[13/03/2026 20:22] Após STF manter prisão, Vorcaro troca de advogado - CartaCapital

[13/03/2026 20:49] Médicos de Bolsonaro alertam para risco de morte após pneumonia mais grave que ex-presidente já teve - Estadão

[13/03/2026 23:07] Ataque dos EUA à ilha de Kharg eleva a tensão na guerra, diz veterano - CNN Brasil

[13/03/2026 16:32] Lula diz que Ozempic não deve substituir caminhadas: 'Tirar bunda da cadeira' - Correio Braziliense

[13/03/2026 19:53] Crusoé: Pimenta fica em Brasília para acessar dados de Vorcaro em sala-cofre - O Antagonista

[13/03/2026 18:54] Análise: Bravata de Lula com assessor de Trump foi calculada - Valor Econômico

[13/03/2026 16:40] Apoio de Trump a Flávio faria 32% inclinarem voto a Lula, aponta Quaest - Estado de Minas

[13/03/2026 21:27] Mensagens mostram que deputado pediu a ministro liberação de aeronaves ligadas a Wesley Safadão, diz revista - Bnews

[13/03/2026 20:26] Jornalista alvo da PF diz que Flávio Dino mente: “Acusações patéticas” - Metrópoles

[13/03/2026 14:06] Brasileira que sumiu na Inglaterra usou barco e ficou à deriva, diz polícia - UOL Notícias

[CVE-2024-11919] [Modified: 17-11-2025] [Analyzed] [V3.1 S4.3:MEDIUM] Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

[CVE-2024-11920] [Modified: 17-11-2025] [Analyzed] [V3.1 S4.3:MEDIUM] Inappropriate implementation in Dawn in Google Chrome on Mac prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

[CVE-2024-13178] [Modified: 17-11-2025] [Analyzed] [V3.1 S4.3:MEDIUM] Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

[CVE-2024-13983] [Modified: 17-11-2025] [Analyzed] [V3.1 S6.3:MEDIUM] Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. (Chromium security severity: Low)

[CVE-2024-7017] [Modified: 17-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

[CVE-2024-7021] [Modified: 17-11-2025] [Analyzed] [V3.1 S4.3:MEDIUM] Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

[CVE-2024-9126] [Modified: 17-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a series of curated UI gestures. (Chromium security severity: Medium)

[CVE-2025-13097] [Modified: 17-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

[CVE-2025-13102] [Modified: 17-11-2025] [Analyzed] [V3.1 S4.3:MEDIUM] Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

[CVE-2025-13107] [Modified: 17-11-2025] [Analyzed] [V3.1 S4.3:MEDIUM] Inappropriate implementation in Compositing in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

[CVE-2025-9479] [Modified: 17-11-2025] [Analyzed] [V3.1 S4.3:MEDIUM] Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

[CVE-2025-11776] [Modified: 17-11-2025] [Analyzed] [V3.1 S4.3:MEDIUM] Mattermost versions <11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the `/api/v4/teams/{team_id}/channels/search_archived` endpoint

[CVE-2025-41436] [Modified: 17-11-2025] [Analyzed] [V3.1 S3.1:LOW] Mattermost versions <11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads

[CVE-2025-55070] [Modified: 17-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Mattermost versions <11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events

[CVE-2025-55073] [Modified: 19-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, 10.12.x <= 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL.

[CVE-2025-11794] [Modified: 19-11-2025] [Analyzed] [V3.1 S4.9:MEDIUM] Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, 10.12.x <= 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/{user_id}/email/verify/member endpoint

[CVE-2025-10018] [Modified: 17-11-2025] [Analyzed] [V3.1 S4.8:MEDIUM] QuickCMS is vulnerable to multiple Stored XSS in language editor functionality (languages). Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

[CVE-2025-11918] [Modified: 17-11-2025] [Analyzed] [V3.1 S7.3:HIGH] Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability requires opening a malicious DOE file.

[CVE-2025-9982] [Modified: 17-11-2025] [Analyzed] [V3.1 S7.5:HIGH] A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to the source code or the server file system to retrieve authentication details, potentially leading to privilege escalation. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

[CVE-2024-21635] [Modified: 26-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update their password. In versions up to and including 0.18.1, though, the bad actor will still have access to their account because the bad actor's Access Token stays on the list as a valid token. The user will have to manually delete the bad actor's Access Token to secure their account. The list of Access Tokens has a generic Description which makes it hard to pinpoint a bad actor in a list of Access Tokens. A known patched version of Memos isn't available. To improve Memos security, all Access Tokens will need to be revoked when a user changes their password. This removes the session for all the user's devices and prompts the user to log in again. One can treat the old Access Tokens as "invalid" because those Access Tokens were created with the older password.