[09/04/2026 15:37] Dino pede vista em julgamento sobre eleições no RJ e aguarda acórdão do TSE - Correio Braziliense

[09/04/2026 18:09] A boa notícia para Messias no Senado - Revista Oeste

[09/04/2026 18:05] 'Se for, vai levar': PMs não deixaram marido socorrer mulher baleada em SP - UOL Notícias

[09/04/2026 08:32] Alcolumbre quer derrubar veto de Lula sobre dosimetria aos golpistas do 8/1; entenda - Diário do Centro do Mundo

[09/04/2026 09:02] CNI e mais de 400 entidades assinam manifesto contra mudanças na jornada de trabalho - Agência de Notícias da Indústria

[09/04/2026 07:41] Trump ameaça ataques 'mais fortes' se acordo com o Irã não for cumprido - Correio Braziliense

[09/04/2026 09:50] Justiça do Distrito Federal condena Gustavo Gayer por ofensa misógina contra Gleisi Hoffmann - O Globo

[09/04/2026 17:39] Janja corrige Lula durante sanção de leis de proteção à mulher - Poder360

[09/04/2026 17:19] Lula convida Camilo para coordenação nacional da campanha do petista - O POVO+

[09/04/2026 19:26] Sobrou para Edegar Pretto ser vice de Juliana ou candidato a deputado federal - GZH

[CVE-2025-67713] [Modified: 02-02-2026] [Analyzed] [V3.1 S6.1:MEDIUM] Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to attacker-controlled sites. This issue is fixed in version 2.2.15.

[CVE-2025-67716] [Modified: 06-03-2026] [Analyzed] [V3.1 S5.7:MEDIUM] The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request. Successful exploitation may result in tokens being issued with unintended parameters. This issue is fixed in version 4.13.0.

[CVE-2025-67717] [Modified: 02-02-2026] [Analyzed] [V3.1 S4.3:MEDIUM] ZITADEL is an open-source identity infrastructure tool. Versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instance users to authenticated users, regardless of their specific permissions. While this does not leak individual user data or PII, disclosing the total user count via the totalResult field constitutes an information disclosure vulnerability that may be sensitive in certain contexts. This issue is fixed in versions 3.4.5 and 4.7.2.

[CVE-2025-12562] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.5:HIGH] GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted GraphQL queries that bypass query complexity limits.

[CVE-2025-12716] [Modified: 23-12-2025] [Analyzed] [V3.1 S8.7:HIGH] GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by creating wiki pages with malicious content.

[CVE-2025-13978] [Modified: 23-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to discover the names of private projects they do not have access through API requests.

[CVE-2025-14157] [Modified: 23-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] GitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a Denial of Service condition by sending crafted API calls with large content parameters.

[CVE-2025-11247] [Modified: 23-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing specifically crafted GraphQL queries.

[CVE-2025-11984] [Modified: 23-12-2025] [Analyzed] [V3.1 S6.8:MEDIUM] GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions.

[CVE-2025-4097] [Modified: 23-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a denial of service condition by uploading specially crafted images.

[CVE-2025-8405] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.7:HIGH] GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability code flow displays.

[CVE-2025-12029] [Modified: 23-12-2025] [Analyzed] [V3.1 S8.0:HIGH] GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have, under certain circumstances, allowed an unauthenticated user to perform unauthorized actions on behalf of another user by injecting malicious external scripts into the Swagger UI."

[CVE-2025-12734] [Modified: 23-12-2025] [Analyzed] [V3.1 S3.5:LOW] GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to, under certain conditions, render content in dialogs to other users by injecting malicious HTML content into merge request titles.

[CVE-2025-12687] [Modified: 14-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to cause a denial of service (application crash) via a crafted command, resulting in service termination.

[CVE-2025-14514] [Modified: 16-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A flaw has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/add_distributor.php. This manipulation of the argument txtDistributorAddress causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.

[CVE-2025-44016] [Modified: 14-01-2026] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability in TeamViewer DEX Client (former 1E client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to bypass file integrity validation via a crafted request. By providing a valid hash for a malicious file, an attacker can cause the service to incorrectly validate and process the file as trusted, enabling arbitrary code execution under the Nomad Branch service context.

[CVE-2025-46266] [Modified: 14-01-2026] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to coerce the service into transmitting data to an arbitrary internal IP address, potentially leaking sensitive information.

[CVE-2025-64986] [Modified: 14-01-2026] [Analyzed] [V3.1 S7.2:HIGH] A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-DevicesListeningOnAPort instruction prior V21. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.

[CVE-2025-64987] [Modified: 14-01-2026] [Analyzed] [V3.1 S7.2:HIGH] A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-CheckSimpleIoC instruction. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.

[CVE-2025-64988] [Modified: 14-01-2026] [Analyzed] [V3.1 S7.2:HIGH] A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-GetCmContentLocations instruction prior V19.2. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote execution of elevated commands on devices connected to the platform.