[03/03/2026 12:32] Gonet autoriza pagamentos de penduricalhos retroativos até R$ 46.000 - Poder360

[03/03/2026 11:46] Sessão da CPI do Crime Organizado é cancelada depois de decisão do STF - Revista Oeste

[02/03/2026 15:18] Espanha, o único país europeu a dizer ‘não’ a Trump - CartaCapital

[03/03/2026 06:20] Irã ataca embaixada dos EUA na Arábia Saudita; Israel avança no Líbano - CartaCapital

[03/03/2026 12:08] Líderes europeus tomam medidas depois de ataques do Irã - Revista Oeste

[03/03/2026 09:00] Guerra no Irã: como Rússia e China se movimentam e calculam perdas e ganhos no atual conflito? - BBC

[03/03/2026 12:10] Dino libera exibição de documentário sobre denúncias a grupo católico e afirma que censura prévia é 'inadmissível' - Revista Oeste

[03/03/2026 12:01] Fuvest divulga primeira lista de espera do vestibular 2026 - G1

[02/03/2026 13:59] Escritor Augusto Cury diz que pretende concorrer à Presidência: 'tenho conversado com partidos' - Valor Econômico

[03/03/2026 04:01] Lula se encontra com Alckmin e Haddad nesta terça em SP e pode bater martelo sobre candidaturas - G1

[CVE-2025-8558] [Modified: 07-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents the server from receiving new events from affected agents, resulting in a partial loss of integrity and availability with no impact to confidentiality.

[CVE-2025-12531] [Modified: 05-11-2025] [Analyzed] [V3.1 S7.1:HIGH] IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

[CVE-2025-12642] [Modified: 12-11-2025] [Analyzed] [V3.1 S9.1:CRITICAL] lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: * Bypass access control rules * Inject unsafe input into backend logic that trusts request headers * Execute HTTP Request Smuggling attacks under some conditions This issue affects lighttpd1.4.80

[CVE-2025-50735] [Modified: 05-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints.

[CVE-2025-63593] [Modified: 07-11-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Grav CMS1.7.49.5 is vulnerable to Cross Site Scripting (XSS).

[CVE-2025-12657] [Modified: 12-12-2025] [Analyzed] [V3.1 S5.0:MEDIUM] The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.

[CVE-2025-63293] [Modified: 14-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API.

[CVE-2021-47698] [Modified: 07-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Nagios XI versions prior to 5.8.7 using embedded Nagios Core are vulnerable to cross-site scripting (XSS) via the Core UI’s Views URL handling (escape_string()). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.

[CVE-2024-13997] [Modified: 06-11-2025] [Analyzed] [V3.1 S7.2:HIGH] Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an authenticated administrator could leverage the Migrate Server feature to obtain root privileges on the underlying XI host. By abusing the migration workflow, an admin-level attacker could execute actions outside the intended security scope of the application, resulting in full control of the operating system.

[CVE-2024-13998] [Modified: 06-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse of API privileges, or offline cracking attempts. CVE-2024-13995 addresses a similar vulnerability with a potentially incomplete fix for the underlying problem in earlier versions.

[CVE-2025-36172] [Modified: 05-11-2025] [Analyzed] [V3.1 S6.4:MEDIUM] IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 001, 24.0.1 through 24.0.1 Interim Fix 004, 24.0.0 through 24.0.0 Interim Fix 006, and earlier unsupported releases IBM Business Automation Workflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

[CVE-2025-35021] [Modified: 13-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from there, relay connections.

[CVE-2025-46556] [Modified: 07-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.27.1 and below allow attackers to permanently corrupt issue activity logs by submitting extremely long notes (tested with 4,788,761 characters) due to a lack of server-side validation of note length. Once such a note is added, the activity stream UI fails to render; therefore, new notes cannot be displayed, effectively breaking all future collaboration on the issue. This issue is fixed in version 2.27.2.

[CVE-2025-43288] [Modified: 04-11-2025] [Analyzed] [V3.1 S5.5:MEDIUM] This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.7. An app may be able to bypass Privacy preferences.

[CVE-2025-43309] [Modified: 04-11-2025] [Analyzed] [V3.1 S2.4:LOW] A logic issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.

[CVE-2025-43323] [Modified: 04-11-2025] [Analyzed] [V3.1 S8.1:HIGH] This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 26, tvOS 26, iOS 26 and iPadOS 26, watchOS 26. An app may be able to fingerprint the user.

[CVE-2025-43345] [Modified: 04-11-2025] [Analyzed] [V3.1 S5.5:MEDIUM] A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, watchOS 26, macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7, visionOS 26, iOS 18.7 and iPadOS 18.7. An app may be able to access sensitive user data.

[CVE-2025-43361] [Modified: 04-11-2025] [Analyzed] [V3.1 S7.8:HIGH] An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 26, watchOS 26, iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, visionOS 26. A malicious app may be able to read kernel memory.

[CVE-2025-43364] [Modified: 04-11-2025] [Analyzed] [V3.1 S7.8:HIGH] A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to break out of its sandbox.

[CVE-2025-43419] [Modified: 05-11-2025] [Analyzed] [V3.1 S8.8:HIGH] The issue was addressed with improved memory handling. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26. Processing maliciously crafted web content may lead to memory corruption.