[20/04/2026 23:48] Quem é Marcelo Ivo, delegado da PF expulso dos EUA - Poder360

[20/04/2026 15:26] Dino defende reforma do Judiciário com penas mais rigorosas para corrupção de juízes - O Globo

[20/04/2026 10:58] Gilmar pede a inclusão de Zema no inquérito das fake news - CartaCapital

[20/04/2026 07:53] Irã confirma que não tem planos de participar de novas negociações por paz com os EUA - Correio do Povo

[20/04/2026 08:20] O que se sabe sobre o ataque a tiros que matou oito crianças nos EUA - CNN Brasil

[20/04/2026 16:51] Desembargadora que reclamou de corte em penduricalhos tem carro de R$ 175 mil pago pelo tribunal - Metrópoles

[20/04/2026 13:02] Lula: Brasil pode se transformar na Arábia Saudita do biocombustível - CNN Brasil

[20/04/2026 16:33] "Queda do muro da Fraport é responsabilidade de quem gerencia", afirma governador Elmano - O POVO

[20/04/2026 17:30] Sóstenes critica proposta do PT para o STF e cita 'conveniência política' - Correio Braziliense

[20/04/2026 16:44] Professor brasileiro desaparecido é achado morto em Buenos Aires - Estado de Minas

[CVE-2025-11540] [Modified: 15-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Path Traversal vulnerability in Sharp Display Solutions projectors allows a attacker may access and read any files within the projector.

[CVE-2025-11541] [Modified: 15-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.

[CVE-2025-11542] [Modified: 15-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.

[CVE-2025-11543] [Modified: 15-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.

[CVE-2025-12049] [Modified: 15-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the authoring software to the affected product without authentication.

[CVE-2025-15012] [Modified: 24-12-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. This manipulation of the argument a causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-12514] [Modified: 26-01-2026] [Analyzed] [V3.1 S7.2:HIGH] Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.

[CVE-2025-54890] [Modified: 26-01-2026] [Analyzed] [V3.1 S6.8:MEDIUM] Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hostgroup configuration page) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19, from 23.10.0 before 23.10.29.

[CVE-2025-8460] [Modified: 26-01-2026] [Analyzed] [V3.1 S6.8:MEDIUM] Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.

[CVE-2025-14273] [Modified: 29-12-2025] [Analyzed] [V3.1 S7.2:HIGH] Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows a valid user ID to issue authenticated GET and POST requests to the Jira server via crafted plugin payloads that spoof the user ID and inject arbitrary issue key paths. Mattermost Advisory ID: MMSA-2025-00555

[CVE-2025-67826] [Modified: 02-01-2026] [Analyzed] [V3.1 S7.7:HIGH] An issue was discovered in K7 Ultimate Security 17.0.2045. A Local Privilege Escalation (LPE) vulnerability in the K7 Ultimate Security antivirus can be exploited by a local unprivileged user on default installations of the product. Insecure access to a named pipe allows unprivileged users to edit any registry key, leading to a full compromise as SYSTEM.

[CVE-2025-67443] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting (XSS). Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel.

[CVE-2025-68333] [Modified: 26-02-2026] [Analyzed] [V3.1 S5.5:MEDIUM] In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix possible deadlock in the deferred_irq_workfn() For PREEMPT_RT=y kernels, the deferred_irq_workfn() is executed in the per-cpu irq_work/* task context and not disable-irq, if the rq returned by container_of() is current CPU's rq, the following scenarios may occur: lock(&rq->__lock); <Interrupt> lock(&rq->__lock); This commit use IRQ_WORK_INIT_HARD() to replace init_irq_work() to initialize rq->scx.deferred_irq_work, make the deferred_irq_workfn() is always invoked in hard-irq context.

[CVE-2025-65270] [Modified: 05-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] Reflected cross-site scripting (XSS) vulnerability in ClinCapture EDC 3.0 and 2.2.3, allowing an unauthenticated remote attacker to execute JavaScript code in the context of the victim's browser.

[CVE-2025-67289] [Modified: 02-01-2026] [Analyzed] [V3.1 S9.6:CRITICAL] An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file.

[CVE-2025-68645] [Modified: 23-01-2026] [Analyzed] [V3.1 S8.8:HIGH] A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.

[CVE-2024-25814] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] MyNET up to v26.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the msg parameter.

[CVE-2024-35321] [Modified: 05-01-2026] [Analyzed] [V3.1 S4.3:MEDIUM] MyNET up to v26.08 was discovered to contain a Reflected cross-site scripting (XSS) vulnerability via the msgtipo parameter.

[CVE-2025-26787] [Modified: 05-01-2026] [Analyzed] [V3.1 S4.7:MEDIUM] An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to configure Certificate access to the initial startup of the container sets a property of "allowany" to allow any user with a valid and trusted client auth certificate to connect. Admins can then set more restricted access to specific certificates. A logic error caused this admin CLI command to be run on each restart of the container instead of only the first startup as intended resetting the configuration to "allowany".

[CVE-2025-63662] [Modified: 05-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Insecure permissions in the /api/v1/agents API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access sensitive information.