[17/02/2026 07:39] Khamenei diz que Trump não conseguirá derrubá-lo e ameaça afundar porta-aviões dos EUA - G1

[17/02/2026 08:19] Enchente em Guarulhos arrasta mulher e deixa pessoas ilhadas - Jovem Pan

[17/02/2026 12:48] Carnaval de BH é destaque na mídia internacional - Estado de Minas

[17/02/2026 10:02] Navio atinge balsas no Porto de Santos e tripulantes pulam no mar - Jovem Pan

[17/02/2026 10:26] Se depender de Alcolumbre, não vai ter impeachment no STF - O Antagonista

[17/02/2026 09:07] Colisão entre van e caminhão deixa 5 mortos no DF - Correio Braziliense

[17/02/2026 13:20] Hang publica foto de família em ‘lata de conserva’ para criticar desfile de Carnaval - ND Mais

[17/02/2026 10:58] Chuva banha 48 cidades do Ceará nesta terça (17) de Carnaval; Paracuru registra o maior volume - Diário do Nordeste

[16/02/2026 17:46] Carnaval de BH: mulheres héteros estão no ‘mapa da fome’, brinca foliona - O TEMPO

[16/02/2026 16:41] Caso Master: defesa de Vorcaro avalia pedir nulidade de processo após troca de relator no STF - O Globo

[CVE-2025-11979] [Modified: 04-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server v7.0 versions prior to 7.0.25, MongoDB Server v8.0 versions prior to 8.0.15, and MongoDB Server version 8.2.0.

[CVE-2025-47900] [Modified: 28-10-2025] [Analyzed] [V3.1 S8.8:HIGH] Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.

[CVE-2025-47901] [Modified: 28-10-2025] [Analyzed] [V3.1 S8.8:HIGH] Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.

[CVE-2025-47902] [Modified: 28-10-2025] [Analyzed] [V3.1 S8.8:HIGH] Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5.

[CVE-2025-55086] [Modified: 24-10-2025] [Analyzed] [V3.1 S9.8:CRITICAL] In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memory read.

[CVE-2025-62509] [Modified: 04-12-2025] [Analyzed] [V3.1 S8.1:HIGH] FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to version 1.4.0, a business logic flaw in FileRise’s file/folder handling allows low-privilege users to perform unauthorized operations (view/delete/modify) on files created by other users. The root cause was inferring ownership/visibility from folder names (e.g., a folder named after a username) and missing server-side authorization/ownership checks across file operation endpoints. This amounted to an IDOR pattern: an attacker could operate on resources identified only by predictable names. This issue has been patched in version 1.4.0 and further hardened in version 1.5.0. A workaround for this issue involves restricting non-admin users to read-only or disable delete/rename APIs server-side, avoid creating top-level folders named after other usernames, and adding server-side checks that verify ownership before delete/rename/move.

[CVE-2025-62510] [Modified: 04-12-2025] [Analyzed] [V3.1 S8.1:HIGH] FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In version 1.4.0, a regression allowed folder visibility/ownership to be inferred from folder names. Low-privilege users could see or interact with folders matching their username and, in some cases, other users’ content. This issue has been patched in version 1.5.0, where it introduces explicit per-folder ACLs (owners/read/write/share/read_own) and strict server-side checks across list, read, write, share, rename, copy/move, zip, and WebDAV paths.

[CVE-2025-62527] [Modified: 30-10-2025] [Analyzed] [V3.1 S7.1:HIGH] Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been patched in version 1.5.0.

[CVE-2025-62528] [Modified: 30-10-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0.

[CVE-2025-8048] [Modified: 28-10-2025] [Analyzed] [V3.1 S6.5:MEDIUM] External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and then download the specified file from the system by requesting the stored document ID. This issue affects Flipper: 3.1.2.

[CVE-2025-8049] [Modified: 28-10-2025] [Analyzed] [V3.1 S8.8:HIGH] Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application. This issue affects Flipper: 3.1.2.

[CVE-2025-8051] [Modified: 28-10-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal.  The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2.

[CVE-2025-8052] [Modified: 28-10-2025] [Analyzed] [V3.1 S8.8:HIGH] SQL Injection vulnerability in opentext Flipper allows SQL Injection.  The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2.

[CVE-2025-8053] [Modified: 28-10-2025] [Analyzed] [V3.1 S9.1:CRITICAL] Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges. This issue affects Flipper: 3.1.2.

[CVE-2025-60781] [Modified: 22-10-2025] [Analyzed] [V3.1 S6.1:MEDIUM] PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) in the worksheet.php file via the participant_name parameter.

[CVE-2025-60783] [Modified: 12-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL query strings.

[CVE-2025-12001] [Modified: 07-11-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

[CVE-2025-54764] [Modified: 31-10-2025] [Analyzed] [V3.1 S6.2:MEDIUM] Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.

[CVE-2025-6541] [Modified: 24-10-2025] [Analyzed] [V3.1 S8.8:HIGH] An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.

[CVE-2025-6542] [Modified: 24-10-2025] [Analyzed] [V3.1 S9.8:CRITICAL] An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.