[11/03/2026 19:37] Zanin é o novo relator do pedido de instalação da CPI do Master - Correio Braziliense

[12/03/2026 01:46] Irã estabelece três condições para o fim da guerra contra os EUA e Israel - UOL Notícias

[11/03/2026 18:13] Tarcísio: Trump querer rotular facções como "terroristas" é "oportunidade" - CNN Brasil

[11/03/2026 19:52] Foto de menino iraniano se despedindo da mãe antes de ser morto por míssil choca o mundo - Revista Fórum

[12/03/2026 00:01] Ascensão de Flávio Bolsonaro nas pesquisas desanima Lula e pressiona PSD - Diário do Poder - Diário do Poder

[11/03/2026 12:20] Enquanto bloqueia o tráfego no Estreito de Ormuz, Irã mantém fluxo de petróleo e exporta mais do que antes da guerra - O Globo

[11/03/2026 15:39] Erika Hilton é eleita presidente da Comissão de Direito das Mulheres após tentativa de boicote da oposição - O Globo

[11/03/2026 12:08] PF identifica 15 perfis originais que publicaram trend “caso ela diga não” - CNN Brasil

[12/03/2026 00:22] Chuva atinge todos os estados do Centro-Sul do Brasil nesta quinta: veja onde deve chover forte - MetSul Meteorologia

[11/03/2026 16:02] Quaest: Zema e Leite têm pior desempenho entre governadores - Estado de Minas

[CVE-2025-12869] [Modified: 18-11-2025] [Analyzed] [V3.1 S4.8:MEDIUM] The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in users' browsers upon page load.

[CVE-2025-12870] [Modified: 18-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.

[CVE-2025-12871] [Modified: 18-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges.

[CVE-2025-64401] [Modified: 13-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "floating frames" linked to external files would load the contents of those frames without prompting the user for permission to do so. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue. The LibreOffice suite reported this issue as CVE-2023-2255

[CVE-2025-64402] [Modified: 13-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "OLE objects" linked to external files would load the contents of those files without prompting the user for permission to do so. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue.

[CVE-2025-64403] [Modified: 13-11-2025] [Analyzed] [V3.1 S8.1:HIGH] Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue.

[CVE-2025-64406] [Modified: 13-11-2025] [Analyzed] [V3.1 S4.3:MEDIUM] An out-of-bounds Write vulnerability in Apache OpenOffice could allow an attacker to craft a document that would crash the program, or otherwise corrupt other memory areas. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue.

[CVE-2025-12382] [Modified: 11-12-2025] [Analyzed] [V3.1 S8.8:HIGH] Improper Limitation of a Pathname 'Path Traversal') vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection. This issue affects Algosec Firewall Analyzer: A33.0 (up to build 320), A33.10 (up to build 210).

[CVE-2025-37734] [Modified: 11-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant.

[CVE-2025-59118] [Modified: 13-11-2025] [Analyzed] [V3.1 S7.3:HIGH] Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue.

[CVE-2025-61623] [Modified: 13-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Reflected cross-site scripting vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue.

[CVE-2025-40149] [Modified: 26-02-2026] [Analyzed] [V3.1 S7.8:HIGH] In the Linux kernel, the following vulnerability has been resolved: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). get_netdev_for_sock() is called during setsockopt(), so not under RCU. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() and dst_dev_rcu(). Note that the only ->ndo_sk_get_lower_dev() user is bond_sk_get_lower_dev(), which uses RCU.

[CVE-2025-40164] [Modified: 26-02-2026] [Analyzed] [V3.1 S5.5:MEDIUM] In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix using smp_processor_id() in preemptible code warnings Syzbot reported the following warning: BUG: using smp_processor_id() in preemptible [00000000] code: dhcpcd/2879 caller is usbnet_skb_return+0x74/0x490 drivers/net/usb/usbnet.c:331 CPU: 1 UID: 0 PID: 2879 Comm: dhcpcd Not tainted 6.15.0-rc4-syzkaller-00098-g615dca38c2ea #0 PREEMPT(voluntary) Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 check_preemption_disabled+0xd0/0xe0 lib/smp_processor_id.c:49 usbnet_skb_return+0x74/0x490 drivers/net/usb/usbnet.c:331 usbnet_resume_rx+0x4b/0x170 drivers/net/usb/usbnet.c:708 usbnet_change_mtu+0x1be/0x220 drivers/net/usb/usbnet.c:417 __dev_set_mtu net/core/dev.c:9443 [inline] netif_set_mtu_ext+0x369/0x5c0 net/core/dev.c:9496 netif_set_mtu+0xb0/0x160 net/core/dev.c:9520 dev_set_mtu+0xae/0x170 net/core/dev_api.c:247 dev_ifsioc+0xa31/0x18d0 net/core/dev_ioctl.c:572 dev_ioctl+0x223/0x10e0 net/core/dev_ioctl.c:821 sock_do_ioctl+0x19d/0x280 net/socket.c:1204 sock_ioctl+0x42f/0x6a0 net/socket.c:1311 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl fs/ioctl.c:892 [inline] __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f For historical and portability reasons, the netif_rx() is usually run in the softirq or interrupt context, this commit therefore add local_bh_disable/enable() protection in the usbnet_resume_rx().

[CVE-2025-63666] [Modified: 17-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to access protected resources.

[CVE-2025-11366] [Modified: 14-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] N-central < 2025.4 is vulnerable to authentication bypass via path traversal

[CVE-2025-11367] [Modified: 14-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization

[CVE-2025-63289] [Modified: 05-01-2026] [Analyzed] [V3.1 S9.1:CRITICAL] Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryption_helper.dart file

[CVE-2025-63353] [Modified: 31-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. The device generates default passwords using a deterministic algorithm that derives the router passphrase from the SSID, enabling an attacker who can observe the SSID to predict the default password without authentication or user interaction.

[CVE-2025-64280] [Modified: 31-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field.

[CVE-2025-64281] [Modified: 31-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials.