CVE-2025-66035 - XSRF Token Leak in Angular via Protocol-Relative URLs
A new critical vulnerability—CVE-2025-66035—has been found in Angular’s popular HttpClient, affecting versions prior to 19.2.16, 20.3.14, and 21.
CVE-2025-64149 - Exploiting CSRF in Jenkins Publish to Bitbucket Plugin to Steal Credentials
A new vulnerability has been discovered in the hugely popular Jenkins automation server. This bug, CVE-2025-64149, affects the _Publish to Bitbucket Plugin_ version .4 and
CVE-2025-58794 - CSRF Vulnerability in Notification for Telegram (Up to 3.4.6) – How Attackers Can Exploit Your Site
The security world has spotted a major flaw in the popular Notification for Telegram plugin, which affects versions up to 3.4.6. Tracked as
CVE-2025-27820 - How a Tiny Bug in Apache HttpClient 5.4.x Broke Cookie Security and Hostname Checks
In early 2025, the Apache HttpClient team uncovered a subtle but critical bug in their popular HTTP communication library, culminating in the vulnerability tracked as
CVE-2025-24358 - Critical CSRF Protection Bypass in gorilla/csrf (Go)
gorilla/csrf is a popular middleware library that prevents Cross Site Request Forgery (CSRF) attacks in Go web apps and services. If you’re using
Episode
00:00:00
00:00:00