Security
Headlines
HeadlinesLatestCVEs

Tag

#jira

GitGuardian Closes 2025 with Strong Enterprise Momentum, Protecting Millions of Developers Worldwide

New York, NY, 14th January 2026, CyberNewsWire

HackRead
Open in Source
#mac#git#jira
GHSA-2g22-wg49-fgv5: XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService

### Impact Anyone who has view rights on the `Calendar.JSONService` page, including guest users can exploit this vulnerability by accessing database info or starting a DoS attack. ### Workarounds Remove the `Calendar.JSONService` page. This will however break some functionalities. ### References Jira issue: * [FULLCAL-80: SQL injection through Calendar.JSONService](https://jira.xwiki.org/browse/FULLCAL-80) * [FULLCAL-81: SQL injection through Calendar.JSONService still exists](https://jira.xwiki.org/browse/FULLCAL-81) ### For more information If there are any questions or comments about this advisory: * Open an issue in [Jira XWiki.org](https://jira.xwiki.org/) * Email [Security Mailing List](mailto:security@xwiki.org)

GHSA-637h-ch24-xp9m: XWiki Full Calendar Macro vulnerable to data leak through Calendar.JSONService

### Impact Anyone who has view rights on the `Calendar.JSONService` page, including guest users can exploit this vulnerability by accessing database info, with the exception of passwords. ### Workarounds Remove the `Calendar.JSONService` page. This will however break some functionalities. ### References Jira issue: * [FULLCAL-82: Calendar.JSONService exposes emails of all users](https://jira.xwiki.org/browse/FULLCAL-82) ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki.org](https://jira.xwiki.org/) * Email us at [Security Mailing List](mailto:security@xwiki.org)

Researchers Warn of Data Exposure Risks in Claude Chrome Extension

Security experts at Zenity Labs warn that Anthropic’s new agentic browser extension, Claude in Chrome, could bypass traditional web security, exposing private data and login tokens to potential hijackers.

NordVPN Denies Breach After Hacker Claims Access to Salesforce Dev Data

A hacker using the alias 1011 has claimed to breach a NordVPN development server, posting what appears to…

Hacker Claims European Space Agency Breach, Selling 200GB of Data

A hacker using the alias 888 is claiming responsibility for a major data breach affecting the European Space…

GHSA-vww6-79rv-3j4x: Mattermost doesn't verify that post actions invoking `/share-issue-publicly` were created by the Jira plugin

Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jira tickets when victim users interacted with affected posts

GHSA-fmqf-pmcm-8cx9: Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues

Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have access to.

Development Team Augmentation: A Strategic Approach for High-Performance Teams

Scale software teams fast with development team augmentation. Learn when it works best, key models, common mistakes, and how to choose the right partner.

GHSA-qxh4-j39m-qfx4: Jenkins Redpen - Pipeline Reporter for Jira Plugin has a path traversal vulnerability

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b_9517b_6b_202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspace directory.