[21/04/2026 23:24] PL do fim da escala 6 X 1 dá duas folgas e prioriza fins de semana - Poder360

[21/04/2026 17:24] Trump estende cessar-fogo no Irã e Estreito de Ormuz permanece fechado - Correio Braziliense

[21/04/2026 17:10] Ramagem: Lula ameaça adotar 'reciprocidade' após EUA pedirem saída de delegado da PF envolvido em caso do ex-deputado - BBC

[21/04/2026 19:33] STF tem 3 a 0 para condenar Eduardo Bolsonaro a indenizar Tabata - Poder360

[22/04/2026 05:13] Ataque nas pirâmides do México: duas brasileiras, uma adolescente e uma idosa, estão entre baleados - BBC

[22/04/2026 00:38] Família que morreu em acidente com carreta a caminho de SC na BR-251 estava de mudança - NSC Total

[22/04/2026 03:55] Irmãos são mortos a tiros em bar durante o feriado em Belo Horizonte - R7

[22/04/2026 00:01] Zema é o segundo concorrente de Lula em outubro a virar alvo de Moraes - Diário do Poder

[22/04/2026 03:24] Jair Bolsonaro pede autorização urgente ao STF para cirurgia no ombro - NSC Total

[21/04/2026 17:55] Presidente da CCJ desiste de antecipar sabatina de Messias - Metrópoles

[CVE-2025-59886] [Modified: 18-02-2026] [Analyzed] [V3.1 S8.8:HIGH] Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity standards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the product. Upon retirement or end of support, there will be no new security updates, non-security updates, or paid assisted support options, or online technical content updates.

[CVE-2025-66845] [Modified: 05-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] A reflected Cross-Site Scripting (XSS) vulnerability has been identified in TechStore version 1.0. The user_name endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser.

[CVE-2025-68340] [Modified: 26-02-2026] [Analyzed] [V3.1 S5.5:MEDIUM] In the Linux kernel, the following vulnerability has been resolved: team: Move team device type change at the end of team_port_add Attempting to add a port device that is already up will expectedly fail, but not before modifying the team device header_ops. In the case of the syzbot reproducer the gre0 device is already in state UP when it attempts to add it as a port device of team0, this fails but before that header_ops->create of team0 is changed from eth_header to ipgre_header in the call to team_dev_type_check_change. Later when we end up in ipgre_header() struct ip_tunnel* points to nonsense as the private data of the device still holds a struct team. Example sequence of iproute2 commands to reproduce the hang/BUG(): ip link add dev team0 type team ip link add dev gre0 type gre ip link set dev gre0 up ip link set dev gre0 master team0 ip link set dev team0 up ping -I team0 1.1.1.1 Move team_dev_type_check_change down where all other checks have passed as it changes the dev type with no way to restore it in case one of the checks that follow it fail. Also make sure to preserve the origial mtu assignment: - If port_dev is not the same type as dev, dev takes mtu from port_dev - If port_dev is the same type as dev, port_dev takes mtu from dev This is done by adding a conditional before the call to dev_set_mtu to prevent it from assigning port_dev->mtu = dev->mtu and instead letting team_dev_type_check_change assign dev->mtu = port_dev->mtu. The conditional is needed because the patch moves the call to team_dev_type_check_change past dev_set_mtu. Testing: - team device driver in-tree selftests - Add/remove various devices as slaves of team device - syzbot

[CVE-2025-45493] [Modified: 05-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function.

[CVE-2025-50526] [Modified: 02-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switch_status function.

[CVE-2025-65865] [Modified: 06-01-2026] [Analyzed] [V3.1 S7.5:HIGH] An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input.

[CVE-2025-67108] [Modified: 02-01-2026] [Analyzed] [V3.1 S10.0:CRITICAL] eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections.

[CVE-2025-67109] [Modified: 06-01-2026] [Analyzed] [V3.1 S10.0:CRITICAL] Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.

[CVE-2025-67111] [Modified: 06-01-2026] [Analyzed] [V3.1 S7.5:HIGH] An integer overflow in the RTPS protocol implementation of OpenDDS DDS before v3.33.0 allows attackers to cause a Denial of Service (DoS) via a crafted message.

[CVE-2024-57521] [Modified: 06-01-2026] [Analyzed] [V3.1 S10.0:CRITICAL] SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java.

[CVE-2025-29228] [Modified: 06-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter.

[CVE-2025-29229] [Modified: 06-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] linksys E5600 V1.1.0.26 is vulnerable to command injection in the function ddnsStatus.

[CVE-2025-33222] [Modified: 15-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.

[CVE-2025-33223] [Modified: 15-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.

[CVE-2025-33224] [Modified: 15-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.

[CVE-2025-65410] [Modified: 06-01-2026] [Analyzed] [V3.1 S6.2:MEDIUM] A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted input into the filename parameter.

[CVE-2025-65713] [Modified: 06-01-2026] [Analyzed] [V3.1 S4.0:MEDIUM] Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability.

[CVE-2025-51511] [Modified: 06-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads.

[CVE-2025-25364] [Modified: 06-01-2026] [Analyzed] [V3.1 S8.4:HIGH] A command injection vulnerability in the me.connectify.SMJobBlessHelper XPC service of Speedify VPN up to v15.0.0 allows attackers to execute arbitrary commands with root-level privileges.

[CVE-2021-47716] [Modified: 31-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CS_message', and 'name' to execute arbitrary JavaScript code in victim's browsers by submitting crafted payloads through application endpoints.