[09/04/2026 10:45] Governo calcula que R$ 7 bilhões do FGTS podem ser liberados a 10 milhões de pessoas para pagamento de dívidas, diz ministro - G1

[09/04/2026 10:02] Espaço aéreo de SP é fechado após falha elétrica em controle de tráfego - CNN Brasil

[09/04/2026 06:25] Trump expõe condições e ministro iraniano acusa violações a cessar-fogo firmado com os EUA; o que acontece no conflito - BBC

[09/04/2026 12:12] Cármen Lúcia antecipa saída do TSE e marca eleição de Nunes Marques para semana que vem - O Globo

[09/04/2026 12:02] Edegar Pretto desiste da disputa ao governo gaúcho e abre caminho para aliança entre PT e PDT - CartaCapital

[08/04/2026 15:07] 'O Rio de Janeiro virou Gotham City', diz advogado do PSD em julgamento no STF que definirá se eleição no Rio será direta ou indireta - O Globo

[09/04/2026 12:24] Funcionário mata chefe após advertência; município mineiro decreta luto - Estado de Minas

[08/04/2026 19:27] Cão Hulk ajudou a encontrar 48 toneladas de drogas no Complexo da Maré (RJ) - CNN Brasil

[09/04/2026 10:48] Casal sai para fumar e sente o cheiro da morte em MG - Estado de Minas

[09/04/2026 13:00] Escritório da esposa de Alexandre de Moraes lidera repasses milionários do Banco Master - NSC Total

[CVE-2025-34392] [Modified: 23-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload.

[CVE-2025-34393] [Modified: 23-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary methods or deserialization of untrusted types.

[CVE-2025-34394] [Modified: 23-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution.

[CVE-2025-34395] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.5:HIGH] Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can invoke a method vulnerable to path traversal to read arbitrary files. This vulnerability can be escalated to remote code execution by retrieving the .NET machine keys.

[CVE-2025-34410] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.1:HIGH] 1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the Change Username functionality available from the settings panel (/settings/panel). The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a username-change request; when a victim visits the page while authenticated, the browser includes valid session cookies and the request succeeds. This allows an attacker to change the victim’s 1Panel username without consent. After the change, the victim is logged out and unable to log in with the previous username, resulting in account lockout and denial of service.

[CVE-2025-34416] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.8:HIGH] MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPO.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIPO.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process.

[CVE-2025-34417] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.8:HIGH] MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISO.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAISO.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process.

[CVE-2025-34418] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.8:HIGH] MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIMF.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIMF.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process.

[CVE-2025-34419] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.8:HIGH] MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISM.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAISM.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process.

[CVE-2025-34420] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.8:HIGH] MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAM.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIAM.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.

[CVE-2025-34421] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.8:HIGH] MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISP.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAISP.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.

[CVE-2025-34422] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.8:HIGH] MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPC.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIPC.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.

[CVE-2025-34423] [Modified: 23-12-2025] [Analyzed] [V3.1 S7.8:HIGH] MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAU.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIAU.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.

[CVE-2025-34424] [Modified: 17-12-2025] [Analyzed] [V3.1 S7.8:HIGH] MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIDP.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIDP.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.

[CVE-2025-65803] [Modified: 17-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] An integer overflow in the psdParser::ReadImageData function of FreeImage v3.18.0 and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted PSD file.

[CVE-2025-65807] [Modified: 17-12-2025] [Analyzed] [V3.1 S8.4:HIGH] An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command.

[CVE-2025-52493] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] PagerDuty Runbook through 2025-06-12 exposes stored secrets directly in the webpage DOM at the configuration page. Although these secrets appear masked as password fields, the actual secret values are present in the page source and can be revealed by simply modifying the input field type from "password" to "text" using browser developer tools. This vulnerability is exploitable by administrative users who have access to the configuration page.

[CVE-2025-65792] [Modified: 17-12-2025] [Analyzed] [V3.1 S9.1:CRITICAL] DataGear v5.5.0 is vulnerable to Arbitrary File Deletion.

[CVE-2025-65814] [Modified: 17-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] A lack of security checks in the file import process of RHOPHI Analytics LLP Office App-Edit Word v6.4.1 allows attackers to execute a directory traversal.

[CVE-2025-65815] [Modified: 02-01-2026] [Analyzed] [V3.1 S6.5:MEDIUM] A lack of security checks in the file import process of AB TECHNOLOGY Document Reader: PDF, DOC, PPT v65.0 allows attackers to execute a directory traversal.