[21/04/2026 19:05] Trump estende cessar-fogo com Irã, mas mantém tropas em Ormuz - Poder360

[21/04/2026 17:10] Ramagem: Lula ameaça adotar 'reciprocidade' após EUA pedirem saída de delegado da PF envolvido em caso do ex-deputado - BBC

[21/04/2026 23:24] PL do fim da escala 6 X 1 dá duas folgas e prioriza fins de semana - Poder360

[21/04/2026 16:11] Oposição articula novo pedido de impeachment de Gilmar Mendes após pedido para incluir Zema no inquérito das fake news - O Globo

[21/04/2026 22:14] Ataque no México: duas brasileiras estão entre feridos nas pirâmides - CNN Brasil

[21/04/2026 06:45] Imprensa trata Flávio Bolsonaro como se ele não representasse risco à democracia - ICL Notícias

[22/04/2026 00:38] Família que morreu em acidente com carreta a caminho de SC na BR-251 estava de mudança - NSC Total

[21/04/2026 15:25] Lula diz que Parlamento Europeu errou ao contestar o Mercosul-UE - Poder360

[21/04/2026 19:46] Choquei rompe silêncio após prisão de dono por envolvimento em esquema bilionário - Rádio Itatiaia

[21/04/2026 17:55] Presidente da CCJ desiste de antecipar sabatina de Messias - Metrópoles

[CVE-2025-59886] [Modified: 18-02-2026] [Analyzed] [V3.1 S8.8:HIGH] Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity standards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the product. Upon retirement or end of support, there will be no new security updates, non-security updates, or paid assisted support options, or online technical content updates.

[CVE-2025-66845] [Modified: 05-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] A reflected Cross-Site Scripting (XSS) vulnerability has been identified in TechStore version 1.0. The user_name endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser.

[CVE-2025-68340] [Modified: 26-02-2026] [Analyzed] [V3.1 S5.5:MEDIUM] In the Linux kernel, the following vulnerability has been resolved: team: Move team device type change at the end of team_port_add Attempting to add a port device that is already up will expectedly fail, but not before modifying the team device header_ops. In the case of the syzbot reproducer the gre0 device is already in state UP when it attempts to add it as a port device of team0, this fails but before that header_ops->create of team0 is changed from eth_header to ipgre_header in the call to team_dev_type_check_change. Later when we end up in ipgre_header() struct ip_tunnel* points to nonsense as the private data of the device still holds a struct team. Example sequence of iproute2 commands to reproduce the hang/BUG(): ip link add dev team0 type team ip link add dev gre0 type gre ip link set dev gre0 up ip link set dev gre0 master team0 ip link set dev team0 up ping -I team0 1.1.1.1 Move team_dev_type_check_change down where all other checks have passed as it changes the dev type with no way to restore it in case one of the checks that follow it fail. Also make sure to preserve the origial mtu assignment: - If port_dev is not the same type as dev, dev takes mtu from port_dev - If port_dev is the same type as dev, port_dev takes mtu from dev This is done by adding a conditional before the call to dev_set_mtu to prevent it from assigning port_dev->mtu = dev->mtu and instead letting team_dev_type_check_change assign dev->mtu = port_dev->mtu. The conditional is needed because the patch moves the call to team_dev_type_check_change past dev_set_mtu. Testing: - team device driver in-tree selftests - Add/remove various devices as slaves of team device - syzbot

[CVE-2025-45493] [Modified: 05-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function.

[CVE-2025-50526] [Modified: 02-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switch_status function.

[CVE-2025-65865] [Modified: 06-01-2026] [Analyzed] [V3.1 S7.5:HIGH] An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input.

[CVE-2025-67108] [Modified: 02-01-2026] [Analyzed] [V3.1 S10.0:CRITICAL] eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections.

[CVE-2025-67109] [Modified: 06-01-2026] [Analyzed] [V3.1 S10.0:CRITICAL] Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.

[CVE-2025-67111] [Modified: 06-01-2026] [Analyzed] [V3.1 S7.5:HIGH] An integer overflow in the RTPS protocol implementation of OpenDDS DDS before v3.33.0 allows attackers to cause a Denial of Service (DoS) via a crafted message.

[CVE-2024-57521] [Modified: 06-01-2026] [Analyzed] [V3.1 S10.0:CRITICAL] SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java.

[CVE-2025-29228] [Modified: 06-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter.

[CVE-2025-29229] [Modified: 06-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] linksys E5600 V1.1.0.26 is vulnerable to command injection in the function ddnsStatus.

[CVE-2025-33222] [Modified: 15-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.

[CVE-2025-33223] [Modified: 15-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.

[CVE-2025-33224] [Modified: 15-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.

[CVE-2025-65410] [Modified: 06-01-2026] [Analyzed] [V3.1 S6.2:MEDIUM] A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted input into the filename parameter.

[CVE-2025-65713] [Modified: 06-01-2026] [Analyzed] [V3.1 S4.0:MEDIUM] Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability.

[CVE-2025-51511] [Modified: 06-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads.

[CVE-2025-25364] [Modified: 06-01-2026] [Analyzed] [V3.1 S8.4:HIGH] A command injection vulnerability in the me.connectify.SMJobBlessHelper XPC service of Speedify VPN up to v15.0.0 allows attackers to execute arbitrary commands with root-level privileges.

[CVE-2021-47716] [Modified: 31-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CS_message', and 'name' to execute arbitrary JavaScript code in victim's browsers by submitting crafted payloads through application endpoints.