[19/03/2026 14:40] Gilmar veta CPI de quebrar de sigilo de fundo ligado a hotel de Toffoli - Poder360

[19/03/2026 16:37] Onde foi parar a fortuna de Adriano da Nóbrega? MP rastreia bens e descobre compra de imóvel por parlamentar - O Globo

[19/03/2026 10:31] Dino manda Carlos Viana e Senado explicarem envio de R$ 3,6 milhões via 'emendas PIX' para fundação da Lagoinha - G1

[19/03/2026 09:58] Correspondente da RT é ferido em ataque israelense no Líbano (vídeo) - Brasil 247

[19/03/2026 09:30] Daniela Lima: Combo do Apocalipse: defesa de Vorcaro e da Reag deve propor duas delações - UOL Notícias

[19/03/2026 03:30] Caso Master e Lulinha levam PT e Centrão a atuarem para sepultar CPI do INSS - O Globo

[19/03/2026 11:32] "Fêmea obediente": as mensagens de tenente-coronel para PM morta em SP - CNN Brasil

[19/03/2026 13:49] Em evento em São Paulo, Lula confirma Dario Durigan como substituto de Haddad - G1

[19/03/2026 05:30] Master e JBS repassaram R$ 18 milhões a consultoria que pagou filho de Nunes Marques - Estadão

[19/03/2026 15:28] Globo fecha com Flávio Bolsonaro, que compartilha reportagem do Jornal Nacional sobre Lulinha nas redes - Revista Fórum

[CVE-2025-12766] [Modified: 01-12-2025] [Analyzed] [V3.1 S5.0:MEDIUM] An Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of BlackBerry® AtHoc® (OnPrem) version 7.21 could allow an attacker to potentially gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System (IWS).

[CVE-2025-34328] [Modified: 12-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component (F2MAdmin) that exposes an unauthenticated script-management endpoint at AudioCodes_files/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplied data directly to a server-side file path under the privileges of the web service account, which runs as NT AUTHORITY\\SYSTEM on Windows deployments. A remote, unauthenticated attacker can write arbitrary files into the product’s web-accessible directory structure and subsequently execute them.

[CVE-2025-34329] [Modified: 12-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an unauthenticated backup upload endpoint at AudioCodes_files/ajaxBackupUploadFile.php in the F2MAdmin web interface. The script derives a backup folder path from application configuration, creates the directory if it does not exist, and then moves an uploaded file to that location using the attacker-controlled filename, without any authentication, authorization, or file-type validation. On default Windows deployments where the backup directory resolves to the system drive, a remote attacker can upload web server or interpreter configuration files that cause a log file or other server-controlled resource to be treated as executable code. This allows subsequent HTTP requests to trigger arbitrary command execution under the web server account, which runs as NT AUTHORITY\\SYSTEM.

[CVE-2025-34330] [Modified: 12-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component (F2MAdmin) that exposes an unauthenticated prompt upload endpoint at AudioCodes_files/utils/IVR/diagram/ajaxPromptUploadFile.php. The script accepts an uploaded file and writes it into the C:\\F2MAdmin\\tmp directory using a filename derived from application constants, without any authentication, authorization, or file-type validation. A remote, unauthenticated attacker can upload or overwrite prompt- or music-on-hold–related files in this directory, potentially leading to tampering with IVR audio content or preparing files for use in further attacks.

[CVE-2025-34331] [Modified: 12-12-2025] [Analyzed] [V3.1 S7.5:HIGH] AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allowing remote, unauthenticated users to request files stored on the appliance based solely on attacker-supplied path and filename parameters. While limited to specific file extensions permitted by the application logic, sensitive backup archives can be retrieved, exposing internal databases and credential hashes. Successful exploitation may lead to disclosure of administrative password hashes and other sensitive configuration data.

[CVE-2025-34332] [Modified: 11-12-2025] [Analyzed] [V3.1 S7.8:HIGH] AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component that controls back-end Windows services using helper batch scripts located under C:\\F2MAdmin\\F2E\\AudioCodes_files\\utils\\Services. When certain service actions are requested through ajaxPost.php, these scripts are invoked by PHP using system() under the NT AUTHORITY\\SYSTEM account. The batch files in this directory are writable by any authenticated local user due to overly permissive ACLs, allowing them to replace script contents with arbitrary commands. On the next service start/stop operation, the modified script is executed as SYSTEM, enabling elevation of local privileges.

[CVE-2025-34333] [Modified: 11-12-2025] [Analyzed] [V3.1 S7.8:HIGH] AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 configure the web document root at C:\\F2MAdmin\\F2E with overly permissive file system permissions. Authenticated local users have modify rights on this directory, while the associated web server process runs as NT AUTHORITY\\SYSTEM. As a result, any local user can create or alter server-side scripts within the webroot and then trigger them via HTTP requests, causing arbitrary code to execute with SYSTEM privileges.

