[13/03/2026 12:12] Lula diz que assessor do governo Trump só vai poder entrar no Brasil se Padilha puder entrar nos EUA - G1

[13/03/2026 09:00] Bolsonaro é levado ao hospital após passar mal na Papudinha, diz Flávio - Correio Braziliense

[13/03/2026 11:47] Caso Master: STF forma maioria para manter prisão de Vorcaro após PF apontar 'braço armado' contra adversários - O Globo

[13/03/2026 08:03] SBT conversará com Ratinho sobre Erika Hilton e estuda o que fazer com apresentador - UOL

[13/03/2026 08:27] Corpo esquartejado é de corretora gaúcha desaparecida em Florianópolis, confirma família - ND Mais

[13/03/2026 09:42] As intenções de voto de Lula e Flávio Bolsonaro em Minas Gerais, segundo nova pesquisa - CartaCapital

[13/03/2026 10:09] Paciente cai do teto de hospital em Caxias - O Dia

[13/03/2026 07:31] Incêndio atinge loja no Shopping Recife nesta sexta (13); administração diz que ninguém se feriu - Folha PE

[12/03/2026 23:09] Entidades de imprensa criticam decisão de Moraes contra jornalista; Dino rebate - Correio Braziliense

[13/03/2026 06:21] Cinco vereadores são presos em operação da PF que investiga organização criminosa; saiba mais - Bnews

[CVE-2025-13117] [Modified: 25-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-13118] [Modified: 25-11-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-13119] [Modified: 17-11-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A flaw has been found in Fabian Ros/SourceCodester Simple E-Banking System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been published and may be used.

[CVE-2025-30662] [Modified: 09-01-2026] [Analyzed] [V3.1 S6.6:MEDIUM] Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.

[CVE-2025-30669] [Modified: 13-01-2026] [Analyzed] [V3.1 S4.8:MEDIUM] Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.

[CVE-2025-62482] [Modified: 13-01-2026] [Analyzed] [V3.1 S4.3:MEDIUM] Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access.

[CVE-2025-62483] [Modified: 13-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.

[CVE-2025-64738] [Modified: 13-01-2026] [Analyzed] [V3.1 S5.0:MEDIUM] External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access.

[CVE-2025-64739] [Modified: 13-01-2026] [Analyzed] [V3.1 S4.3:MEDIUM] External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.

[CVE-2025-64740] [Modified: 13-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.

[CVE-2025-64741] [Modified: 13-01-2026] [Analyzed] [V3.1 S8.1:HIGH] Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.

[CVE-2025-52186] [Modified: 09-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Lichess lila before commit 11b4c0fb00f0ffd823246f839627005459c8f05c (2025-06-02) contains a Server-Side Request Forgery (SSRF) vulnerability in the game export API. The players parameter is passed directly to an internal HTTP client without validation, allowing remote attackers to force the server to send HTTP requests to arbitrary URLs

[CVE-2025-60682] [Modified: 17-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the cloudupdate_check binary, specifically in the sub_402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell commands and executed via system() without any sanitization or escaping. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary commands on the device.

[CVE-2025-60683] [Modified: 17-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary, specifically in the sub_40BFA4 function that handles network interface reinitialization from '/var/system/linux_vlan_reinit'. Input is only partially validated by checking the prefix of interface names, and is concatenated into shell commands executed via system() without escaping. An attacker with write access to this file can execute arbitrary commands on the device.

[CVE-2025-60684] [Modified: 24-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C function). The web interface reads the "lang" parameter and constructs Help URL strings using sprintf() into fixed-size stack buffers without proper length validation. Maliciously crafted input can overflow these buffers, potentially leading to arbitrary code execution or memory corruption, without requiring authentication.

[CVE-2025-60685] [Modified: 17-11-2025] [Analyzed] [V3.1 S5.1:MEDIUM] A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). The binary reads the /proc/stat file using fgets() into a local buffer and subsequently parses the line using sscanf() into a single-byte variable with the %s format specifier. Maliciously crafted /proc/stat content can overwrite adjacent stack memory, potentially allowing an attacker with filesystem write privileges to execute arbitrary code on the device.

[CVE-2025-60686] [Modified: 19-11-2025] [Analyzed] [V3.1 S5.1:MEDIUM] A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X V9.1.0u.6681_B20230703). Both programs parse the contents of /proc/net/arp using sscanf() with "%s" format specifiers into fixed-size stack buffers without length validation. Specifically, one function writes user-controlled data into a single-byte buffer, and the other into adjacent small arrays without bounds checking. An attacker who controls the contents of /proc/net/arp can trigger memory corruption, leading to denial of service or potential arbitrary code execution.

[CVE-2025-60687] [Modified: 19-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB Router firmware V9.1.0u.6619_B20230130 within the cstecgi.cgi binary (sub_41EC68 function). The binary reads the "imei" parameter from a web request and verifies only that it is 15 characters long. The parameter is then directly inserted into a system command using sprintf() and executed with system(). Maliciously crafted IMEI input can execute arbitrary commands on the router without authentication.

[CVE-2025-60688] [Modified: 19-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse function). The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stack buffer using strcpy() without any length validation. Maliciously crafted input can overflow the buffer, leading to potential arbitrary code execution or memory corruption, without requiring authentication.

[CVE-2025-60689] [Modified: 19-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The vulnerability occurs because user-supplied CGI parameters (wl_ant, wl_ssid, wl_rate, ttcp_num, ttcp_ip, ttcp_size) are concatenated into system command strings without proper sanitization and executed via wl_exec_cmd. Successful exploitation allows remote attackers to execute arbitrary commands on the device without authentication.