[15/04/2026 14:40] PF aponta papel de MC Ryan e dono da Choquei em lavagem de dinheiro; veja - CNN Brasil

[15/04/2026 11:32] Governo Lula quer aplicação imediata do fim da escala 6 X 1 - Poder360

[15/04/2026 08:26] Flávio Bolsonaro tem 42%, Lula aparece com 40%, diz Quaest - Correio Braziliense

[14/04/2026 20:12] A popularidade de Lula a menos de 6 meses da eleição, segundo pesquisa MDA - CartaCapital

[15/04/2026 09:06] Irã ameaça navegação no Mar Vermelho se bloqueio dos EUA continuar - CNN Brasil

[15/04/2026 13:10] Vice de Trump diz que Papa Leão XIV deve ter 'cuidado ao falar de teologia' ao rebater críticas a ataque dos EUA ao Irã - O GLOBO

[15/04/2026 14:05] Acidente com carro da TV Band na BR-381 deixa um morto e um ferido - Estado de Minas

[15/04/2026 09:22] Orós, segundo maior açude do Ceará, volta a sangrar em 2026 - Diário do Nordeste

[15/04/2026 07:58] Drone mostra caos no Anel Rodoviário de BH em manhã de acidentes e morte - Rádio Itatiaia

[15/04/2026 09:19] Gilmar Mendes rebate Zema e aponta uso utilitarista do STF por Minas - Correio Braziliense

[CVE-2025-14432] [Modified: 18-12-2025] [Analyzed] [V3.1 S4.9:MEDIUM] In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration changes made using the provisioning server or the device WebUI.

[CVE-2025-62329] [Modified: 07-01-2026] [Analyzed] [V3.1 S5.0:MEDIUM] HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions.

[CVE-2025-64012] [Modified: 31-12-2025] [Analyzed] [V3.1 S4.3:MEDIUM] InvoicePlane commit debb446c is vulnerable to Incorrect Access Control. The invoices/view handler fails to verify ownership before returning invoice data.

[CVE-2025-65318] [Modified: 31-12-2025] [Analyzed] [V3.1 S9.1:CRITICAL] When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software.

[CVE-2025-65319] [Modified: 31-12-2025] [Analyzed] [V3.1 S9.1:CRITICAL] When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software.

[CVE-2025-65427] [Modified: 31-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] An issue was discovered in Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router on firmware version V1.0.0 does not implement rate limiting to /api/login allowing attackers to brute force password enumerations.

[CVE-2025-68162] [Modified: 18-12-2025] [Analyzed] [V3.1 S2.7:LOW] In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration

[CVE-2025-68163] [Modified: 18-12-2025] [Analyzed] [V3.1 S3.5:LOW] In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page

[CVE-2025-68164] [Modified: 18-12-2025] [Analyzed] [V3.1 S2.7:LOW] In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test

[CVE-2025-68165] [Modified: 18-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup

[CVE-2025-68166] [Modified: 18-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab

[CVE-2025-68267] [Modified: 18-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token

[CVE-2025-68268] [Modified: 18-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page

[CVE-2025-68269] [Modified: 23-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH

[CVE-2023-53894] [Modified: 21-01-2026] [Analyzed] [V3.1 S9.8:CRITICAL] phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authentication and upload malicious PHP files to the server.

[CVE-2023-53895] [Modified: 30-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account, and potentially access sensitive server-side log information and environmental variables.

[CVE-2023-53899] [Modified: 30-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode creation.

[CVE-2023-53901] [Modified: 30-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests.

[CVE-2023-53902] [Modified: 24-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Attackers can send crafted GET requests to /admin/media/delete.php with directory traversal sequences to delete files outside the intended directory.

[CVE-2023-53903] [Modified: 24-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting attacks.