[01/04/2026 10:30] Trump diz a agência que EUA vão deixar o Irã 'muito rapidamente', mas que podem voltar se necessário - g1.globo.com

[01/04/2026 08:46] Alcolumbre pediu a Lula no domingo que não enviasse o nome de Messias - Metrópoles

[01/04/2026 05:53] Saiba quem são os novos ministros do governo Lula - Poder360

[31/03/2026 09:10] Mãe e filho morrem em acidente entre ônibus e bicicleta elétrica no Rio - CNN Brasil

[01/04/2026 06:46] Josias de Souza: Moraes agiu como Ícaro ao voar em jatos de empresa de Vorcaro - UOL Notícias

[01/04/2026 09:38] Vamos ter que colocar alguém na cadeia, diz Lula sobre alta do diesel - CNN Brasil

[01/04/2026 06:00] ITA Ceará recebe Lula hoje para inauguração do primeiro bloco estudantil; veja imagens - Diário do Nordeste

[01/04/2026 03:30] Aposta de Lula em Minas, Pacheco se filia ao PSB, e PL recebe 'outsider' citado por Flávio Bolsonaro - O Globo

[31/03/2026 14:38] Governo Jorginho aceita proposta de Lula para baixar preço do diesel, mas impõe condições - NSC Total

[01/04/2026 06:00] Lula visita o Ceará em meio à crise no PT para definir candidaturas em 2026 - Diário do Nordeste

[CVE-2025-13505] [Modified: 30-01-2026] [Analyzed] [V3.1 S4.8:MEDIUM] Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Datateam Information Technologies Inc. Datactive allows Stored XSS.This issue affects Datactive: from 2.13.34 before 2.14.0.6.

[CVE-2025-13876] [Modified: 26-02-2026] [Analyzed] [V3.1 S5.3:MEDIUM] A security vulnerability has been detected in Rareprob HD Video Player All Formats App 12.1.372 on Android. Impacted is an unknown function of the component com.rocks.music.videoplayer. The manipulation leads to path traversal. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-59693] [Modified: 15-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without leaving evidence, and accessing the JTAG connector. This is called F02.

[CVE-2025-59694] [Modified: 15-12-2025] [Analyzed] [V3.1 S6.8:MEDIUM] The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence the (insecurely configured) appliance boot process. To exploit this, the attacker must modify the firmware via JTAG or perform an upgrade to the chassis management board firmware. This is called F03.

[CVE-2025-59695] [Modified: 15-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board (without Authentication). This is called F04.

[CVE-2025-59696] [Modified: 08-12-2025] [Analyzed] [V3.1 S3.2:LOW] Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper events via the Chassis management board.

[CVE-2025-59697] [Modified: 08-12-2025] [Analyzed] [V3.1 S7.2:HIGH] Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is called F06.

[CVE-2025-59698] [Modified: 08-12-2025] [Analyzed] [V3.1 S6.8:MEDIUM] Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, might allow a physically proximate attacker to gain access to the EOL legacy bootloader.

[CVE-2025-59699] [Modified: 08-12-2025] [Analyzed] [V3.1 S6.8:MEDIUM] Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by booting from a USB device with a valid root filesystem. This occurs because of insecure default settings in the Legacy GRUB Bootloader.

[CVE-2025-59701] [Modified: 08-12-2025] [Analyzed] [V3.1 S4.1:MEDIUM] Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker (with elevated privileges) to read and modify the Appliance SSD contents (because they are unencrypted).

[CVE-2025-59702] [Modified: 08-12-2025] [Analyzed] [V3.1 S7.2:HIGH] Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to falsify tamper events by accessing internal components.

[CVE-2025-59705] [Modified: 08-12-2025] [Analyzed] [V3.1 S6.8:MEDIUM] Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to Escalate Privileges by enabling the USB interface through chassis probe insertion during system boot, aka "Unauthorized Reactivation of the USB interface" or F01.

[CVE-2025-13372] [Modified: 12-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. `FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Stackered for reporting this issue.

[CVE-2025-58113] [Modified: 10-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.7.3.401. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

[CVE-2025-59703] [Modified: 08-12-2025] [Analyzed] [V3.1 S9.1:CRITICAL] Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all fixing screws from the device without damaging it. This is called an F14 attack.

[CVE-2025-63872] [Modified: 14-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] DeepSeek V3.2 has a Cross Site Scripting (XSS) vulnerability, which allows JavaScript execution through model-generated SVG content.

[CVE-2025-64460] [Modified: 10-12-2025] [Analyzed] [V3.1 S7.5:HIGH] An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.

[CVE-2025-65187] [Modified: 23-12-2025] [Analyzed] [V3.1 S6.1:MEDIUM] A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed.

[CVE-2025-64070] [Modified: 03-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Sourcecodester Student Grades Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the Add New Subject Description field.

[CVE-2025-65186] [Modified: 03-12-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize <script> tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface.