[25/02/2026 15:19] Desembargador recua e condena homem de 35 anos por estupro de menina em MG - UOL Notícias

[24/02/2026 21:23] Supremo evita responder se vai investigar PF por abuso de poder - Poder360

[25/02/2026 12:23] Cargill foi abandonada pelo governo, diz advogada da empresa - Poder360

[25/02/2026 14:13] Frente fria reforça chuva em SC e Defesa Civil emite alerta de risco alto para três regiões - NSC Total

[25/02/2026 08:16] TRE-SP proíbe Marçal de frequentar bares, boates e casas de prostituição - CNN Brasil

[25/02/2026 06:08] Agronegócio é o maior vencedor em viagem de Lula à Coreia do Sul - Poder360

[25/02/2026 15:19] Flávio Bolsonaro: Anotações revelam apoio a Riedel e pedido milionário - Campo Grande News

[25/02/2026 15:53] Americano é deportado da Indonésia após matar a sogra e esconder corpo em mala durante viagem de luxo - G1

[24/02/2026 18:02] Rússia acusa Ucrânia de tentar obter arma nuclear com Reino Unido e França - CNN Brasil

[24/02/2026 22:48] EUA enviam caças furtivos F-22 para Israel em meio à tensão com o Irã - CNN Brasil

[CVE-2025-54604] [Modified: 07-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).

[CVE-2025-54605] [Modified: 07-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).

[CVE-2025-12422] [Modified: 07-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

[CVE-2025-60355] [Modified: 08-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

[CVE-2025-60800] [Modified: 06-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request.

[CVE-2025-12423] [Modified: 07-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

[CVE-2025-12424] [Modified: 07-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

[CVE-2025-12425] [Modified: 07-11-2025] [Analyzed] [V3.1 S7.8:HIGH] Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

[CVE-2025-40843] [Modified: 14-11-2025] [Analyzed] [V3.1 S5.9:MEDIUM] CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects CodeChecker: through 6.26.1.

[CVE-2025-59837] [Modified: 25-11-2025] [Analyzed] [V3.1 S7.2:HIGH] Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery (SSRF) and potentially cross-site scripting (XSS). This vulnerability exists due to an incomplete fix for CVE-2025-58179. Fixed in 5.13.10.

[CVE-2025-11374] [Modified: 22-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.

[CVE-2025-11375] [Modified: 22-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.

[CVE-2025-43017] [Modified: 21-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities.

[CVE-2025-61598] [Modified: 03-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning attacks. This vulnerability is fixed in 3.6.2 and 3.6.0.beta2.

[CVE-2025-62800] [Modified: 07-11-2025] [Analyzed] [V3.1 S6.1:MEDIUM] FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page (oauth_callback.py) where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScript execution in the callback server origin. The issue is fixed in version 2.13.0.

[CVE-2025-62801] [Modified: 04-11-2025] [Analyzed] [V3.1 S7.8:HIGH] FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the server_name field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This vulnerability is fixed in 2.13.0.

[CVE-2025-62802] [Modified: 03-11-2025] [Analyzed] [V3.1 S4.3:MEDIUM] DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most implementations. This vulnerability is fixed in 10.1.1.

[CVE-2025-64094] [Modified: 03-11-2025] [Analyzed] [V3.1 S6.4:MEDIUM] DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. This vulnerability exists because of an incomplete fix for CVE-2025-48378. This vulnerability is fixed in 10.1.1.

[CVE-2025-64095] [Modified: 03-11-2025] [Analyzed] [V3.1 S10.0:CRITICAL] DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads. This vulnerability is fixed in 10.1.1.

[CVE-2025-11702] [Modified: 03-11-2025] [Analyzed] [V3.1 S8.5:HIGH] GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permissions to hijack project runners from other projects.