[07/01/2026 09:51] Anvisa proíbe venda de panetones após identificar fungos em lotes - CNN Brasil

[05/01/2026 18:56] Nicolás Maduro Guerra: filho de Maduro declara 'apoio incondicional' a Delcy Rodríguez - BBC

[06/01/2026 08:15] Nem azeite, nem peixe: estudo inédito da USP desvenda o segredo dos supercentenários - O Globo

[07/01/2026 08:36] MP/RJ pede prisão preventiva de ex-CEO da Hurb após violar cautelares - Migalhas

[07/01/2026 06:02] Trabalho análogo à escravidão: as churrascarias e restaurantes japoneses acusados de manter funcionários nessas condições - BBC

[06/01/2026 08:33] São José divulga regras do IPTU 2026 com descontos e atendimento especial ao contribuinte - Prefeitura Municipal De São José

[07/01/2026 09:20] Lula sanciona lei que proíbe descontos nos benefícios pagos pelo INSS e determina 'busca ativa' de aposentados lesados - G1

[07/01/2026 07:07] Sem foro no STF, Malafaia é intimado por Moraes para responder sobre suposta calúnia - Revista Oeste

[07/01/2026 09:26] Zema amplia segurança a ex-governadores e estende proteção no pós-mandato - Estado de Minas

[07/01/2026 00:01] Verborragia de Lula é alvo de críticas e força Planalto a pegar leve em defesa do ditador - Diário do Poder - Diário do Poder

[CVE-2025-7970] [Modified: 17-09-2025] [Analyzed] [V3.1 S7.5:HIGH] A security issue exists within FactoryTalk Activation Manager. An error in the implementation of cryptography within the software could allow attackers to decrypt traffic. This could result in data exposure, session hijacking, or full communication compromise.

[CVE-2025-8007] [Modified: 17-09-2025] [Analyzed] [V3.1 S6.5:MEDIUM] A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules, where a Concurrent Forward Close operation can trigger a Major Non-Recoverable (MNFR) fault. This condition may lead to unexpected system crashes and loss of device availability.

[CVE-2025-8008] [Modified: 17-09-2025] [Analyzed] [V3.1 S6.5:MEDIUM] A security issue exists in the protected mode of EN4TR devices, where sending specifically crafted messages during a Forward Close operation can cause the device to crash.

[CVE-2025-9065] [Modified: 20-10-2025] [Analyzed] [V3.1 S8.8:HIGH] A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash.

[CVE-2025-9161] [Modified: 20-10-2025] [Analyzed] [V3.1 S8.8:HIGH] A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. This flaw enables the loading of remote Mosquito plugins, which can be used to achieve remote code execution.

[CVE-2025-9166] [Modified: 20-10-2025] [Analyzed] [V3.1 S7.5:HIGH] A denial-of-service security issue exists in the affected product and version. The security issue stems from the controller repeatedly attempting to forward messages. The issue could result in a major nonrecoverable fault on the controller.

[CVE-2025-9364] [Modified: 10-09-2025] [Analyzed] [V3.1 S8.8:HIGH] An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and potential alteration of data.

[CVE-2024-45325] [Modified: 10-09-2025] [Analyzed] [V3.1 S6.7:MEDIUM] An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiDDoS-F version 7.0.0 through 7.02 and before 6.6.3 may allow a privileged attacker to execute unauthorized code or commands via crafted CLI requests.

[CVE-2025-33045] [Modified: 02-10-2025] [Analyzed] [V3.1 S8.2:HIGH] APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure of Sensitive Information to an Unauthorized Actor” through local access. The successful exploitation of these vulnerabilities can lead to information disclosure, arbitrary data writing, and impact Confidentiality, Integrity, and Availability.

[CVE-2025-53609] [Modified: 10-09-2025] [Analyzed] [V3.1 S4.9:MEDIUM] A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests.

[CVE-2025-54236] [Modified: 07-01-2026] [Analyzed] [V3.1 S9.1:CRITICAL] Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.

[CVE-2025-43776] [Modified: 16-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScript through Custom Object field label. The malicious payload is stored and executed through Process Builder's Configuration tab without proper escaping.

[CVE-2025-52277] [Modified: 17-10-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configuration robots field

[CVE-2025-52322] [Modified: 17-10-2025] [Analyzed] [V3.1 S7.5:HIGH] An issue in Open5GS v2.7.2 and before allows a remote attacker to cause a denial of service via a crafted Create Session Request message to the SMF (PGW-C), using the IP address of a legitimate UE in the PDN Address Allocation (PAA) field

[CVE-2025-55139] [Modified: 24-09-2025] [Analyzed] [V3.1 S6.8:MEDIUM] SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to enumerate internal services.

[CVE-2025-55141] [Modified: 24-09-2025] [Analyzed] [V3.1 S8.8:HIGH] Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.

[CVE-2025-55142] [Modified: 24-09-2025] [Analyzed] [V3.1 S8.8:HIGH] Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure authentication related settings.

[CVE-2025-55143] [Modified: 24-09-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to inject arbitrary text into a crafted HTTP response. User interaction is required.

[CVE-2025-55144] [Modified: 24-09-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.

[CVE-2025-55145] [Modified: 24-09-2025] [Analyzed] [V3.1 S8.9:HIGH] Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker to hijack existing HTML5 connections.