Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-5w52-96jj-fv59: Jenkins Cadence vManager Plugin Vulnerable to Cross-Site Request Forgery

A cross-site request forgery (CSRF) vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.

ghsa
Open in Source
#csrf#vulnerability#auth
GHSA-rf73-97j8-9vqh: Jenkins Cadence vManager Plugin is Missing Permission Checks

Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.

GHSA-cp9r-g575-xc5f: Jenkins DingTalk Plugin Unconditionally Disables SSL/TLS Certificate and Hostname Validation

Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks.

GHSA-xrpq-4g9w-qrwj: Jenkins Health Advisor by CloudBees Plugin Vulnerable to Cross-Site Scripting

Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses.

GHSA-pwm3-776c-8q7q: BoniGarcia WebDriverManager Affected By Improper Restriction of XML External Entity Reference

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java. This issue affects webdrivermanager: from 1.0.0 before 6.1.0.

Google to pay $1.38 billion over privacy violations

The state of Texas reached a mammoth financial agreement with Google last week, securing $1.375 billion in payments to settle two lawsuits concerning the use of consumers' data.

Android users bombarded with unskippable ads

The Kaleidoscope ad fraud network uses a combination of legitimate and malicious apps, according to researchers.

The Internet’s Biggest-Ever Black Market Just Shut Down Amid a Telegram Purge

Following a WIRED inquiry, Telegram banned thousands of accounts used for crypto-scam money laundering, including those of Haowang Guarantee, a black market that enabled over $27 billion in transactions.

RaaS Explained: How Cybercriminals Are Scaling Attacks Like Startups

There is a lot of money in cyberattacks like ransomware, and unfortunately for organizations of all sizes, the…

Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit

Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8), has been described as a path traversal flaw. "Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to