[05/05/2026 05:36] Avião cai em Belo Horizonte e colide contra prédio; três pessoas morreram - BBC

[04/05/2026 16:10] Alerta do Irã a porta-aviões dos EUA veio de perfil falso, diz agência - CNN Brasil

[05/05/2026 03:30] PT discute ‘plano B’ em Minas após derrota de Messias e sinais de recuo de Rodrigo Pacheco - O Globo

[04/05/2026 16:28] Lula se reúne com Trump na 5ª feira - Poder360

[04/05/2026 20:50] Governo não pode disputar eleições com ‘inimigo dentro de casa’, diz Gleisi - CartaCapital

[04/05/2026 14:59] As duas pesquisas desta semana sobre a disputa pela Presidência - CartaCapital

[04/05/2026 21:49] Estupro coletivo de crianças em SP: por que vídeo do crime deixou delegada em choque - NSC Total

[04/05/2026 19:01] Presidente do TST explica comentário sobre 'juízes vermelhos e azuis' - Correio Braziliense

[04/05/2026 20:59] Entidade pede a inelegibilidade de Flávio Bolsonaro após culto com Malafaia - CartaCapital

[04/05/2026 18:58] Moraes rejeita mudar dosimetria da pena de Débora do Batom - Poder360

[CVE-2025-15235] [Modified: 20-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Missing Authorization vulnerability, allowing authenticated remote attackers to modify specific network packet parameters, enabling certain system functions to access other users' files.

[CVE-2025-15236] [Modified: 20-01-2026] [Analyzed] [V3.1 S4.3:MEDIUM] QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability.

[CVE-2025-15237] [Modified: 20-01-2026] [Analyzed] [V3.1 S4.3:MEDIUM] QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability.

[CVE-2025-15238] [Modified: 20-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

[CVE-2026-0580] [Modified: 29-04-2026] [Analyzed] [V3.1 S3.5:LOW] A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results in cross site scripting. The attack can be initiated remotely.

[CVE-2025-15239] [Modified: 20-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

[CVE-2025-15240] [Modified: 20-01-2026] [Analyzed] [V3.1 S8.8:HIGH] QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

[CVE-2025-66518] [Modified: 27-01-2026] [Analyzed] [V3.1 S8.8:HIGH] Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade to version 1.10.3 or upper, which fixes the issue.

[CVE-2026-0581] [Modified: 29-04-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/data/switch can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

[CVE-2026-0582] [Modified: 29-04-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_activity_query.php. The manipulation of the argument Title leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

[CVE-2025-5965] [Modified: 26-01-2026] [Analyzed] [V3.1 S7.2:HIGH] In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in the administration setup modules) allows OS Command Injection.This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

[CVE-2026-0583] [Modified: 29-04-2026] [Analyzed] [V3.1 S7.3:HIGH] A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/user/login.php of the component User Login. The manipulation of the argument emailadd results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

[CVE-2026-0584] [Modified: 29-04-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A weakness has been identified in code-projects Online Product Reservation System 1.0. This issue affects some unknown processing of the file app/products/left_cart.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

[CVE-2026-0585] [Modified: 29-04-2026] [Analyzed] [V3.1 S7.3:HIGH] A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the file /order_view.php of the component GET Parameter Handler. Such manipulation of the argument transaction_id leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

[CVE-2025-12519] [Modified: 26-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

[CVE-2025-13056] [Modified: 26-01-2026] [Analyzed] [V3.1 S6.8:MEDIUM] Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.

[CVE-2026-0586] [Modified: 29-04-2026] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability was detected in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file handgunner-administrator/prod.php. Performing a manipulation of the argument cat results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.

[CVE-2026-0587] [Modified: 29-04-2026] [Analyzed] [V3.1 S3.5:LOW] A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rock_page_gong.php of the component Cover Image Handler. The manipulation of the argument fengmian results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2026-0588] [Modified: 29-04-2026] [Analyzed] [V3.1 S3.5:LOW] A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. Affected by this vulnerability is an unknown functionality of the file rockfun.php of the component API. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2026-0589] [Modified: 29-04-2026] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was found in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the component Administration Backend. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has been made public and could be used.