[06/03/2026 08:34] Rússia ajudou Irã a localizar alvos dos EUA atacados no Oriente Médio, diz jornal - G1

[06/03/2026 07:38] Frente fria com força "acima do normal" se aproxima do Brasil e terá potencial para atingir regiões do Nordeste - Brasil 247

[06/03/2026 16:37] O que se sabe sobre o caso do brasileiro morto a tiros por policiais nos EUA - CartaCapital

[05/03/2026 21:21] Bases de interceptores dos EUA são atingidas na Jordânia e EAU - CNN Brasil

[06/03/2026 12:11] Por que invasão por terra no Irã pode estar a caminho — mas não por soldados americanos ou israelenses - BBC

[06/03/2026 16:16] Governo Trump autoriza venda de ouro da Venezuela aos Estados Unidos - G1

[06/03/2026 04:30] Lula inaugura no Rio túnel que vai desafogar trânsito na Zona Oeste; saiba onde fica - Extra online

[06/03/2026 07:34] Desabamento em BH: última vítima em lar de idosos é localizada; 12 morreram - Estado de Minas

[06/03/2026 08:39] Tráfego no Estreito de Ormuz já parou quase totalmente, diz centro naval - InfoMoney

[06/03/2026 05:45] Caso Epstein: mulher diz ter sido violentada por Trump na adolescência; veja o que revelam novos documentos - O Globo

[CVE-2025-33110] [Modified: 24-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

[CVE-2025-52881] [Modified: 03-12-2025] [Analyzed] [V3.1 S7.5:HIGH] runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.

[CVE-2025-64174] [Modified: 04-02-2026] [Analyzed] [V3.1 S4.8:MEDIUM] Magento-lts is a long-term support alternative to Magento Community Edition (CE). Versions 20.15.0 and below are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin with direct database access or the admin notification feed source to inject malicious scripts into vulnerable fields. Unescaped translation strings and URLs are printed into contexts inside app/code/core/Mage/Adminhtml/Block/Notification/Grid/Renderer/Actions.php. A malicious translation or polluted data can inject script. This issue is fixed in version 20.16.0.

[CVE-2025-64326] [Modified: 04-12-2025] [Analyzed] [V3.1 S2.6:LOW] Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed in version 5.14.1.

[CVE-2025-64327] [Modified: 21-11-2025] [Analyzed] [V3.1 S5.3:MEDIUM] ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery (SSRF) vulnerability, in its `/api/ping?url= endpoint`. This allows an attacker to make arbitrary requests to internal or external hosts. This can include discovering ports open on the local machine, hosts on the local network, and ports open on the hosts on the internal network. This issue is fixed in version 0.6.8.

[CVE-2025-11205] [Modified: 13-11-2025] [Analyzed] [V3.1 S8.8:HIGH] Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

[CVE-2025-11206] [Modified: 13-11-2025] [Analyzed] [V3.1 S7.1:HIGH] Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

[CVE-2025-11207] [Modified: 13-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

[CVE-2025-11208] [Modified: 13-11-2025] [Analyzed] [V3.1 S6.3:MEDIUM] Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

[CVE-2025-11209] [Modified: 13-11-2025] [Analyzed] [V3.1 S8.2:HIGH] Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

[CVE-2025-11210] [Modified: 13-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

[CVE-2025-11211] [Modified: 13-11-2025] [Analyzed] [V3.1 S7.5:HIGH] Out of bounds read in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

[CVE-2025-11212] [Modified: 13-11-2025] [Analyzed] [V3.1 S6.3:MEDIUM] Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

[CVE-2025-11213] [Modified: 13-11-2025] [Analyzed] [V3.1 S6.3:MEDIUM] Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

[CVE-2025-11215] [Modified: 13-11-2025] [Analyzed] [V3.1 S4.3:MEDIUM] Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

[CVE-2025-11216] [Modified: 13-11-2025] [Analyzed] [V3.1 S6.3:MEDIUM] Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. (Chromium security severity: Low)

[CVE-2025-11219] [Modified: 13-11-2025] [Analyzed] [V3.1 S3.1:LOW] Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Low)

[CVE-2025-64176] [Modified: 21-11-2025] [Analyzed] [V3.1 S5.3:MEDIUM] ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, an attacker can upload any file they wish to the /data directory of the web application via the backup import feature. When importing a backup, an attacker can first choose a .zip file to bypass the client-side file-type verification. This could lead to stored XSS, or be used for other nefarious purposes such as malware distribution. This issue is fixed in version 0.6.8.

[CVE-2025-64177] [Modified: 21-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, there is a stored Cross-Site Scripting (XSS) vulnerability in the dashboard, which can exploited when a user clicks on a malicious bookmark, made vulnerable by the lack of scheme filtering. This is fixed in version 0.6.8.

[CVE-2025-11458] [Modified: 25-11-2025] [Analyzed] [V3.1 S8.1:HIGH] Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)