[CVE-2025-34334] [Modified: 11-12-2025] [Analyzed] [V3.1 S8.8:HIGH] AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodes_files/TestFax.php. When a fax "send" test is requested, the application builds a faxsender command line using attacker-supplied parameters and passes it to GlobalUtils::RunBatchFile without proper validation or shell-argument sanitization. The resulting batch file is written into a temporary run directory and then executed via a backend service that runs as NT AUTHORITY\\SYSTEM. An authenticated attacker with access to the fax test interface can craft parameter values that inject additional shell commands into the generated batch file, leading to arbitrary command execution with SYSTEM privileges. In addition, because the generated batch files reside in a location with overly permissive file system permissions, a local low-privilege user on the server can modify pending batch files to achieve the same elevation.

[CVE-2025-34335] [Modified: 11-12-2025] [Analyzed] [V3.1 S8.8:HIGH] AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an authenticated command injection vulnerability in the license activation workflow handled by AudioCodes_files/ActivateLicense.php. When a license file is uploaded, the application derives a new filename by combining a generated base name with the attacker-controlled extension portion of the original upload name, then constructs a command line for fax_server_lic_cmdline.exe that includes this path. The extension value is incorporated into the command string without input validation, escaping, or proper argument quotation before being passed to exec(). An authenticated user with access to the license upload interface can supply a specially crafted filename whose extension injects additional shell metacharacters, causing arbitrary commands to be executed as NT AUTHORITY\\SYSTEM.

[CVE-2025-64521] [Modified: 20-11-2025] [Analyzed] [V3.1 S4.8:MEDIUM] authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with client_id and client_secret to an OAuth provider, authentik creates a service account for the provider. In previous authentik versions, authentication for this account was possible even when the account was deactivated. Other permissions are correctly applied and federation with other providers still take assigned policies correctly into account. authentik versions 2025.8.5 and 2025.10.2 fix this issue. A workaround involves adding a policy to the application that explicitly checks if the service account is still valid, and deny access if not.

[CVE-2025-64708] [Modified: 20-11-2025] [Analyzed] [V3.1 S5.8:MEDIUM] authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5 minutes because the cleanup of expired objects is scheduled to run every 5 minutes. However, with a large amount of tasks in the backlog, this might take longer. authentik versions 2025.8.5 and 2025.10.2 fix this issue. A workaround involves creating a policy that explicitly checks whether the invitation is still valid, and then bind it to the invitation stage on the invitation flow, and denying access if the invitation is not valid.

[CVE-2025-64757] [Modified: 20-11-2025] [Analyzed] [V3.1 S3.5:LOW] Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote attackers to read any image file accessible to the Node.js process on the host system. This issue has been patched in version 5.14.3.

[CVE-2025-64764] [Modified: 20-11-2025] [Analyzed] [V3.1 S7.1:HIGH] Astro is a web framework. Prior to version 5.15.8, a reflected XSS vulnerability is present when the server islands feature is used in the targeted application, regardless of what was intended by the component template(s). This issue has been patched in version 5.15.8.

[CVE-2025-64765] [Modified: 25-11-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Astro is a web framework. Prior to version 5.15.8, a mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI() to determine which route to render, while the middleware uses context.url.pathname without applying the same normalization (decodeURI). This discrepancy may allow attackers to reach protected routes using encoded path variants that pass routing but bypass validation checks. This issue has been patched in version 5.15.8.

[CVE-2025-65019] [Modified: 25-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Astro is a web framework. Prior to version 5.15.9, when using Astro's Cloudflare adapter (@astrojs/cloudflare) with output: 'server', the image optimization endpoint (/_image) contains a critical vulnerability in the isRemoteAllowed() function that unconditionally allows data: protocol URLs. This enables Cross-Site Scripting (XSS) attacks through malicious SVG payloads, bypassing domain restrictions and Content Security Policy protections. This issue has been patched in version 5.15.9.

[CVE-2025-13315] [Modified: 02-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.

[CVE-2025-13316] [Modified: 25-11-2025] [Analyzed] [V3.1 S8.1:HIGH] Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the plain text password and gain administrator-level access to Twonky Server.

[CVE-2025-63206] [Modified: 31-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser.

[CVE-2025-63207] [Modified: 15-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to broken access control due to improper authentication checks on the /_Passwd.html endpoint. An attacker can send an unauthenticated POST request to change the Admin, Operator, and User passwords, resulting in complete system compromise.

[CVE-2025-63208] [Modified: 15-01-2026] [Analyzed] [V3.1 S7.5:HIGH] An issue was discovered in bridgetech VB288 Objective QoE Content Extractor, firmware version 5.6.0-8, allowing attackers to gain sensitive information such as administrator passwords via the /probe/core/setup/passwd endpoint.