[20/04/2026 23:48] Quem é Marcelo Ivo, delegado da PF expulso dos EUA - Poder360

[20/04/2026 15:26] Dino defende reforma do Judiciário com penas mais rigorosas para corrupção de juízes - O Globo

[20/04/2026 10:58] Gilmar pede a inclusão de Zema no inquérito das fake news - CartaCapital

[20/04/2026 07:53] Irã confirma que não tem planos de participar de novas negociações por paz com os EUA - Correio do Povo

[20/04/2026 16:51] Desembargadora que reclamou de corte em penduricalhos tem carro de R$ 175 mil pago pelo tribunal - Metrópoles

[20/04/2026 13:02] Lula: Brasil pode se transformar na Arábia Saudita do biocombustível - CNN Brasil

[20/04/2026 18:59] Empresa propõe evacuar famílias de área atingida por queda de muro do Aeroporto - O POVO+

[20/04/2026 17:30] Sóstenes critica proposta do PT para o STF e cita 'conveniência política' - Correio Braziliense

[20/04/2026 16:44] Professor brasileiro desaparecido é achado morto em Buenos Aires - Estado de Minas

[20/04/2026 11:11] Caso Henry Borel: Monique Medeiros se entrega à polícia do RJ - Jovem Pan

[CVE-2025-12514] [Modified: 26-01-2026] [Analyzed] [V3.1 S7.2:HIGH] Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.

[CVE-2025-54890] [Modified: 26-01-2026] [Analyzed] [V3.1 S6.8:MEDIUM] Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hostgroup configuration page) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19, from 23.10.0 before 23.10.29.

[CVE-2025-8460] [Modified: 26-01-2026] [Analyzed] [V3.1 S6.8:MEDIUM] Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.

[CVE-2025-14273] [Modified: 29-12-2025] [Analyzed] [V3.1 S7.2:HIGH] Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows a valid user ID to issue authenticated GET and POST requests to the Jira server via crafted plugin payloads that spoof the user ID and inject arbitrary issue key paths. Mattermost Advisory ID: MMSA-2025-00555

[CVE-2025-67826] [Modified: 02-01-2026] [Analyzed] [V3.1 S7.7:HIGH] An issue was discovered in K7 Ultimate Security 17.0.2045. A Local Privilege Escalation (LPE) vulnerability in the K7 Ultimate Security antivirus can be exploited by a local unprivileged user on default installations of the product. Insecure access to a named pipe allows unprivileged users to edit any registry key, leading to a full compromise as SYSTEM.

[CVE-2025-67443] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting (XSS). Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel.

[CVE-2025-68333] [Modified: 26-02-2026] [Analyzed] [V3.1 S5.5:MEDIUM] In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix possible deadlock in the deferred_irq_workfn() For PREEMPT_RT=y kernels, the deferred_irq_workfn() is executed in the per-cpu irq_work/* task context and not disable-irq, if the rq returned by container_of() is current CPU's rq, the following scenarios may occur: lock(&rq->__lock); <Interrupt> lock(&rq->__lock); This commit use IRQ_WORK_INIT_HARD() to replace init_irq_work() to initialize rq->scx.deferred_irq_work, make the deferred_irq_workfn() is always invoked in hard-irq context.

[CVE-2025-65270] [Modified: 05-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] Reflected cross-site scripting (XSS) vulnerability in ClinCapture EDC 3.0 and 2.2.3, allowing an unauthenticated remote attacker to execute JavaScript code in the context of the victim's browser.

[CVE-2025-67289] [Modified: 02-01-2026] [Analyzed] [V3.1 S9.6:CRITICAL] An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file.

[CVE-2025-68645] [Modified: 23-01-2026] [Analyzed] [V3.1 S8.8:HIGH] A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.

[CVE-2024-25814] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] MyNET up to v26.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the msg parameter.

[CVE-2024-35321] [Modified: 05-01-2026] [Analyzed] [V3.1 S4.3:MEDIUM] MyNET up to v26.08 was discovered to contain a Reflected cross-site scripting (XSS) vulnerability via the msgtipo parameter.

[CVE-2025-26787] [Modified: 05-01-2026] [Analyzed] [V3.1 S4.7:MEDIUM] An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to configure Certificate access to the initial startup of the container sets a property of "allowany" to allow any user with a valid and trusted client auth certificate to connect. Admins can then set more restricted access to specific certificates. A logic error caused this admin CLI command to be run on each restart of the container instead of only the first startup as intended resetting the configuration to "allowany".

[CVE-2025-63662] [Modified: 05-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Insecure permissions in the /api/v1/agents API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access sensitive information.

[CVE-2025-63663] [Modified: 05-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Incorrect access control in the /api/v1/conversations/*/files API of GT Edge AI Platform before v2.0.10 allows unauthorized attackers to access other users' uploaded files.

[CVE-2025-63664] [Modified: 05-01-2026] [Analyzed] [V3.1 S7.5:HIGH] Incorrect access control in the /api/v1/conversations/*/messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access other users' message history with AI agents.

[CVE-2024-25812] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] MyNET up to v26.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the src parameter.

[CVE-2024-27708] [Modified: 02-01-2026] [Analyzed] [V3.1 S9.6:CRITICAL] Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter.

[CVE-2025-65790] [Modified: 05-01-2026] [Analyzed] [V3.1 S6.1:MEDIUM] A reflected cross-site scripting (XSS) vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim opens a crafted SVG containing an inline <script> element, the browser executes the attacker-controlled JavaScript.

[CVE-2025-65837] [Modified: 05-01-2026] [Analyzed] [V3.1 S5.4:MEDIUM] PublicCMS V5.202506.b is vulnerable to Cross Site Scripting (XSS) in the Content Search module.