[26/02/2026 08:30] A avaliação dos brasileiros sobre o desfile que homenageou Lula no Carnaval, segundo a pesquisa Atlas - CartaCapital

[26/02/2026 05:50] 'Para Putin, a Ucrânia é a ponte para a Europa', diz Nobel da Paz - Correio Braziliense

[26/02/2026 15:32] Laudo mostra que cão Orelha não sofreu fraturas causadas por ação humana - UOL Noticias

[26/02/2026 10:27] Brasil tem 7 hospitais entre os melhores do mundo, aponta ranking; veja quais - Estadão

[26/02/2026 13:40] Reajuste salarial e do auxílio-alimentação para servidores estaduais são aprovados na Alece - Diário do Nordeste

[26/02/2026 07:44] Polilaminina: o que falta comprovar no tratamento de lesão medular? - Correio do Povo

[26/02/2026 06:08] Chapa do PL a governo e Senado no RJ acende alerta no PT - Estado de Minas

[26/02/2026 03:34] Ataques no noroeste do Paquistão deixam quase 20 mortos - UOL Noticias

[26/02/2026 11:33] Maioria nos EUA apoia deportação de imigrantes, mas são contra táticas usadas pelo governo Trump, diz pesquisa - G1

[26/02/2026 06:34] Ex-piloto da Força Aérea dos EUA é preso por treinar militares chineses - R7

[CVE-2025-64131] [Modified: 22-12-2025] [Analyzed] [V3.1 S7.5:HIGH] Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not implement a replay cache, allowing attackers able to obtain information about the SAML authentication flow between a user's web browser and Jenkins to replay those requests, authenticating to Jenkins as that user.

[CVE-2025-64132] [Modified: 22-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Jenkins MCP Server Plugin 0.84.v50ca_24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud configuration they should not be able to access.

[CVE-2025-64133] [Modified: 22-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] A cross-site request forgery (CSRF) vulnerability in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier allows attackers to execute sandboxed Groovy code.

[CVE-2025-64134] [Modified: 05-11-2025] [Analyzed] [V3.1 S7.1:HIGH] Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity (XXE) attacks.

[CVE-2025-64135] [Modified: 22-12-2025] [Analyzed] [V3.1 S5.9:MEDIUM] Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb_8 and earlier sets the Java system property `jdk.http.auth.tunneling.disabledSchemes` to an empty value, disabling a protection mechanism of the Java runtime.

[CVE-2025-64140] [Modified: 22-12-2025] [Analyzed] [V3.1 S8.8:HIGH] Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands.

[CVE-2025-63622] [Modified: 03-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] A vulnerability was found in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/admin/subcategory.php. This manipulation of the argument category causes SQL injection.

[CVE-2025-62785] [Modified: 03-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Wazuh is a free and open source platform used for threat prevention, detection, and response. fillData() implementation does not check whether value is NULL or not before calling os_strdup() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.10.2.

[CVE-2025-62786] [Modified: 03-11-2025] [Analyzed] [V3.1 S8.1:HIGH] Wazuh is a free and open source platform used for threat prevention, detection, and response. A heap-based out-of-bounds WRITE occurs in decode_win_permissions, resulting in writing a NULL byte 2 bytes before the start of the buffer allocated to decoded_it. A compromised agent can potentially leverage this issue to perform remote code execution, by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can leverage this issue to potentially achieve remote code execution on the wazuh manager (the exploitability of this vulnerability depends on the specifics of the respective heap allocator). This vulnerability is fixed in 4.10.2.

[CVE-2025-12476] [Modified: 07-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

[CVE-2025-12477] [Modified: 07-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

[CVE-2025-12478] [Modified: 07-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

[CVE-2025-12479] [Modified: 07-11-2025] [Analyzed] [V3.1 S8.8:HIGH] Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

[CVE-2025-62787] [Modified: 03-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.10.2, a buffer over-read occurs in DecodeWinevt() when child_attr[p]->attributes[j] is accessed, because the corresponding index (j) is incorrect. A compromised agent can cause a READ operation beyond the end of the allocated buffer (which may contain sensitive information) by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause a buffer over-read and potentially access sensitive data. While the buffer over-read is always triggered while resolving the arguments of mdebug2, specific configuration options (analysisd.debug=2) need to be in place for the respective data to be leaked. This vulnerability is fixed in 4.10.2.

[CVE-2025-62788] [Modified: 03-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, w_copy_event_for_log() references memory (initially allocated in OS_CleanMSG()) after it has been freed. A compromised agent can potentially compromise the integrity of the application by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can leverage this issue to potentially compromise the integrity of the application (the use of previously freed memory may corrupt valid data, if the memory area in question has been allocated and used properly elsewhere). This vulnerability is fixed in 4.11.0.

[CVE-2025-62789] [Modified: 03-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_alert() implementation does not check whether the return value of ctime_r is NULL or not before calling strdup() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.11.0.

[CVE-2025-62790] [Modified: 03-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_fetch_attributes_state() implementation does not check whether time_string is NULL or not before calling strlen() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.11.0.

[CVE-2025-62791] [Modified: 03-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, DecodeCiscat() implementation does not check the return the value of cJSON_GetObjectItem() for a possible NULL value in case of an error. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.11.0.

[CVE-2025-62792] [Modified: 03-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in w_expression_match() when strlen() is called on str_test, because the corresponding buffer is not being properly NULL terminated during its allocation in OS_CleanMSG(). A compromised agent can cause a READ operation beyond the end of the allocated buffer (which may contain sensitive information) by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause a buffer over-read and potentially access sensitive data. This vulnerability is fixed in 4.12.0.

[CVE-2018-25120] [Modified: 28-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail_Test' and uses several form parameters directly in a call to a system email utility without proper input validation. An unauthenticated remote attacker can supply crafted form data that injects shell commands, resulting in execution as root on the device. NOTE: The DNS-343 product line has been declared end-of-life.