Wiz Research Uncovers Critical Vulnerability in AI Vibe Coding platform Base44 Allowing Unauthorized Access to Private Applications

New discovery underscores security implications of AI-powered development and the rise of Vibe Coding Platforms...

Secure Coding for Web Applications: Frameworks, Challenges, and the Role of LLMs

Secure coding is a critical yet often overlooked practice in software development. Despite extensive awareness efforts, real-world adoption remains inconsistent due to organizational, educational, and technical barriers. This paper provides a comprehensive review of secure coding practices across...

PT-2025-30619 · Robocode · Robocode

Name of the Vulnerable Software and Affected Versions: Roo Code versions 3.23.18 and below Description: Roo Code, an AI-powered autonomous coding agent, does not validate line breaks in its command input. This bypasses the allow-list mechanism due to a lack of parsing or validation logic,...

When Developer Aid Becomes Security Debt: a Systematic Analysis of Insecure Behaviors in LLM Coding Agents

LLM-based coding agents are rapidly being deployed in software development, yet their security implications remain poorly understood. These agents, while capable of accelerating software development, may inadvertently introduce insecure practices. We conducted the first systematic security...

CVE-2025-53536

Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that. One example is with...

CVE-2025-53536

Roo Code (AI-powered autonomous coding agent) prior to version 3.22.6 is affected. If a victim had the Write auto-approved mode, an attacker who can submit prompts could write to VS Code settings files and trigger code execution. A concrete example is the php.validate.executablePath setting, wher...

CVE-2025-6274 WebAssembly wabt binary-reader-interp.cc OnDataCount resource consumption

A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclose...

Secure Vibe Coding: The Complete New Guide

DALL-E for coders? That's the promise behind vibe coding, a term describing the use of natural language to create software. While this ushers in a new era of AI-generated code, it introduces "silent killer" vulnerabilities: exploitable flaws that evade traditional security tools despite perfect...

CVE-2022-50066

In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix aqvec index out of range error The final update statement of the for loop exceeds the array range, the dereference of self-aqveci is not checked and then leads to the index out of range error. Also fixed this...

CVE-2022-50051

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: debug: Fix potential buffer overflow by snprintf snprintf returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow although it's...

CVE-2022-50066 net: atlantic: fix aq_vec index out of range error

In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix aqvec index out of range error The final update statement of the for loop exceeds the array range, the dereference of self-aqveci is not checked and then leads to the index out of range error. Also fixed this...

CVE-2022-50066

Summary: CVE-2022-50066 affects the Linux kernel’s net/atlantic driver (Aquantia) where the final iteration of a for loop can dereference an out-of-bounds aq_vec entry, causing a UBSAN array-index-out-of-bounds condition. The issue manifests as index 8 being out of range for aq_vec_s *[8] in aq_n...

CVE-2022-50066 net: atlantic: fix aq_vec index out of range error

In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix aqvec index out of range error The final update statement of the for loop exceeds the array range, the dereference of self-aqveci is not checked and then leads to the index out of range error. Also fixed this...

CVE-2025-47869

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to...

gstreamer1-plugins-bad-free: mingw-gstreamer1-plugins-bad-free: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

A flaw was found in GStreamer H265 Codec Parsing gstreamer1-plugins-bad-free. This vulnerability allows remote attackers to execute arbitrary code by parsing H265 slice headers...

SCGAgent: Recreating the Benefits of Reasoning Models for Secure Code Generation with Agentic Workflows

Large language models LLMs have seen widespread success in code generation tasks for different scenarios, both everyday and professional. However current LLMs, despite producing functional code, do not prioritize security and may generate code with exploitable vulnerabilities. In this work, we...

CVE-2025-5481 Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target...

Rules Files for Safer Vibe Coding

Helping LLMs generate safer and more secure code through open-sourced rules files...

HeavyWater and SimplexWater: Watermarking Low-Entropy Text Distributions

Large language model LLM watermarks enable authentication of text provenance, curb misuse of machine-generated text, and promote trust in AI systems. Current watermarks operate by changing the next-token predictions output by an LLM. The updated i.e., watermarked predictions depend on random side...

gstreamer1-plugins-bad-free: mingw-gstreamer1-plugins-bad-free: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

A flaw was found in GStreamer H265 Codec Parsing gstreamer1-plugins-bad-free. This vulnerability allows remote attackers to execute arbitrary code by parsing H265 slice headers...