diff --git a/api/routes/wp-monitor.ts b/api/routes/wp-monitor.ts
index 2f35c48..e8f1d6c 100755
--- a/api/routes/wp-monitor.ts
+++ b/api/routes/wp-monitor.ts
@@ -58,9 +58,10 @@ router.get('/', validateApiKey, async (req: Request, res: Response) => {
       total: result.length,
       timestamp: new Date().toISOString()
     })
-  } catch (error) {
-    console.error('WP Monitor GET error:', error)
-    res.status(500).json({ error: 'Database error', message: (error as Error).message })
+  } catch (error: unknown) {
+    const message = error instanceof Error ? error.message : 'Unknown error'
+    console.error('WP Monitor GET error:', message)
+    res.status(500).json({ error: 'Database error', message })
   }
 })
 
@@ -105,9 +106,10 @@ router.post('/', validateApiKey, validateRequest(wpMonitorSchema), async (req: R
       status,
       timestamp: new Date().toISOString()
     })
-  } catch (error) {
-    console.error('WP Monitor POST error:', error)
-    res.status(500).json({ error: 'Database error', message: (error as Error).message })
+  } catch (error: unknown) {
+    const message = error instanceof Error ? error.message : 'Unknown error'
+    console.error('WP Monitor POST error:', message)
+    res.status(500).json({ error: 'Database error', message })
   }
 })
 
diff --git a/api/services/server-metrics.ts b/api/services/server-metrics.ts
index 2ce53d4..1f7e4aa 100755
--- a/api/services/server-metrics.ts
+++ b/api/services/server-metrics.ts
@@ -136,13 +136,15 @@ function executeSSH(server: SSHServer, command: string): Promise<string> {
       readyTimeout: 15000,
       algorithms: {
         kex: [
+          // Algoritmos modernos (Vulnerabilidade 3.6)
+          'curve25519-sha256',
+          'curve25519-sha256@libssh.org',
           'ecdh-sha2-nistp256',
           'ecdh-sha2-nistp384',
           'ecdh-sha2-nistp521',
           'diffie-hellman-group-exchange-sha256',
-          'diffie-hellman-group14-sha256',
-          'diffie-hellman-group14-sha1',
-          'diffie-hellman-group1-sha1'
+          'diffie-hellman-group14-sha256'
+          // REMOVIDOS (inseguros): diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
         ]
       }
     })
diff --git a/src/App.tsx b/src/App.tsx
index b59d436..f2fe08f 100644
--- a/src/App.tsx
+++ b/src/App.tsx
@@ -4,6 +4,7 @@ import {
   Calendar,
   CalendarDays,
   AlertTriangle,
+  AlertCircle,
   Clock,
   Zap,
   RefreshCw,
@@ -420,6 +421,7 @@ function App() {
   const [data, setData] = useState<DashboardData | null>(null)
   const [loading, setLoading] = useState(true)
   const [refreshing, setRefreshing] = useState(false)
+  const [error, setError] = useState<string | null>(null)
   const [mobileMenuOpen, setMobileMenuOpen] = useState(false)
 
   const fetchData = useCallback(async () => {
@@ -431,7 +433,13 @@ function App() {
       setData(json)
     } catch (error) {
       console.error('Failed to fetch dashboard data:', error)
-      setData(getMockData())
+
+      // Mock data apenas em desenvolvimento (Vulnerabilidade 3.2)
+      if (import.meta.env.DEV) {
+        setData(getMockData())
+      } else {
+        setError('Não foi possível carregar os dados. Tente novamente.')
+      }
     } finally {
       setLoading(false)
       setRefreshing(false)
@@ -470,6 +478,35 @@ function App() {
     )
   }
 
+  // Error state (Vulnerabilidade 3.2)
+  if (error) {
+    return (
+      <div className="min-h-screen bg-mesh flex items-center justify-center">
+        <motion.div
+          initial={{ opacity: 0, y: 20 }}
+          animate={{ opacity: 1, y: 0 }}
+          className="text-center max-w-md mx-auto px-6"
+        >
+          <div className="w-20 h-20 rounded-2xl bg-red-500/10 flex items-center justify-center mx-auto mb-6 border border-red-500/20">
+            <AlertCircle className="w-10 h-10 text-red-500" />
+          </div>
+          <h2 className="text-xl font-semibold text-white mb-2">Erro ao Carregar</h2>
+          <p className="text-zinc-400 mb-6">{error}</p>
+          <button
+            onClick={() => {
+              setError(null)
+              setLoading(true)
+              fetchData()
+            }}
+            className="px-6 py-3 bg-brand-500 hover:bg-brand-600 text-white rounded-xl transition-colors"
+          >
+            Tentar Novamente
+          </button>
+        </motion.div>
+      </div>
+    )
+  }
+
   if (!data) return null
 
   return (