Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting

Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2019-7219 info: name: Zarafa WebApp =2.0.1.47791 -...

How to Compare the Security of Code Written by Humans to LLM-Generated Code

Large language models LLMs are rapidly transforming how software is created and maintained. Comparing LLM-generated code against human-written standards is essential to determine whether these new tools uphold or erode the security baselines established by professional developers. Yet, we lack a...

R+R: Reassessing Java Security API Misuse in Current LLMs: A Replication on JCA and JSSE APIs with External Security Knowledge

The misuse of Java security APIs is a serious security problem in software development. Research in 2024 has shown that this problem is widespread in LLM-generated code. However, it remains unclear whether this phenomenon persists in current models and how external security knowledge affects it...

Budibase 安全漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.1 contained security vulnerabilities. These vulnerabilities stemmed from the V1 vi...

An Empirical Evaluation of LLM-Generated Code Security across Prompting Methods

The growing use of Large Language Models LLMs for automated code generation has enhanced software development efficiency, but often at the cost of security. Generated code frequently overlooks critical concerns, leaving it vulnerable to issues such as weak encryption and improper input validation...

Security Incentivization: An Empirical Study of How Micropayments Impact Code Security

Security often receives insufficient developer attention because it does not directly generate visible value, leading to underinvestment in practice. We evaluate a countermeasure by team-level incentives tied to measurable security improvements over time. Our semi-automated mechanism aggregates...

Bringing AI Code Security into Qualys ETM

A first-class data model for the next generation of findings AI-driven code security is becoming a real category. Anthropic's Claude Code Security and OpenAI's Codex Security are the leading examples, and more will follow. These tools reason about source code at a depth that traditional SAST cann...

Closing the Security Gap in the Age of Agentic Coding

AI agents are writing more and more code. Ensure it's secure. Learn how Wiz Code plugins and the Green Agent bring machine-speed remediation to your AI-IDE...

How exposed is your code? Find out in minutes—for free

Most security leaders share the same suspicion: there are vulnerabilities in our codebase that we don't know about. The uncomfortable truth is that most code never gets a thorough security review. Vulnerabilities accumulate quietly in active repositories, across languages and teams, often...

CVE-2026-34566 CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Page Management functionality when creating or editi...

VibeGuard: A Security Gate Framework for AI-Generated Code

"Vibe coding," in which developers delegate code generation to AI assistants and accept the output with little manual review, has gained rapid adoption in production settings. On March 31, 2026, Anthropic's Claude Code CLI shipped a 59.8 MB source map file in its npm package, exposing roughly...

Agentic-Security-Code-Review

🔍 Agentic Security Code Review !Claude Codehttps://img.sh...

GitHub expands application security coverage with AI‑powered detections

AI is accelerating software development and expanding the range of languages and frameworks used in modern repositories. Security teams are increasingly responsible for protecting code written across many ecosystems, not just the core enterprise languages traditionally covered by static analysis...

Claude Code Security and Magecart: Getting the Threat Model Right

When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As teams adopt Claude Code Security for static analysis, this is the exact technical boundary where AI...

The Impact of AI-Assisted Development on Software Security: A Study of Gemini and Developer Experience

The ongoing shortage of skilled developers, particularly in security-critical software development, has led organizations to increasingly adopt AI-powered development tools to boost productivity and reduce reliance on limited human expertise. These tools, often based on large language models, aim...

xygeni-action 安全漏洞

Oxyni-action is a GitHub code security scanning workflow plugin developed by Xygeni. Oxyni-action has a security vulnerability that stems from tag poisoning, which can lead to supply chain attacks, allowing attackers to execute arbitrary commands on the CI runner...

TOSSS: A CVE-Based Software Security Benchmark for Large Language Models

With their increasing capabilities, Large Language Models LLMs are now used across many industries. They have become useful tools for software engineers and support a wide range of development tasks. As LLMs are increasingly used in software development workflows, a critical question arises: are...

CISOs in a Pinch: A Security Analysis of OpenClaw

Learn how Claude Code Security set Cybersecurity stocks on fire...

Claude Code Security set the Cybersecurity Stocks on Fire - Here's the Signal in the Smoke

Learn how Claude Code Security set Cybersecurity stocks on fire...

Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning

Artificial intelligence AI company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security , is currently available in a limited research preview to...