Aggregator

A vulnerability, which was classified as critical, was found in Jenkins Cadence vManager Plugin up to 4.0.0-282.v5096a_c2db_275. This affects an unknown part of the file config.xml of the component Controller File System Handler. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2025-31724. The attack needs to be done within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Jenkins Templating Engine Plugin up to 2.5.3. Affected by this issue is some unknown functionality. The manipulation leads to sandbox issue. This vulnerability is handled as CVE-2025-31722. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as critical was found in monitor-remote-job Plugin 1.0 on Jenkins. Affected by this vulnerability is an unknown functionality of the file config.xml of the component Controller File System Handler. The manipulation leads to permission issues. This vulnerability is known as CVE-2025-31725. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Jenkins. Affected is an unknown function. The manipulation leads to permission issues. This vulnerability is traded as CVE-2025-31721. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Jenkins up to 2.492.2/2.503. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to permission issues. The identification of this vulnerability is CVE-2025-31720. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM TXSeries for Multiplatforms 9.1/11.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-56474. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM TXSeries for Multiplatforms 9.1/11.1. It has been declared as problematic. This vulnerability affects unknown code of the component Web UI. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-56475. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM TXSeries for Multiplatforms 9.1/11.1 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to observable response discrepancy. This vulnerability is handled as CVE-2024-56476. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in IBM TXSeries for Multiplatforms 9.1/11.1. Affected is an unknown function. The manipulation leads to improper neutralization of http headers for scripting syntax. This vulnerability is traded as CVE-2025-0154. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in IBM Jazz Reporting Service 7.0.2/7.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to session expiration. This vulnerability is known as CVE-2024-25051. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in IBM Content Navigator 3.0.11/3.0.15/3.1.0. This issue affects some unknown processing of the component Web UI. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-56341. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

一个网络安全创业者的2024年总结 by kelvin2294

编码问题引起的RCE分析 by ourren

SecWiki周刊（第578期) by ourren

基于代理访问网站行为动态性的新型网络隐信道 by ourren

更多最新文章，请访问SecWiki

根据消防公司 Fire Rover 的数据，美国和加拿大在 2024 年发生了 2,910 起垃圾和回收设施火灾，比 2023 年的 1,809 起增加了 60%，是 2022 年 1,409 起火灾的两倍多。垃圾和回收设施的火灾有半数估计是锂离子电池引起的。锂离子电池已经无处不在，其体积较小容易被人忽视。而锂离子电池垃圾的一个重要来源是电子烟，美国每年丢弃了多达 12 亿支电子烟。

On the heels of our DMARC adoption research in Europe’s higher education sector, we’re taking a look to see how schools in the Asia Pacific region are faring with their email security.

The post DMARC Adoption among APAC’s Higher Education Sector appeared first on Security Boulevard.

Регулятор расширяет арсенал: новый метод против похитителей денег граждан.

Recent announcements by major North American mobile service providers are once again putting carrier aggregation in the spotlight. On January 7, 2025, Verizon announced the achievement of 5.5Gbps download speeds—"the equivalent of downloading 266 Taylor Swift albums a minute or streaming 3,056 Hulu episodes per hour.”...

A cyber threat actor has claimed to have leaked 144GB of data from Royal Mail users