[05/03/2026 08:22] Irã lança ataque contra múltiplos alvos na região e Europa amplia esforços de defesa em 6º dia de guerra - O Globo

[05/03/2026 02:51] Irã nega ter disparado míssil em direção à Turquia e afirma respeitar a soberania do país - G1

[04/03/2026 13:51] Gleisi: operação da PF contra Vorcaro expõe corrupção de Bolsonaro e Campos Neto - Brasil 247

[04/03/2026 10:05] EUA estão vencendo a guerra contra o Irã, diz secretário de Trump - G1

[04/03/2026 20:08] Aumento gradual da licença-paternidade vai à sanção presidencial - Senado Federal

[05/03/2026 08:42] CNJ aposenta juiz que teve 'relação íntima' com advogado de facção e não declarou suspeição - O Globo

[04/03/2026 22:01] Veja a lista dos deputados que votaram contra a PEC da Segurança Pública - CartaCapital

[05/03/2026 07:54] Prisão de José Dumont, 75 anos: revelados detalhes chocantes e nojentos de abuso sexual do ator da novela 'Terra Nostra' contra menor de idade - purepeople.com.br

[04/03/2026 21:14] Israel ataca alvos do Hezbollah em Beirute - CNN Brasil

[05/03/2026 10:40] Ex-militar dos EUA tem braço quebrado após protestar contra guerra no Irã - CNN Brasil

[CVE-2025-20289] [Modified: 19-11-2025] [Analyzed] [V3.1 S4.8:MEDIUM] Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have at least a low-privileged account on the affected device.

[CVE-2025-20303] [Modified: 19-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have at least a low-privileged account on the affected device.

[CVE-2025-20304] [Modified: 19-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have at least a low-privileged account on the affected device.

[CVE-2025-20305] [Modified: 19-11-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because certain files lack proper data protection mechanisms. An attacker with read-only Administrator privileges could exploit this vulnerability by performing actions where the results should only be viewable to a high-privileged user. A successful exploit could allow the attacker to view passwords that are normally not visible to read-only administrators.

[CVE-2025-20343] [Modified: 19-11-2025] [Analyzed] [V3.1 S8.6:HIGH] A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause Cisco ISE to restart unexpectedly. This vulnerability is due to a logic error when processing a RADIUS access request for a MAC address that is already a rejected endpoint. An attacker could exploit this vulnerability by sending a specific sequence of multiple crafted RADIUS access request messages to Cisco ISE. A successful exploit could allow the attacker to cause a denial of service (DoS) condition when Cisco ISE restarts.

[CVE-2025-20354] [Modified: 07-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper authentication mechanisms that are associated to specific Cisco Unified CCX features. An attacker could exploit this vulnerability by uploading a crafted file to an affected system through the Java RMI process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.

[CVE-2025-20358] [Modified: 07-11-2025] [Analyzed] [V3.1 S9.4:CRITICAL] A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authentication mechanisms in the communication between the CCX Editor and an affected Unified CCX server. An attacker could exploit this vulnerability by redirecting the authentication flow to a malicious server and tricking the CCX Editor into believing the authentication was successful. A successful exploit could allow the attacker to create and execute arbitrary scripts on the underlying operating system of an affected Unified CCX server, as an internal non-root user account.

[CVE-2025-20374] [Modified: 17-11-2025] [Analyzed] [V3.1 S4.9:MEDIUM] A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by sending a crafted request to the web UI. A successful exploit could allow the attacker to gain read access to arbitrary files on the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials.

[CVE-2025-20375] [Modified: 17-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by uploading a crafted file to the web UI. A successful exploit could allow the attacker to upload arbitrary files to a vulnerable system and execute them, gaining access to the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials.

[CVE-2025-20376] [Modified: 17-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker could exploit this vulnerability by uploading a malicious file to the web UI and executing it. A successful exploit could allow the attacker to execute arbitrary commands on the underlying system and elevate privileges to root. To exploit this vulnerability, the attacker must have valid administrative credentials.

[CVE-2025-30479] [Modified: 07-11-2025] [Analyzed] [V3.1 S8.4:HIGH] Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system.

[CVE-2025-43990] [Modified: 21-01-2026] [Analyzed] [V3.1 S7.3:HIGH] Dell Command Monitor (DCM), versions prior to 10.12.3.28, contains an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

[CVE-2025-45378] [Modified: 07-11-2025] [Analyzed] [V3.1 S9.1:CRITICAL] Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh is enabled with web credentials of server, attack is possible through network with known privileged user/password.

[CVE-2025-45379] [Modified: 07-11-2025] [Analyzed] [V3.1 S8.4:HIGH] Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system.

[CVE-2025-46364] [Modified: 07-11-2025] [Analyzed] [V3.1 S9.1:CRITICAL] Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system.

[CVE-2025-46365] [Modified: 07-11-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to cause Command Injection on an affected Dell CloudLink.

[CVE-2025-46366] [Modified: 07-11-2025] [Analyzed] [V3.1 S6.7:MEDIUM] Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel privilege escalation or access to the database to obtain confidential information.

[CVE-2025-46424] [Modified: 07-11-2025] [Analyzed] [V3.1 S6.7:MEDIUM] Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implementation vulnerability. A high privileged attacker could potentially exploit this vulnerability leading to Denial of service.

[CVE-2025-57244] [Modified: 07-11-2025] [Analyzed] [V3.1 S5.4:MEDIUM] OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting (XSS) in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tags, by passing frontend validation.

[CVE-2025-59716] [Modified: 07-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/{email}/{token} endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user rather than a non-existent user.