136 matches found
ch.acanda.maven:code-analysis-maven-plugin (>=1.6.0 <=1.27.0), com.jpinpoint.sonar:sonar-pmd-jpinpoint (>=2.0.0 <=2.1.1) +116 more potentially affected by CVE-2026-28338 via net.sourceforge.pmd:pmd-core (>=7.0.0-rc1 <=7.21.0)
net.sourceforge.pmd:pmd-core MAVEN version =7.0.0-rc1, =1.6.0, =2.0.0, =0.25.1, =0.25.1, =1.0.0, =0.5.6, =0.5.41, =12.2.0, =3.31.0, =0.7.0, =0.67.2, =0.67.2, =2.0.0, =0.1.0, =0.1.19 and more Source cves: CVE-2026-28338 Source advisory: SNYK:JAVA-NETSOURCEFORGEPMD-15365925...
CVE-2019-12752
The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass vulnerability which could potentially allow an attacker to circumvent the existing tamper protection in use on the resident system...
GHSA-25QH-J22F-PWP8 vulnerabilities
Vulnerabilities for packages: cassandra-reaper, nextflow, sonar-scanner-cli, trino, cassandra, dependency-track, thingsboard, zookeeper, akhq, management-api-for-apache-cassandra-5.0, apache-nifi-registry, apache-nifi, kserve-modelmesh...
CVE-2025-11226 vulnerabilities
Vulnerabilities for packages: cassandra-reaper, nextflow, sonar-scanner-cli, trino, cassandra, dependency-track, thingsboard, zookeeper, akhq, management-api-for-apache-cassandra-5.0, apache-nifi-registry, apache-nifi, kserve-modelmesh...
CVE-2025-11226 vulnerabilities
Vulnerabilities for packages: knative-kafka-broker-fips, kserve-modelmesh, thingsboard, cassandra, akhq, nacos-docker, nextflow, nacos, trino, management-api-for-apache-cassandra-4.1, cassandra-reaper, sonar-scanner-cli, knative-kafka-broker, apache-nifi, management-api-for-apache-cassandra-5.0,...
GHSA-25QH-J22F-PWP8 vulnerabilities
Vulnerabilities for packages: knative-kafka-broker-fips, kserve-modelmesh, thingsboard, cassandra, akhq, nacos-docker, nextflow, nacos, trino, management-api-for-apache-cassandra-4.1, cassandra-reaper, sonar-scanner-cli, knative-kafka-broker, apache-nifi, management-api-for-apache-cassandra-5.0,...
EUVD-2021-18422
Malware in sbrugna...
EUVD-2019-4338
Malware in sbrugna...
EUVD-2022-2776
Malicious code in bioql PyPI...
EUVD-2022-7681
Malicious code in bioql PyPI...
EUVD-2022-6439
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-31523
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has capnetraw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to ga...
CVE-2025-48924 vulnerabilities
Vulnerabilities for packages: spdx-tools-java, sonar-scanner-cli, wildfly, management-api-for-apache-cassandra-5.0, apache-nifi-registry, kserve-modelmesh, gradle, jenkins-plugin-manager, apache-activemq-artemis, apache-tika, apicurio-registry, apache-nifi, cassandra-reaper, cassandra, opensearch...
GHSA-J288-Q9X7-2F5V vulnerabilities
Vulnerabilities for packages: spdx-tools-java, sonar-scanner-cli, wildfly, management-api-for-apache-cassandra-5.0, apache-nifi-registry, kserve-modelmesh, gradle, jenkins-plugin-manager, apache-activemq-artemis, apache-tika, apicurio-registry, apache-nifi, cassandra-reaper, cassandra, opensearch...
GHSA-J288-Q9X7-2F5V vulnerabilities
Vulnerabilities for packages: leiningen, confluent-kafka, apache-hop, camunda-zeebe, apicurio-registry, cassandra-fips, kserve-modelmesh, neo4j, thingsboard, maven-stage0, wildfly, kafka, cassandra, akhq, opensearch, jenkins-plugin-manager, nrjmx, liquibase, nextflow, py3-vllm-cuda-12.4, ghidra,...
Friday Squid Blogging: US Naval Ship Attacked by Squid in 1978
Interesting story: USS Stein was underway when her anti-submarine sonar gear suddenly stopped working. On returning to port and putting the ship in a drydock, engineers observed many deep scratches in the sonar dome's rubber "NOFOUL" coating. In some areas, the coating was described as being...
CVE-2024-47161
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API...
CVE-2022-46688
A cross-site request forgery CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified credentials IDs obtained through another method,...
Malicious code in ig-sonar-runner (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 678d2f9e7e569b552fb1c7141755f6c84ec21e62122d3167be78aca0bd1ee2e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-578 Malicious code in ig-sonar-runner (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 678d2f9e7e569b552fb1c7141755f6c84ec21e62122d3167be78aca0bd1ee2e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...