[08/04/2026 08:16] Estreito de Ormuz volta a ter movimentação intensa após trégua; VEJA - G1

[08/04/2026 11:06] "Centenas de mortos e feridos" no Líbano em ataque israelense, diz governo - CNN Brasil

[08/04/2026 11:35] Lula diz que caso Master afeta a imagem do STF e revela conversa com Moraes: 'Não permita que Vorcaro jogue fora sua biografia' - oglobo.globo.com

[08/04/2026 12:26] Irã empareda Israel por ataques ao Líbano e pode abandonar cessar-fogo - Brasil 247

[08/04/2026 07:24] EUA e Irã declaram vitória em trégua de duas semanas - Correio do Povo

[08/04/2026 13:25] Lula x Flávio: a nova pesquisa CNT/MDA sobre a disputa pela Presidência - CartaCapital

[08/04/2026 14:15] 'Não decidi se vou ser candidato ainda', diz Lula - Valor Econômico

[08/04/2026 13:03] Polícia Civil prende enfermeira por venda ilegal de canetas emagrecedoras em Casa Branca - Portal da Cidade - Casa Branca / SP

[08/04/2026 13:53] Polícia prende universitário suspeito de estuprar adolescente durante encontro em bar em Botafogo - G1

[08/04/2026 04:10] STF decide hoje se eleição no RJ será direta ou indireta - CNN Brasil

[CVE-2024-56464] [Modified: 15-12-2025] [Analyzed] [V3.1 S2.7:LOW] IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update.

[CVE-2025-10573] [Modified: 11-12-2025] [Analyzed] [V3.1 S9.6:CRITICAL] Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.

[CVE-2025-12381] [Modified: 17-12-2025] [Analyzed] [V3.1 S7.8:HIGH] Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file.  This issue affects Firewall Analyzer: A33.0, A33.10.

[CVE-2025-12558] [Modified: 11-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via the 'get_attachment_sizes' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the path and meta data of private attachments, which can be used to view the attachments.

[CVE-2025-13428] [Modified: 03-02-2026] [Analyzed] [V3.1 S7.2:HIGH] A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution (RCE) in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containing a malicious setup.py file, which would execute on the server during the installation process, leading to potential server compromise. No customer action is required. All customers have been automatically upgraded to the fixed version: 6.3.64 or higher.

[CVE-2025-13659] [Modified: 11-12-2025] [Analyzed] [V3.1 S8.8:HIGH] Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.

[CVE-2025-13661] [Modified: 11-12-2025] [Analyzed] [V3.1 S7.1:HIGH] Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required.

[CVE-2025-13662] [Modified: 11-12-2025] [Analyzed] [V3.1 S7.8:HIGH] Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required.

[CVE-2025-14284] [Modified: 31-12-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting (XSS) due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript code in the context of the application by injecting a javascript: URL payload into these attributes, which is then triggered either by user interaction.

[CVE-2025-14286] [Modified: 11-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-14307] [Modified: 05-01-2026] [Analyzed] [V3.1 S8.1:HIGH] An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.

[CVE-2025-14308] [Modified: 05-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the data length, leading to potential unauthorized code execution.

[CVE-2025-14322] [Modified: 10-12-2025] [Analyzed] [V3.1 S8.0:HIGH] Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

[CVE-2025-14323] [Modified: 10-12-2025] [Analyzed] [V3.1 S8.8:HIGH] Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

[CVE-2025-14328] [Modified: 10-12-2025] [Analyzed] [V3.1 S8.8:HIGH] Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

[CVE-2025-14329] [Modified: 10-12-2025] [Analyzed] [V3.1 S8.8:HIGH] Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

[CVE-2025-14331] [Modified: 10-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

[CVE-2025-14332] [Modified: 10-12-2025] [Analyzed] [V3.1 S7.3:HIGH] Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146 and Thunderbird < 146.

[CVE-2025-14345] [Modified: 11-12-2025] [Analyzed] [V3.1 S4.2:MEDIUM] A post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short period of time. This error can cause the transaction coordination logic to misinterpret the transaction as committed, resulting in inconsistent state on those shards. This may lead to low integrity and availability impact. This issue impacts MongoDB Server v8.0 versions prior to 8.0.16, MongoDB Server v7.0 versions prior to 7.0.26 and MongoDB server v8.2 versions prior to 8.2.2.

[CVE-2025-40806] [Modified: 02-01-2026] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack with valid users.