[06/02/2026 21:12] Por unanimidade, STF enquadra caixa 2 como improbidade administrativa - Brasil 247

[06/02/2026 00:01] MDB racha e deve liberar diretórios sobre alianças - Diário do Poder - Diário do Poder

[06/02/2026 12:52] Risco de superlotação preocupa PM para bloco da Ivete em São Paulo - Metrópoles

[06/02/2026 17:41] O incômodo com Fachin entre ministros favoráveis ao Código de Conduta - Revista Oeste

[07/02/2026 01:40] Professora morre após ser atacada a facadas por aluno em faculdade de RO - UOL Notícias

[06/02/2026 19:52] Tubulação da Cedae apresenta mais dois vazamentos e Guandu volta a operar com 50% da capacidade - Extra online

[06/02/2026 19:30] Escândalo Master chega perto de Alcolumbre - Folha de S.Paulo

[06/02/2026 18:55] EUA querem paz e eleições na Ucrânia já em março. Kiev torce o nariz enquanto a Rússia assiste - CNN Portugal

[06/02/2026 17:56] México retoma visto eletrônico para brasileiros após mais de três anos - G1

[06/02/2026 10:41] Chuvas extremas e ventos destrutivos mantêm a Península Ibérica sob alerta máximo - Climatempo

[CVE-2025-40640] [Modified: 03-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/create_invoice_submit.php”, using the “customerName_0” parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.

[CVE-2025-25017] [Modified: 30-10-2025] [Analyzed] [V3.1 S8.2:HIGH] Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting (XSS)

[CVE-2025-25018] [Modified: 30-10-2025] [Analyzed] [V3.1 S8.7:HIGH] Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross-Site Scripting (XSS)

[CVE-2025-37727] [Modified: 23-12-2025] [Analyzed] [V3.1 S5.7:MEDIUM] Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex

[CVE-2025-52630] [Modified: 24-10-2025] [Analyzed] [V3.1 S3.7:LOW] Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.

[CVE-2025-52632] [Modified: 24-10-2025] [Analyzed] [V3.1 S6.5:MEDIUM] A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.

[CVE-2025-52634] [Modified: 24-10-2025] [Analyzed] [V3.1 S3.7:LOW] Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.

[CVE-2025-52650] [Modified: 24-10-2025] [Analyzed] [V3.1 S8.2:HIGH] Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0

[CVE-2025-11188] [Modified: 14-11-2025] [Analyzed] [V3.1 S7.3:HIGH] The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database.

[CVE-2025-11189] [Modified: 17-11-2025] [Analyzed] [V3.1 S7.3:HIGH] The Kiwire Captive Portal contains a reflected cross-site scripting (XSS) vulnerability within the login-url parameter, allowing for Javascript execution.

[CVE-2025-11190] [Modified: 17-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website.

[CVE-2025-52624] [Modified: 24-10-2025] [Analyzed] [V3.1 S5.4:MEDIUM] A vulnerability  Bypass of the script allowlist configuration in HCL AION.  An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0.

[CVE-2025-52625] [Modified: 24-10-2025] [Analyzed] [V3.1 S3.7:LOW] A vulnerability  Cacheable SSL Page Found vulnerability has been identified in HCL AION.  Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0.

[CVE-2025-52635] [Modified: 24-10-2025] [Analyzed] [V3.1 S3.7:LOW] A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.

[CVE-2025-61856] [Modified: 27-10-2025] [Analyzed] [V3.1 S7.8:HIGH] A stack-based buffer overflow vulnerability exists in VS6ComFile!CV7BaseMap::WriteV7DataToRom of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.

[CVE-2025-61857] [Modified: 27-10-2025] [Analyzed] [V3.1 S7.8:HIGH] An out-of-bounds write vulnerability exists in VS6ComFile!CItemExChange::WinFontDynStrCheck of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.

[CVE-2025-61858] [Modified: 27-10-2025] [Analyzed] [V3.1 S7.8:HIGH] An out-of-bounds write vulnerability exists in VS6ComFile!set_AnimationItem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.

[CVE-2025-61859] [Modified: 27-10-2025] [Analyzed] [V3.1 S7.8:HIGH] An out-of-bounds write vulnerability exists in VS6ComFile!CItemDraw::is_motion_tween of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.

[CVE-2025-61860] [Modified: 27-10-2025] [Analyzed] [V3.1 S7.8:HIGH] An out-of-bounds read vulnerability exists in VS6MemInIF!set_temp_type_default of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.

[CVE-2025-61861] [Modified: 27-10-2025] [Analyzed] [V3.1 S7.8:HIGH] An out-of-bounds read vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.