[14/04/2026 14:21] Gilmar reage a relatório e acusa CPI do Crime Organizado de extrapolar funções - Correio Braziliense

[14/04/2026 17:00] EUA divulgam foto de Ramagem após ser preso pelo ICE; veja imagem - O Globo

[14/04/2026 06:03] Todos precisam ceder, diz CEO do iFood sobre regular trabalho por app - Poder360

[14/04/2026 08:28] Estudantes de Direito se divertem dando choques em homem em situação de rua - Revista Fórum

[14/04/2026 11:13] Lula reafirma candidatura após especulação sobre desistência e fala em 'compromisso cristão' - Folha de S.Paulo

[14/04/2026 03:46] Petroleiro chinês atravessa o Estreito de Ormuz apesar do bloqueio dos EUA - CNN Brasil

[14/04/2026 16:26] Lula sanciona novo Plano Nacional de Educação sem homeschooling - UOL Notícias

[14/04/2026 11:44] Nunes Marques abre inquérito sobre ministro do STJ - O Antagonista

[14/04/2026 11:30] Lula fala em retomar a BR, a Eletrobras e a Liquigás: “eu ainda sonho” - Brasil 247

[14/04/2026 11:21] Lula lidera a disputa contra Flávio Bolsonaro no 1º e 2º turnos, mostra pesquisa - CartaCapital

[CVE-2025-55893] [Modified: 17-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] TOTOLINK N200RE V9.3.5u.6437_B20230519 is vulnerable to command Injection in setOpModeCfg via hostName.

[CVE-2025-55901] [Modified: 17-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] TOTOLINK A3300R V17.0.0cu.596_B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the host_time parameter.

[CVE-2025-65742] [Modified: 23-12-2025] [Analyzed] [V3.1 S8.2:HIGH] An unauthenticated Broken Function Level Authorization (BFLA) vulnerability in Newgen OmniDocs v11.0 allows attackers to obtain sensitive information and execute a full account takeover via a crafted API request.

[CVE-2025-66434] [Modified: 23-12-2025] [Analyzed] [V3.1 S8.8:HIGH] An SSTI (Server-Side Template Injection) vulnerability exists in the get_dunning_letter_text method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates (body_text) using frappe.render_template() with a user-supplied context (doc). Although Frappe uses a custom SandboxedEnvironment, several dangerous globals such as frappe.db.sql are still available in the execution context via get_safe_globals(). An authenticated attacker with access to configure Dunning Type and its child table Dunning Letter Text can inject arbitrary Jinja expressions, resulting in server-side code execution within a restricted but still unsafe context. This can leak database information.

[CVE-2025-66435] [Modified: 23-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] An SSTI (Server-Side Template Injection) vulnerability exists in the get_contract_template method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates (contract_terms) using frappe.render_template() with a user-supplied context (doc). Although Frappe uses a custom SandboxedEnvironment, several dangerous globals such as frappe.db.sql are still available in the execution context via get_safe_globals(). An authenticated attacker with access to create or modify a Contract Template can inject arbitrary Jinja expressions into the contract_terms field, resulting in server-side code execution within a restricted but still unsafe context. This vulnerability can be used to leak database information.

[CVE-2025-14038] [Modified: 18-02-2026] [Analyzed] [V3.1 S7.0:HIGH] EDB Hybrid Manager contains a flaw that allows an unauthenticated attacker to directly access certain gRPC endpoints. This could allow an attacker to read potentially sensitive data or possibly cause a denial-of-service by writing malformed data to certain gRPC endpoints. This flaw has been remediated in EDB Hybrid Manager 1.3.3, and customers should consider upgrading to 1.3.3 as soon as possible. The flaw is due to a misconfiguration in the Istio Gateway, which manages authentication and authorization for the affected endpoints. The security policy relies on an explicit definition of required permissions in the Istio Gateway configuration, and the affected endpoints were not defined in the configuration. This allowed requests to bypass both authentication and authorization within a Hybrid Manager service. All versions of Hybrid Manager - LTS should be upgraded to 1.3.3, and all versions of Hybrid Manager - Innovation should be upgraded to 2025.12.

[CVE-2025-66436] [Modified: 23-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] An SSTI (Server-Side Template Injection) vulnerability exists in the get_terms_and_conditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates (terms) using frappe.render_template() with a user-supplied context (doc). Although Frappe uses a custom SandboxedEnvironment, several dangerous globals such as frappe.db.sql are still available in the execution context via get_safe_globals(). An authenticated attacker with access to create or modify a Terms and Conditions document can inject arbitrary Jinja expressions into the terms field, resulting in server-side code execution within a restricted but still unsafe context. This vulnerability can be used to leak database information.

