CVE-2026-28338

PMD is affected in versions prior to 7.22.0 where the legacy report formats vbhtml and yahtml insert rule-violation messages into HTML without escaping, causing potential cross-site scripting if untrusted source code contains crafted strings. The vulnerability does not affect the default html for...

PT-2026-22398

Name of the Vulnerable Software and Affected Versions PMD versions prior to 7.22.0 Description PMD, a static code analyzer, contains a flaw where its vbhtml and yahtml report formats do not properly escape characters when inserting rule violation messages into HTML output. