[24/02/2026 02:00] STF começa a julgar acusados de mandar matar Marielle. Veja como será - Metrópoles

[23/02/2026 15:01] Haddad entregará estudos sobre tarifa zero antes de deixar Fazenda - CNN Brasil

[24/02/2026 07:57] Análise: Guerra na Ucrânia completa quatro anos e transforma ordem global - CNN Brasil

[24/02/2026 11:02] Morre terceiro ciclista vítima de atropelamento em rodovia do RS - G1

[24/02/2026 15:24] Comissão do Senado vota para derrubar decreto de Lula que restringiu armas - UOL Notícias

[24/02/2026 10:25] Sobrevivente de acidente diz ter ouvido criança pedir ajuda antes de morrer - UOL Notícias

[24/02/2026 00:11] "Estamos no caminho certo", diz Tatiana Sampaio sobre a polilaminina - Poder360

[23/02/2026 15:14] Rio de Janeiro deve enfrentar novos episódios de chuva forte a intensa - MetSul Meteorologia

[24/02/2026 14:20] Presidente do Museu do Louvre pede renúncia; Macron aceita - O Globo

[24/02/2026 15:58] Apertem os cintos, o motorista sumiu: passageiros passam a noite presos em aviões em aeroporto na Alemanha por falta de ônibus - G1

[CVE-2025-12295] [Modified: 03-11-2025] [Analyzed] [V3.1 S6.6:MEDIUM] A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function sub_40C6B8 of the component Firmware Update Handler. Executing manipulation can lead to improper verification of cryptographic signature. The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.

[CVE-2025-12296] [Modified: 03-11-2025] [Analyzed] [V3.1 S4.7:MEDIUM] A security vulnerability has been detected in D-Link DAP-2695 2.00RC13. The impacted element is the function sub_4174B0 of the component Firmware Update Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

[CVE-2025-12297] [Modified: 05-11-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used.

[CVE-2025-12298] [Modified: 03-11-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability was identified in code-projects Simple Food Ordering System 1.0. This affects an unknown part of the file /editcategory.php. The manipulation of the argument pname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

[CVE-2025-12299] [Modified: 03-11-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument pname/category/price results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.

[CVE-2025-27222] [Modified: 03-11-2025] [Analyzed] [V3.1 S8.6:HIGH] TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file that is accessible by the TRUfusion user and can also be used to leak cleartext passwords of TRUfusion Enterprise itself.

[CVE-2025-27223] [Modified: 31-10-2025] [Analyzed] [V3.1 S7.5:HIGH] TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies and gain access to sensitive internal information.

[CVE-2025-27224] [Modified: 31-10-2025] [Analyzed] [V3.1 S9.8:CRITICAL] TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to write to any filename with any file type at any location on the local server, ultimately allowing execution of arbitrary code.

[CVE-2025-27225] [Modified: 31-10-2025] [Analyzed] [V3.1 S7.5:HIGH] TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internal_admin_contact_login.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information including PII to unauthenticated attackers.

[CVE-2025-54967] [Modified: 31-10-2025] [Analyzed] [V3.1 S6.5:MEDIUM] An issue was discovered in BAE SOCET GXP before 4.6.0.3. It permits external entities in certain XML-based files. An attacker who is able to social engineer a SOCET GXP user into opening a malicious file can trigger a variety of outbound requests, potentially compromising sensitive information in the process.

[CVE-2025-54968] [Modified: 31-10-2025] [Analyzed] [V3.1 S8.8:HIGH] An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Service does not require authentication. In some configurations, this may allow remote users to submit jobs, or local users to submit jobs that will execute with the permissions of other users.

[CVE-2025-54969] [Modified: 31-10-2025] [Analyzed] [V3.1 S6.1:MEDIUM] An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not implement CSRF protections. An attacker who social engineers a valid user into clicking a malicious link or visiting a malicious website may be able to submit requests to the Job Status Service without the user's knowledge.

[CVE-2025-54970] [Modified: 31-10-2025] [Analyzed] [V3.1 S6.5:MEDIUM] An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner.

[CVE-2025-12300] [Modified: 03-11-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A weakness has been identified in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addcategory.php. This manipulation of the argument cname causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.

[CVE-2025-12301] [Modified: 03-11-2025] [Analyzed] [V3.1 S7.3:HIGH] A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /editproduct.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

[CVE-2025-12302] [Modified: 03-11-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability was detected in code-projects Simple Food Ordering System 1.0. The affected element is an unknown function of the file /editproduct.php. Performing manipulation of the argument pname/category/price results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used.

[CVE-2025-12363] [Modified: 10-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Email Password Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

[CVE-2025-12364] [Modified: 10-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Weak Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

[CVE-2025-54965] [Modified: 03-11-2025] [Analyzed] [V3.1 S6.1:MEDIUM] An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary JavaScript in the victim's browser.

[CVE-2025-55752] [Modified: 14-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.