[21/04/2026 10:48] Quem é Tatiana Alves Torres, que vai substituir delegado envolvido na prisão de Ramagem - G1

[20/04/2026 15:27] Irã aceita nova negociação com os EUA no Paquistão, diz jornal - Poder360

[21/04/2026 10:50] Em Portugal, Lula diz que Trump tem que 'ganhar logo' Nobel da Paz para acabar com as guerras - G1

[20/04/2026 07:01] O desafio em torno das minas navais no Estreito de Ormuz - Terra

[20/04/2026 13:46] ‘Se teatro de fantoches é ameaça, a carapuça serviu’, diz Zema sobre STF - Estado de Minas

[21/04/2026 08:01] Fachin elogia proposta de Dino para reforma do Judiciário - Poder360

[21/04/2026 12:02] Tragédia na BR-251: acidentes no feriado dobram mortes e expõem perigos - Estado de Minas

[21/04/2026 09:25] Lula atrasa agenda e Merz o deixa sozinho na visita a feira - Diário do Poder

[21/04/2026 10:43] ‘Caramelo’ rouba a cena durante homenagem a Tiradentes em Ouro Preto - O TEMPO

[21/04/2026 09:03] Após ovação a Lula na Europa, André Ventura promete ato com insultos ao líder brasileiro - Revista Fórum

[CVE-2025-67826] [Modified: 02-01-2026] [Analyzed] [V3.1 S7.7:HIGH] An issue was discovered in K7 Ultimate Security 17.0.2045. A Local Privilege Escalation (LPE) vulnerability in the K7 Ultimate Security antivirus can be exploited by a local unprivileged user on default installations of the product. Insecure access to a named pipe allows unprivileged users to edit any registry key, leading to a full compromise as SYSTEM.

[CVE-2025-67443] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting (XSS). Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel.

[CVE-2025-68333] [Modified: 26-02-2026] [Analyzed] [V3.1 S5.5:MEDIUM] In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix possible deadlock in the deferred_irq_workfn() For PREEMPT_RT=y kernels, the deferred_irq_workfn() is executed in the per-cpu irq_work/* task context and not disable-irq, if the rq returned by container_of() is current CPU's rq, the following scenarios may occur: lock(&rq->__lock); <Interrupt> lock(&rq->__lock); This commit use IRQ_WORK_INIT_HARD() to replace init_irq_work() to initialize rq->scx.deferred_irq_work, make the deferred_irq_workfn() is always invoked in hard-irq context.

[CVE-2025-65270] [Modified: 05-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] Reflected cross-site scripting (XSS) vulnerability in ClinCapture EDC 3.0 and 2.2.3, allowing an unauthenticated remote attacker to execute JavaScript code in the context of the victim's browser.

[CVE-2025-67289] [Modified: 02-01-2026] [Analyzed] [V3.1 S9.6:CRITICAL] An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file.

[CVE-2025-68645] [Modified: 23-01-2026] [Analyzed] [V3.1 S8.8:HIGH] A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.

[CVE-2024-25814] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] MyNET up to v26.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the msg parameter.

[CVE-2024-35321] [Modified: 05-01-2026] [Analyzed] [V3.1 S4.3:MEDIUM] MyNET up to v26.08 was discovered to contain a Reflected cross-site scripting (XSS) vulnerability via the msgtipo parameter.

[CVE-2025-26787] [Modified: 05-01-2026] [Analyzed] [V3.1 S4.7:MEDIUM] An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to configure Certificate access to the initial startup of the container sets a property of "allowany" to allow any user with a valid and trusted client auth certificate to connect. Admins can then set more restricted access to specific certificates. A logic error caused this admin CLI command to be run on each restart of the container instead of only the first startup as intended resetting the configuration to "allowany".

[CVE-2025-63662] [Modified: 05-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Insecure permissions in the /api/v1/agents API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access sensitive information.

[CVE-2025-63663] [Modified: 05-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Incorrect access control in the /api/v1/conversations/*/files API of GT Edge AI Platform before v2.0.10 allows unauthorized attackers to access other users' uploaded files.

[CVE-2025-63664] [Modified: 05-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Incorrect access control in the /api/v1/conversations/*/messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access other users' message history with AI agents.

[CVE-2024-25812] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] MyNET up to v26.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the src parameter.

[CVE-2024-27708] [Modified: 02-01-2026] [Analyzed] [V3.1 S9.6:CRITICAL] Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter.

[CVE-2025-65790] [Modified: 05-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] A reflected cross-site scripting (XSS) vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim opens a crafted SVG containing an inline <script> element, the browser executes the attacker-controlled JavaScript.

[CVE-2025-65837] [Modified: 05-01-2026] [Analyzed] [V3.1 S5.4:MEDIUM] PublicCMS V5.202506.b is vulnerable to Cross Site Scripting (XSS) in the Content Search module.

[CVE-2025-67290] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field.

[CVE-2025-67291] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.

[CVE-2025-67418] [Modified: 02-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in full administrative control of the application.

[CVE-2025-65817] [Modified: 06-01-2026] [Analyzed] [V3.1 S8.8:HIGH] LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability in start_app.sh.