms. The hotfix introduces an additional security layer to prevent hash value reuse and potential exploitation.

[CVE-2022-50682] [Modified: 24-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] A CRLF injection vulnerability in Kentico Xperience allows attackers to manipulate URL query string redirects via improper encoding in the routing engine. This could enable header injection and potentially facilitate further web application attacks.

[CVE-2023-53934] [Modified: 24-12-2025] [Analyzed] [V3.1 S7.5:HIGH] A denial of service vulnerability in Kentico Xperience allows attackers to launch DoS attacks via specially crafted requests to the GetResource handler. Improper input validation enables remote attackers to potentially disrupt service availability through maliciously constructed requests.

[CVE-2023-53937] [Modified: 14-01-2026] [Analyzed] [V3.1 S7.8:HIGH] Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL using Metasploit and place it in the system32 directory to obtain a reverse shell during application startup.

[CVE-2023-53938] [Modified: 31-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute arbitrary JavaScript in victim's browser.

[CVE-2023-53939] [Modified: 24-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary JavaScript when other users view the affected gallery pages.

[CVE-2023-53941] [Modified: 26-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the app_service_control parameter. Attackers can send POST requests to /index.php?zone=settings with crafted app_service_control values to execute commands with administrative privileges.

[CVE-2023-53942] [Modified: 31-12-2025] [Analyzed] [V3.1 S8.8:HIGH] File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with a command parameter.

[CVE-2023-53943] [Modified: 31-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identify valid user accounts.

[CVE-2023-53944] [Modified: 26-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read system files such as /windows/win.ini.

[CVE-2024-58317] [Modified: 24-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session security and authentication state.

[CVE-2024-58320] [Modified: 24-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] An information disclosure vulnerability in Kentico Xperience allows public users to access sensitive administration interface hostname details during authentication. Attackers can retrieve confidential hostname configuration information through a public endpoint, potentially exposing internal network details.

[CVE-2025-65566] [Modified: 06-01-2026] [Analyzed] [V3.1 S7.5:HIGH] A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Session Report Response that is missing the mandatory Cause Information Element, the session report handler dereferences a nil pointer instead of rejecting the malformed message. This triggers a panic and terminates the UPF process. An attacker who can send PFCP Session Report Response messages to the UPF's N4/PFCP endpoint can exploit this flaw to repeatedly crash the UPF and disrupt user-plane services.

[CVE-2025-67163] [Modified: 31-12-2025] [Analyzed] [V3.1 S6.1:MEDIUM] A stored cross-site scripting (XSS) vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter.

[CVE-2025-14848] [Modified: 31-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files.