[CVE-2025-66437] [Modified: 05-01-2026] [Analyzed] [V3.1 S8.8:HIGH] An SSTI (Server-Side Template Injection) vulnerability exists in the get_address_display method of Frappe ERPNext through 15.89.0. This function renders address templates using frappe.render_template() with a context derived from the address_dict parameter, which can be either a dictionary or a string referencing an Address document. Although ERPNext uses a custom Jinja2 SandboxedEnvironment, dangerous functions like frappe.db.sql remain accessible via get_safe_globals(). An authenticated attacker with permission to create or modify an Address Template can inject arbitrary Jinja expressions into the template field. By creating an Address document with a matching country, and then calling the get_address_display API with address_dict="address_name", the system will render the malicious template using attacker-controlled data. This leads to server-side code execution or database information disclosure.

[CVE-2025-66438] [Modified: 05-01-2026] [Analyzed] [V3.1 S8.8:HIGH] A Server-Side Template Injection (SSTI) vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.get_html_and_style() triggers the rendering of the html field inside a Print Format document using frappe.render_template(template, doc) via the get_rendered_template() call chain. Although ERPNext wraps Jinja2 in a SandboxedEnvironment, it exposes sensitive functions such as frappe.db.sql through get_safe_globals(). An authenticated attacker with permission to create or modify a Print Format can inject arbitrary Jinja expressions into the html field. Once the malicious Print Format is saved, the attacker can call get_html_and_style() with a target document (e.g., Supplier or Sales Invoice) to trigger the render process. This leads to information disclosure from the database, such as database version, schema details, or sensitive values, depending on the injected payload. Exploitation flow: Create a Print Format with SSTI payload in the html field; call the get_html_and_style() API; triggers frappe.render_template(template, doc) inside get_rendered_template(); leaks database information via frappe.db.sql or other exposed globals.

[CVE-2025-66439] [Modified: 05-01-2026] [Analyzed] [V3.1 S8.8:HIGH] An issue was discovered in Frappe ERPNext through 15.89.0. Function get_outstanding_reference_documents() at erpnext.accounts.doctype.payment_entry.payment_entry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the from_posting_date parameter, which is directly interpolated into the query without proper sanitization or parameter binding.

[CVE-2025-66440] [Modified: 05-01-2026] [Analyzed] [V3.1 S8.8:HIGH] An issue was discovered in Frappe ERPNext through 15.89.0. Function get_outstanding_reference_documents() at erpnext/accounts/doctype/payment_entry/payment_entry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the to_posting_date parameter, which is directly interpolated into the query without proper sanitization or parameter binding.

[CVE-2023-36337] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] A reflected cross-site scripting (XSS) vulnerability in the component /index.php/cuzh4 of PHP Inventory Management System 1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

[CVE-2025-51962] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of add_project_comment function.

[CVE-2025-65176] [Modified: 07-01-2026] [Analyzed] [V3.1 S7.5:HIGH] An issue was discovered in Dynatrace OneAgent before 1.325.47. When attempting to access a remote network share from a machine where OneAgent is installed and receiving a "STATUS_LOGON_FAILURE" error, the agent will retrieve every user token on the machine and repeatedly attempt to access the network share while impersonating them. The exploitation of this vulnerability can allow an unprivileged attacker with access to the affected system to perform NTLM relay attacks.

[CVE-2025-65213] [Modified: 07-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] MooreThreads torch_musa through all versions contains an unsafe deserialization vulnerability in torch_musa.utils.compare_tool. The compare_for_single_op() and nan_inf_track_for_single_op() functions use pickle.load() on user-controlled file paths without validation, allowing arbitrary code execution. An attacker can craft a malicious pickle file that executes arbitrary Python code when loaded, enabling remote code execution with the privileges of the victim process.

[CVE-2025-65835] [Modified: 07-01-2026] [Analyzed] [V3.1 S6.2:MEDIUM] The Cordova plugin cordova-plugin-x-socialsharing (SocialSharing-PhoneGap-Plugin) for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive implementation accesses Intent.EXTRA_CHOSEN_COMPONENT without checking for null. If a broadcast is sent with extras present but without EXTRA_CHOSEN_COMPONENT, the code dereferences a null value and throws a NullPointerException. Because the receiver is exported and performs no permission or caller validation, any local application on the device can send crafted ACTION_SEND broadcasts to this component and repeatedly crash the host application, resulting in a local, unauthenticated application-level denial of service for any app that includes the plugin.

[CVE-2025-14148] [Modified: 18-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token.

[CVE-2025-14503] [Modified: 30-01-2026] [Analyzed] [V3.1 S7.2:HIGH] An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any IAM principal in the same AWS account with sts:AssumeRole permissions to assume the role with administrative privileges. We recommend customers upgrade to Harmonix on AWS v0.4.2 or later if you have deployed the framework using versions v0.3.0 through v0.4.1.

[CVE-2025-36360] [Modified: 18-12-2025] [Analyzed] [V3.1 S5.0:MEDIUM] IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions.

[CVE-2025-55703] [Modified: 30-12-2025] [Analyzed] [V3.1 S2.5:LOW] An error-based SQL injection vulnerability exists in the Sunbird Power IQ 9.2.0 API. The vulnerability is due to an outdated API endpoint that applied arrays without proper input validation. This can allow attackers to manipulate SQL queries. This has been addressed in Power IQ version 9.2.1, where the API call code was updated to ensure safe handling of input values.