[29/03/2026 07:48] Mais 3.500 fuzileiros navais dos EUA chegam ao Oriente Médio e Irã diz estar 'aguardando' tropas americanas para atacá-las - BBC

[29/03/2026 08:18] Maduro diz que está 'bem' em primeira mensagem publicada da prisão - G1

[28/03/2026 15:17] Douglas Ruas defende eleição direta e diz que disputará governo-tampão no RJ - Diário do Rio

[29/03/2026 11:25] Flávio Bolsonaro: Brasil é solução para os EUA ter minerais de terras raras - em.com.br

[29/03/2026 08:36] Polícia de Israel impede Patriarcado Latino de Jerusalém de celebrar missa de Domingo de Ramos: 'Primeira vez em séculos' - oglobo.globo.com

[29/03/2026 08:22] Papa diz que Deus rejeita orações de líderes que fazem guerras - Folha de S.Paulo

[29/03/2026 12:48] Major aposentado da PM é preso em SP por morder e tentar estrangular mulher - UOL Notícias

[29/03/2026 07:32] Vai chover em BH neste domingo (29/3)? Confira a previsão do tempo - em.com.br

[29/03/2026 07:29] Vídeo: homens ateiam fogo em biblioteca comunitária, em BH - Rádio Itatiaia

[28/03/2026 11:07] Após recuo do Chile, Lula diz que mantém apoio a Bachelet como secretária-geral da ONU - Jovem Pan

[CVE-2025-66422] [Modified: 04-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

[CVE-2025-66423] [Modified: 04-12-2025] [Analyzed] [V3.1 S7.1:HIGH] Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

[CVE-2025-66424] [Modified: 04-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

[CVE-2025-13782] [Modified: 11-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was identified in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Affected by this issue is the function delete of the file application/Admin/Controller/SlideController.class.php of the component SlideController. The manipulation of the argument ids leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-13783] [Modified: 11-12-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. This affects the function check/uncheck/delete of the file application/Comment/Controller/CommentadminController.class.php of the component CommentadminController. The manipulation of the argument ids results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-13784] [Modified: 06-12-2025] [Analyzed] [V3.1 S2.4:LOW] A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-13785] [Modified: 06-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-13786] [Modified: 11-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-13787] [Modified: 04-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] A flaw has been found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/control.php of the component File Handler. Executing manipulation of the argument fileID can lead to improper privilege management. It is possible to launch the attack remotely. Upgrading to version 21.7.7 is sufficient to fix this issue. You should upgrade the affected component.

[CVE-2025-13788] [Modified: 04-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability has been found in Chanjet CRM up to 20251106. The impacted element is an unknown function of the file /tools/upgradeattribute.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-13789] [Modified: 04-12-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. Upgrading to version 21.7.6 mitigates this issue. It is suggested to upgrade the affected component.

[CVE-2025-13790] [Modified: 04-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-13791] [Modified: 04-12-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was identified in Scada-LTS up to 2.7.8.1. Affected is the function Common.getHomeDir of the file br/org/scadabr/vo/exporter/ZIPProjectManager.java of the component Project Import. Such manipulation leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-13797] [Modified: 11-12-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was detected in ADSLR B-QE2W401 250814-r037c. Affected by this issue is the function parameterdel_swifimac of the file /send_order.cgi. Performing manipulation of the argument del_swifimac results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-13798] [Modified: 11-12-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects the function ap_macfilter_add of the file /send_order.cgi. Executing manipulation of the argument mac can lead to command injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-13799] [Modified: 11-12-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability has been found in ADSLR NBR1005GPEV2 250814-r037c. This vulnerability affects the function ap_macfilter_del of the file /send_order.cgi. The manipulation of the argument mac leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-13800] [Modified: 11-12-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was found in ADSLR NBR1005GPEV2 250814-r037c. This issue affects the function set_mesh_disconnect of the file /send_order.cgi. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-13806] [Modified: 30-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A security vulnerability has been detected in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This impacts an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Transaction API. The manipulation of the argument from/to/wei leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

[CVE-2025-13807] [Modified: 04-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability was detected in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected is the function MachineKeyController of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineKeyController.java of the component API. The manipulation results in improper authorization. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-13808] [Modified: 04-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A flaw has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this vulnerability is the function update of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/UserController.java of the component User Profile Handler. This manipulation of the argument ID causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.