[12/02/2026 12:12] Após morte em piscina, sócios atribuem erro a manobrista de academia em SP - CNN Brasil

[12/02/2026 00:19] ‘Toffolão’ é um escândalo, diz senador, sobre apuração da PF - Revista Oeste

[12/02/2026 13:14] Justiça suspende regras de escolas cívico-militares de Tarcísio e proíbe que PMs deem aulas em SP - G1

[12/02/2026 11:19] Com vocês, o Supremo que condenou Bolsonaro! - Gazeta do Povo

[12/02/2026 06:28] Senado da Argentina aprova reforma trabalhista de Milei - Jovem Pan

[12/02/2026 05:49] Por que Rússia tentou 'bloquear completamente' WhatsApp no país - BBC

[12/02/2026 11:35] Ataque a padaria: suspeito foi trabalhar após matar três, diz testemunha - Rádio Itatiaia

[12/02/2026 16:46] Frente fria quebrará sequência de dias de forte calor com chuva e temporais - MetSul Meteorologia

[12/02/2026 04:00] Mãe de adolescente indiciado por morte de Orelha diz que família precisa 'se defender até do inimaginável' - Folha de S.Paulo

[11/02/2026 20:12] Alckmin cogita deixar a vida pública caso perca vaga de vice em chapa presidencial - Brasil 247

[CVE-2025-62371] [Modified: 04-12-2025] [Analyzed] [V3.1 S7.4:HIGH] OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided. Prior to this fix, the OpenSearch sink and source plugins would automatically use a trust all SSL strategy when connecting to OpenSearch clusters if no certificate path was explicitly configured. This behavior bypasses SSL certificate validation, potentially allowing attackers to intercept and modify data in transit through man-in-the-middle attacks. The vulnerability affects connections to OpenSearch when the cert parameter is not explicitly provided. This issue has been patched in version 2.12.2. As a workaround, users can add the cert parameter to their OpenSearch sink or source configuration with the path to the cluster's CA certificate.

[CVE-2025-11832] [Modified: 07-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access Technology BLU-IC4 allows Flooding.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

[CVE-2025-11619] [Modified: 03-12-2025] [Analyzed] [V3.1 S8.8:HIGH] Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept traffic.

[CVE-2025-43281] [Modified: 16-10-2025] [Analyzed] [V3.1 S8.4:HIGH] The issue was addressed with improved authentication. This issue is fixed in macOS Sequoia 15.6. A local attacker may be able to elevate their privileges.

[CVE-2025-43282] [Modified: 16-10-2025] [Analyzed] [V3.1 S5.5:MEDIUM] A double free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, watchOS 11.6, tvOS 18.6, visionOS 2.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7, iPadOS 17.7.9. An app may be able to cause unexpected system termination.

[CVE-2025-43313] [Modified: 16-10-2025] [Analyzed] [V3.1 S5.5:MEDIUM] A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.7.7, macOS Sonoma 14.7.7, macOS Sequoia 15.6. An app may be able to access sensitive user data.

[CVE-2025-62579] [Modified: 28-10-2025] [Analyzed] [V3.1 S7.8:HIGH] ASDA-Soft Stack-based Buffer Overflow Vulnerability

[CVE-2025-62580] [Modified: 28-10-2025] [Analyzed] [V3.1 S7.8:HIGH] ASDA-Soft Stack-based Buffer Overflow Vulnerability

[CVE-2025-0274] [Modified: 21-10-2025] [Analyzed] [V3.1 S5.3:MEDIUM] HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.

[CVE-2025-0275] [Modified: 21-10-2025] [Analyzed] [V3.1 S5.3:MEDIUM] HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.

[CVE-2025-55084] [Modified: 21-10-2025] [Analyzed] [V3.1 S5.3:MEDIUM] In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field.

[CVE-2025-55089] [Modified: 20-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a crafted sequence of packets

[CVE-2025-55090] [Modified: 21-10-2025] [Analyzed] [V3.1 S6.5:MEDIUM] In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet.

[CVE-2025-62583] [Modified: 21-10-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.

[CVE-2025-62584] [Modified: 21-10-2025] [Analyzed] [V3.1 S7.5:HIGH] Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment.

[CVE-2025-62585] [Modified: 21-10-2025] [Analyzed] [V3.1 S7.5:HIGH] Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.

[CVE-2025-41018] [Modified: 21-10-2025] [Analyzed] [V3.1 S9.8:CRITICAL] SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'.

[CVE-2025-41020] [Modified: 21-10-2025] [Analyzed] [V3.1 S7.5:HIGH] Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticket_a4.php'.

[CVE-2025-41021] [Modified: 21-10-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Stored Cross-Site Scripting (XSS) in Sergestec's Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'obs' parameter in '/admin/index.php?action=product_update'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.

[CVE-2025-55091] [Modified: 21-10-2025] [Analyzed] [V3.1 S6.5:MEDIUM] In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data.