[26/04/2026 04:54] Trump é retirado às pressas de jantar após atirador abrir fogo contra segurança; o que se sabe até agora - BBC

[25/04/2026 20:00] Zema cresce e aparece às custas de STF e rejeição de Lula e Bolsonaro - estadao.com.br

[25/04/2026 16:30] Flávio Bolsonaro pede fim de cobranças entre aliados do PL - Poder360

[25/04/2026 23:00] Mulher que ficou 8 dias desaparecida em SC é suspeita de desviar R$ 40 mil - Revista Oeste

[25/04/2026 16:29] Ginecologista é preso suspeito de estuprar 23 mulheres em Goiás - Estado de Minas

[25/04/2026 10:40] Irã entrega exigências para acordo de cessar-fogo no Oriente Médio - Jovem Pan

[25/04/2026 13:58] Sem 6 X 1, comércio “vai poder contratar folguista”, diz Boulos - Poder360

[25/04/2026 10:36] PT prepara alianças para reeleição de Lula em congresso nacional - Correio Braziliense

[24/04/2026 14:51] Por unanimidade, 2ª Turma do STF mantém a prisão de ex-presidente do BRB - CartaCapital

[25/04/2026 15:32] Se eu tivesse juízo não disputaria mais a Presidência, diz Ciro Gomes - O Antagonista

[CVE-2025-15105] [Modified: 31-12-2025] [Analyzed] [V3.1 S3.7:LOW] A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument api_key results in use of hard-coded cryptographic key . Remote exploitation of the attack is possible. The attack is considered to have high complexity. The exploitability is considered difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15106] [Modified: 31-12-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15107] [Modified: 31-12-2025] [Analyzed] [V3.1 S3.7:LOW] A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report and is planning to fix this flaw in an upcoming release.

[CVE-2025-54322] [Modified: 09-01-2026] [Analyzed] [V3.1 S10.0:CRITICAL] Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used.

[CVE-2025-14177] [Modified: 08-01-2026] [Analyzed] [V3.1 S7.5:HIGH] In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.

[CVE-2025-14180] [Modified: 09-01-2026] [Analyzed] [V3.1 S7.5:HIGH] In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.

[CVE-2025-68972] [Modified: 09-01-2026] [Analyzed] [V3.1 S5.9:MEDIUM] In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.

[CVE-2025-15118] [Modified: 07-01-2026] [Analyzed] [V3.1 S4.3:MEDIUM] A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

[CVE-2025-15119] [Modified: 07-01-2026] [Analyzed] [V3.1 S3.1:LOW] A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15120] [Modified: 30-12-2025] [Analyzed] [V3.1 S3.1:LOW] A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRoleList. This manipulation of the argument departId causes improper authorization. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15121] [Modified: 30-12-2025] [Analyzed] [V3.1 S2.4:LOW] A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15122] [Modified: 30-12-2025] [Analyzed] [V3.1 S3.1:LOW] A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId results in improper authorization. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15123] [Modified: 30-12-2025] [Analyzed] [V3.1 S3.1:LOW] A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15124] [Modified: 30-12-2025] [Analyzed] [V3.1 S3.1:LOW] A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. The attack's complexity is rated as high. The exploitability is said to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15125] [Modified: 30-12-2025] [Analyzed] [V3.1 S3.1:LOW] A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file /sys/permission/queryDepartPermission. The manipulation of the argument departId results in improper authorization. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15126] [Modified: 30-12-2025] [Analyzed] [V3.1 S3.1:LOW] A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the file /sys/position/getPositionUserList. This manipulation of the argument positionId causes improper authorization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15127] [Modified: 08-03-2026] [Analyzed] [V3.1 S7.3:HIGH] A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-15131] [Modified: 07-01-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure.

[CVE-2025-15132] [Modified: 07-01-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2_api_open of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.

[CVE-2025-15133] [Modified: 07-01-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.