[08/04/2026 06:22] O que se sabe sobre o cessar-fogo de duas semanas entre EUA e Irã - bbc.com

[08/04/2026 04:50] Folha acusa esposa de Alexandre de Moraes de ter recebido R$ 40 milhões do Banco Master em 2024 - Brasil 247

[08/04/2026 08:19] As intenções de voto de Lula e Flávio Bolsonaro em Pernambuco, segundo o Real Time Big Data - CartaCapital

[08/04/2026 06:25] Trump reivindica "vitória total e completa" após cessar-fogo com Irã - CNN Brasil

[07/04/2026 17:15] Janela partidária fortalece PL, enfraquece Centrão e pressiona Lula - Gazeta do Povo

[07/04/2026 21:15] Inmet alerta para vendaval no Rio Grande do Sul - Revista Oeste

[08/04/2026 05:00] Por que Rio de Janeiro pode ter duas eleições para governador neste ano - bbc.com

[08/04/2026 07:24] João Campos alcança metade do eleitorado de PE; Raquel Lyra tem 33%, diz RealTime - R7

[08/04/2026 03:30] 'É muito constrangedor ter um irmão e não votar nele', diz Cid Gomes sobre candidatura de Ciro ao governo do Ceará - O Globo

[07/04/2026 18:39] Brumadinho: STJ mantém ação contra ex-presidente da Vale por homicídio - Migalhas

[CVE-2024-56464] [Modified: 15-12-2025] [Analyzed] [V3.1 S2.7:LOW] IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update.

[CVE-2025-10573] [Modified: 11-12-2025] [Analyzed] [V3.1 S9.6:CRITICAL] Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.

[CVE-2025-12381] [Modified: 17-12-2025] [Analyzed] [V3.1 S7.8:HIGH] Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file.  This issue affects Firewall Analyzer: A33.0, A33.10.

[CVE-2025-12558] [Modified: 11-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via the 'get_attachment_sizes' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the path and meta data of private attachments, which can be used to view the attachments.

[CVE-2025-13428] [Modified: 03-02-2026] [Analyzed] [V3.1 S7.2:HIGH] A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution (RCE) in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containing a malicious setup.py file, which would execute on the server during the installation process, leading to potential server compromise. No customer action is required. All customers have been automatically upgraded to the fixed version: 6.3.64 or higher.

[CVE-2025-13659] [Modified: 11-12-2025] [Analyzed] [V3.1 S8.8:HIGH] Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.

[CVE-2025-13661] [Modified: 11-12-2025] [Analyzed] [V3.1 S7.1:HIGH] Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required.

[CVE-2025-13662] [Modified: 11-12-2025] [Analyzed] [V3.1 S7.8:HIGH] Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required.

[CVE-2025-14284] [Modified: 31-12-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting (XSS) due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript code in the context of the application by injecting a javascript: URL payload into these attributes, which is then triggered either by user interaction.

[CVE-2025-14286] [Modified: 11-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-14307] [Modified: 05-01-2026] [Analyzed] [V3.1 S8.1:HIGH] An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.

[CVE-2025-14308] [Modified: 05-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the data length, leading to potential unauthorized code execution.

[CVE-2025-14322] [Modified: 10-12-2025] [Analyzed] [V3.1 S8.0:HIGH] Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

[CVE-2025-14323] [Modified: 10-12-2025] [Analyzed] [V3.1 S8.8:HIGH] Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

[CVE-2025-14328] [Modified: 10-12-2025] [Analyzed] [V3.1 S8.8:HIGH] Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

[CVE-2025-14329] [Modified: 10-12-2025] [Analyzed] [V3.1 S8.8:HIGH] Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

[CVE-2025-14331] [Modified: 10-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

[CVE-2025-14332] [Modified: 10-12-2025] [Analyzed] [V3.1 S7.3:HIGH] Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146 and Thunderbird < 146.

[CVE-2025-14345] [Modified: 11-12-2025] [Analyzed] [V3.1 S4.2:MEDIUM] A post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short period of time. This error can cause the transaction coordination logic to misinterpret the transaction as committed, resulting in inconsistent state on those shards. This may lead to low integrity and availability impact. This issue impacts MongoDB Server v8.0 versions prior to 8.0.16, MongoDB Server v7.0 versions prior to 7.0.26 and MongoDB server v8.2 versions prior to 8.2.2.

[CVE-2025-40806] [Modified: 02-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack with valid users.