[10/04/2026 02:00] Após quatro votos por eleições indiretas, STF suspendeu julgamento sobre sucessão no Rio; entenda situação no estado - G1

[10/04/2026 08:53] Governo firma acordo com agência dos EUA para combate ao tráfico de armas e drogas - G1

[10/04/2026 10:26] Exército prende militares condenados por trama golpista - Correio Braziliense

[10/04/2026 09:34] Vídeo mostra o momento da explosão de cofre durante ataque a banco em MG - Estado de Minas

[10/04/2026 07:38] O "sonho de consumo" de Flávio para vice - O Antagonista

[09/04/2026 19:24] Quem é o senador que vai relatar o processo de sabatina de Messias - Revista Oeste

[10/04/2026 11:53] Ministro do STF, Gilmar Mendes vota pela ilegalidade do fim das cotas raciais em SC - NSC Total

[10/04/2026 11:25] Racha no PL: senador Jorge Seif rebate Nikolas e cobra 'olho no olho' - Estado de Minas

[09/04/2026 21:50] Em palestra no Fórum da Liberdade, ex-ministro Paulo Guedes defende "desamarrar" o Brasil - GZH

[10/04/2026 12:54] 'Só estão vivos hoje para negociar': Trump faz nova ameaça se diálogo falhar, enquanto Irã impõe condições para negociar - G1

[CVE-2024-40593] [Modified: 12-12-2025] [Analyzed] [V3.1 S6.0:MEDIUM] A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiOS 7.6.0, FortiOS 7.4.4, FortiOS 7.2.7, FortiOS 7.0.14, FortiPortal 6.0 all versions may allow an authenticated admin to retrieve a certificate's private key via the device's admin shell.

[CVE-2025-14265] [Modified: 16-01-2026] [Analyzed] [V3.1 S9.1:CRITICAL] In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of custom code on the server or unauthorized access to application configuration data. This issue affects only the ScreenConnect server component; host and guest clients are not impacted. ScreenConnect 25.8 introduces enhanced server-side configuration handling and integrity checks to ensure only trusted extensions can be installed.

[CVE-2025-14519] [Modified: 06-01-2026] [Analyzed] [V3.1 S3.5:LOW] A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component advtext Module. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be exploited. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-14520] [Modified: 09-01-2026] [Analyzed] [V3.1 S5.4:MEDIUM] A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. This product adopts a rolling release strategy to maintain continuous delivery The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-14521] [Modified: 09-01-2026] [Analyzed] [V3.1 S4.3:MEDIUM] A security vulnerability has been detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The affected element is an unknown function of the file /admin/index.php/datafile/download. Such manipulation of the argument filename leads to path traversal. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-14522] [Modified: 09-01-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/upload_json.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-55307] [Modified: 06-01-2026] [Analyzed] [V3.1 S3.3:LOW] An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query() with a crafted cDIPath parameter (e.g., "/") may cause an out-of-bounds read in internal path-parsing logic, potentially leading to information disclosure or memory corruption.

[CVE-2025-55308] [Modified: 06-01-2026] [Analyzed] [V3.1 S6.7:MEDIUM] An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. A crafted PDF containing JavaScript that calls closeDoc() while internal objects are still in use can cause premature release of these objects. This use-after-free vulnerability may lead to memory corruption, potentially resulting in information disclosure when the PDF is opened.

[CVE-2025-55309] [Modified: 06-01-2026] [Analyzed] [V3.1 S6.7:MEDIUM] An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destroys an annotation. During user right-click interaction, the program's internal focus change handling prematurely releases the annotation object, resulting in a use-after-free vulnerability that may cause memory corruption or application crashes.

[CVE-2025-55310] [Modified: 18-12-2025] [Analyzed] [V3.1 S7.3:HIGH] An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. An attacker able to alter or replace the static HTML files used by the StartPage feature can cause the application to load malicious or compromised content upon startup. This may result in information disclosure, unauthorized data access, or other security impacts.

[CVE-2025-55312] [Modified: 18-12-2025] [Analyzed] [V3.1 S7.8:HIGH] An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code.

[CVE-2025-55313] [Modified: 18-12-2025] [Analyzed] [V3.1 S7.8:HIGH] An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely large value to a form field's charLimit property via JavaScript. This can result in memory corruption and may allow an attacker to execute arbitrary code by persuading a user to open a malicious file.

[CVE-2025-55314] [Modified: 18-12-2025] [Analyzed] [V3.1 S7.8:HIGH] An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code.

[CVE-2025-59802] [Modified: 18-12-2025] [Analyzed] [V3.1 S7.5:HIGH] Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamically change the visibility of OCG content after signing (Post-Sign), allowing the visual content of a signed PDF to be modified without invalidating the signature. This may result in a mismatch between the signed content and what the signer or verifier sees, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.

[CVE-2025-59803] [Modified: 15-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the triggers modify content on other pages or optional content layers without explicit warning. This can cause the signed PDF to differ from what the signer saw, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.

[CVE-2025-67739] [Modified: 23-12-2025] [Analyzed] [V3.1 S3.1:LOW] In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure

[CVE-2025-67740] [Modified: 15-12-2025] [Analyzed] [V3.1 S2.7:LOW] In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata

[CVE-2025-67741] [Modified: 15-12-2025] [Analyzed] [V3.1 S4.6:MEDIUM] In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute

[CVE-2025-67742] [Modified: 15-12-2025] [Analyzed] [V3.1 S3.8:LOW] In JetBrains TeamCity before 2025.11 path traversal was possible via file upload

[CVE-2024-8273] [Modified: 19-02-2026] [Analyzed] [V3.1 S8.8:HIGH] Authentication Bypass by Spoofing vulnerability in HYPR Server allows Identity Spoofing.This issue affects Server: before 10.1.