[09/04/2026 10:02] Espaço aéreo de SP é fechado após falha elétrica em controle de tráfego - CNN Brasil

[09/04/2026 06:25] Trump expõe condições e ministro iraniano acusa violações a cessar-fogo firmado com os EUA; o que acontece no conflito - BBC

[09/04/2026 11:15] Governo vai liberar R$ 7 bi do FGTS a 10 milhões de trabalhadores, diz ministro do Trabalho - O Globo

[09/04/2026 06:45] Irã desafia Trump e volta a dizer que continuará enriquecendo urânio - UOL Notícias

[09/04/2026 08:28] Câmera gravou reações de PMs após tiro em mulher, mostra TV: 'Você atirou?' - UOL Notícias

[09/04/2026 00:05] Master pagou R$ 80 milhões à mulher de Moraes, diz Fisco - Poder360

[09/04/2026 03:00] Chefe do tráfico em favela onde foram apreendidas 48 toneladas de maconha, Motoboy tem mais de 300 anotações criminais - Extra online

[09/04/2026 05:48] Professores da rede estadual de SP fazem paralisação nesta quinta e sexta; veja o que está pauta - São Carlos Agora

[09/04/2026 07:22] MG: trabalhador morre por descarga elétrica em poste - Estado de Minas

[09/04/2026 10:48] Casal sai para fumar e sente o cheiro da morte em MG - Estado de Minas

[CVE-2025-13184] [Modified: 19-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions that share the same implementation, may also be affected.

[CVE-2025-8110] [Modified: 20-01-2026] [Analyzed] [V3.1 S8.8:HIGH] Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

[CVE-2025-34392] [Modified: 23-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload.

[CVE-2025-34393] [Modified: 23-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary methods or deserialization of untrusted types.

[CVE-2025-34394] [Modified: 23-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution.

[CVE-2025-34395] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.5:HIGH] Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can invoke a method vulnerable to path traversal to read arbitrary files. This vulnerability can be escalated to remote code execution by retrieving the .NET machine keys.

[CVE-2025-34410] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.1:HIGH] 1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the Change Username functionality available from the settings panel (/settings/panel). The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a username-change request; when a victim visits the page while authenticated, the browser includes valid session cookies and the request succeeds. This allows an attacker to change the victim’s 1Panel username without consent. After the change, the victim is logged out and unable to log in with the previous username, resulting in account lockout and denial of service.

[CVE-2025-34416] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.8:HIGH] MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPO.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIPO.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process.

[CVE-2025-34417] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.8:HIGH] MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISO.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAISO.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process.

[CVE-2025-34418] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.8:HIGH] MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIMF.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIMF.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process.

[CVE-2025-34419] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.8:HIGH] MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISM.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAISM.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process.

[CVE-2025-34420] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.8:HIGH] MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAM.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIAM.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.

[CVE-2025-34421] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.8:HIGH] MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISP.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAISP.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.

[CVE-2025-34422] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.8:HIGH] MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPC.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIPC.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.

[CVE-2025-34423] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.8:HIGH] MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAU.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIAU.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.

[CVE-2025-34424] [Modified: 17-12-2025] [Analyzed] [V3.1 S7.8:HIGH] MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIDP.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIDP.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.

[CVE-2025-65803] [Modified: 17-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] An integer overflow in the psdParser::ReadImageData function of FreeImage v3.18.0 and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted PSD file.

[CVE-2025-65807] [Modified: 17-12-2025] [Analyzed] [V3.1 S8.4:HIGH] An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command.

[CVE-2025-52493] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] PagerDuty Runbook through 2025-06-12 exposes stored secrets directly in the webpage DOM at the configuration page. Although these secrets appear masked as password fields, the actual secret values are present in the page source and can be revealed by simply modifying the input field type from "password" to "text" using browser developer tools. This vulnerability is exploitable by administrative users who have access to the configuration page.

[CVE-2025-65792] [Modified: 17-12-2025] [Analyzed] [V3.1 S9.1:CRITICAL] DataGear v5.5.0 is vulnerable to Arbitrary File Deletion.