[10/04/2026 03:55] Caso da eleição no Rio de Janeiro expõe racha no STF - Correio Braziliense

[10/04/2026 08:53] Governo firma acordo com agência dos EUA para combate ao tráfico de armas e drogas - G1

[10/04/2026 09:26] Exército prende militares por ordem de Moraes - Revista Oeste

[09/04/2026 19:24] Quem é o senador que vai relatar o processo de sabatina de Messias - Revista Oeste

[09/04/2026 22:42] Trump diz que Irã não pode cobrar taxa de navegação em Ormuz - Poder360

[10/04/2026 11:03] Três suspeitos são presos por explosão e assalto a banco em Minas - Estado de Minas

[10/04/2026 12:11] Gilmar vota por inconstitucionalidade de lei de SC que proíbe cotas raciais - UOL Notícias

[10/04/2026 08:13] Beto Louco entrega proposta de delação premiada e denuncia magistrados - Brasil 247

[10/04/2026 06:00] Troca de farpas de Nikolas Ferreira e Jorge Seif sobre dosimetria - ND Mais

[10/04/2026 07:38] O "sonho de consumo" de Flávio para vice - O Antagonista

[CVE-2025-14516] [Modified: 05-03-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was found in Yalantis uCrop 2.2.11. Affected by this issue is the function downloadFile of the file com.yalantis.ucrop.task.BitmapLoadTask.java of the component URL Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-14517] [Modified: 05-03-2026] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability was determined in Yalantis uCrop 2.2.11. This affects the function UCropActivity  of the file AndroidManifest.xml. Executing manipulation can lead to improper export of android application components. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2024-40593] [Modified: 12-12-2025] [Analyzed] [V3.1 S6.0:MEDIUM] A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiOS 7.6.0, FortiOS 7.4.4, FortiOS 7.2.7, FortiOS 7.0.14, FortiPortal 6.0 all versions may allow an authenticated admin to retrieve a certificate's private key via the device's admin shell.

[CVE-2025-14265] [Modified: 16-01-2026] [Analyzed] [V3.1 S9.1:CRITICAL] In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of custom code on the server or unauthorized access to application configuration data. This issue affects only the ScreenConnect server component; host and guest clients are not impacted. ScreenConnect 25.8 introduces enhanced server-side configuration handling and integrity checks to ensure only trusted extensions can be installed.

[CVE-2025-14519] [Modified: 06-01-2026] [Analyzed] [V3.1 S3.5:LOW] A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component advtext Module. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be exploited. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-14520] [Modified: 09-01-2026] [Analyzed] [V3.1 S5.4:MEDIUM] A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. This product adopts a rolling release strategy to maintain continuous delivery The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-14521] [Modified: 09-01-2026] [Analyzed] [V3.1 S4.3:MEDIUM] A security vulnerability has been detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The affected element is an unknown function of the file /admin/index.php/datafile/download. Such manipulation of the argument filename leads to path traversal. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-14522] [Modified: 09-01-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/upload_json.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-55307] [Modified: 06-01-2026] [Analyzed] [V3.1 S3.3:LOW] An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query() with a crafted cDIPath parameter (e.g., "/") may cause an out-of-bounds read in internal path-parsing logic, potentially leading to information disclosure or memory corruption.

[CVE-2025-55308] [Modified: 06-01-2026] [Analyzed] [V3.1 S6.7:MEDIUM] An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. A crafted PDF containing JavaScript that calls closeDoc() while internal objects are still in use can cause premature release of these objects. This use-after-free vulnerability may lead to memory corruption, potentially resulting in information disclosure when the PDF is opened.

[CVE-2025-55309] [Modified: 06-01-2026] [Analyzed] [V3.1 S6.7:MEDIUM] An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destroys an annotation. During user right-click interaction, the program's internal focus change handling prematurely releases the annotation object, resulting in a use-after-free vulnerability that may cause memory corruption or application crashes.

[CVE-2025-55310] [Modified: 18-12-2025] [Analyzed] [V3.1 S7.3:HIGH] An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. An attacker able to alter or replace the static HTML files used by the StartPage feature can cause the application to load malicious or compromised content upon startup. This may result in information disclosure, unauthorized data access, or other security impacts.

[CVE-2025-55312] [Modified: 18-12-2025] [Analyzed] [V3.1 S7.8:HIGH] An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code.

[CVE-2025-55313] [Modified: 18-12-2025] [Analyzed] [V3.1 S7.8:HIGH] An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely large value to a form field's charLimit property via JavaScript. This can result in memory corruption and may allow an attacker to execute arbitrary code by persuading a user to open a malicious file.

[CVE-2025-55314] [Modified: 18-12-2025] [Analyzed] [V3.1 S7.8:HIGH] An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code.

[CVE-2025-59802] [Modified: 18-12-2025] [Analyzed] [V3.1 S7.5:HIGH] Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamically change the visibility of OCG content after signing (Post-Sign), allowing the visual content of a signed PDF to be modified without invalidating the signature. This may result in a mismatch between the signed content and what the signer or verifier sees, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.

[CVE-2025-59803] [Modified: 15-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the triggers modify content on other pages or optional content layers without explicit warning. This can cause the signed PDF to differ from what the signer saw, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.

[CVE-2025-67739] [Modified: 23-12-2025] [Analyzed] [V3.1 S3.1:LOW] In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure

[CVE-2025-67740] [Modified: 15-12-2025] [Analyzed] [V3.1 S2.7:LOW] In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata

[CVE-2025-67741] [Modified: 15-12-2025] [Analyzed] [V3.1 S4.6:MEDIUM] In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute