137 matches found
ch.acanda.maven:code-analysis-maven-plugin (>=1.6.0 <=1.27.0), com.jpinpoint.sonar:sonar-pmd-jpinpoint (>=2.0.0 <=2.1.1) +116 more potentially affected by CVE-2026-28338 via net.sourceforge.pmd:pmd-core (>=7.0.0-rc1 <=7.21.0)
net.sourceforge.pmd:pmd-core MAVEN version =7.0.0-rc1, =1.6.0, =2.0.0, =0.25.1, =0.25.1, =1.0.0, =0.5.6, =0.5.41, =12.2.0, =3.31.0, =0.7.0, =0.67.2, =0.67.2, =2.0.0, =0.1.0, =0.1.19 and more Source cves: CVE-2026-28338 Source advisory: SNYK:JAVA-NETSOURCEFORGEPMD-15365925...
CVE-2019-12752
The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident system...
GHSA-25QH-J22F-PWP8 vulnerabilities
Vulnerabilities for packages: apache-nifi-registry, sonar-scanner-cli, trino, cassandra, akhq, nextflow, cassandra-reaper, dependency-track, kserve-modelmesh, management-api-for-apache-cassandra-5.0, thingsboard, zookeeper, apache-nifi...
CVE-2025-11226 vulnerabilities
Vulnerabilities for packages: apache-nifi-registry, sonar-scanner-cli, trino, cassandra, akhq, nextflow, cassandra-reaper, dependency-track, kserve-modelmesh, management-api-for-apache-cassandra-5.0, thingsboard, zookeeper, apache-nifi...
GHSA-25QH-J22F-PWP8 vulnerabilities
Vulnerabilities for packages: sonar-scanner-cli, cassandra, nacos-docker, nacos, localstack, dependency-track, kserve-modelmesh, management-api-for-apache-cassandra-4.0, management-api-for-apache-cassandra-4.1, nextflow, apache-nifi, knative-kafka-broker, trino, zookeeper,...
CVE-2025-11226 vulnerabilities
Vulnerabilities for packages: sonar-scanner-cli, cassandra, nacos-docker, nacos, localstack, dependency-track, kserve-modelmesh, management-api-for-apache-cassandra-4.0, management-api-for-apache-cassandra-4.1, nextflow, apache-nifi, knative-kafka-broker, trino, zookeeper,...
EUVD-2019-4338
Malware in sbrugna...
EUVD-2021-18422
Malware in sbrugna...
EUVD-2022-6439
Malicious code in bioql PyPI...
EUVD-2022-2776
Malicious code in bioql PyPI...
EUVD-2022-7681
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-31523
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has capnetraw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to ga...
CVE-2025-48924 vulnerabilities
Vulnerabilities for packages: apache-nifi-registry, apache-tika, gradle, wildfly, spdx-tools-java, flyway, dependency-track, management-api-for-apache-cassandra-5.0, nrjmx, zipkin, thingsboard, solr, apicurio-registry, cassandra, akhq, keycloak-config-cli, kserve-modelmesh, jenkins-plugin-manager...
GHSA-J288-Q9X7-2F5V vulnerabilities
Vulnerabilities for packages: apache-nifi-registry, apache-tika, gradle, wildfly, spdx-tools-java, flyway, dependency-track, management-api-for-apache-cassandra-5.0, nrjmx, zipkin, thingsboard, solr, apicurio-registry, cassandra, akhq, keycloak-config-cli, kserve-modelmesh, jenkins-plugin-manager...
GHSA-J288-Q9X7-2F5V vulnerabilities
Vulnerabilities for packages: confluent-kafka-jre-bcfips, sonar-scanner-cli, apache-tika, cassandra, apache-activemq-artemis, keycloak-config-cli, camunda-zeebe, opensearch, localstack, dependency-track, infinispan, kserve-modelmesh, management-api-for-apache-cassandra-4.0,...
Friday Squid Blogging: US Naval Ship Attacked by Squid in 1978
Interesting story: USS Stein was underway when her anti-submarine sonar gear suddenly stopped working. On returning to port and putting the ship in a drydock, engineers observed many deep scratches in the sonar dome's rubber "NOFOUL" coating. In some areas, the coating was described as being...
CVE-2024-47161
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API...
CVE-2022-46688
A cross-site request forgery CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified credentials IDs obtained through another method,...
Malicious code in ig-sonar-runner (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 678d2f9e7e569b552fb1c7141755f6c84ec21e62122d3167be78aca0bd1ee2e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-578 Malicious code in ig-sonar-runner (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 678d2f9e7e569b552fb1c7141755f6c84ec21e62122d3167be78aca0bd1ee2e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...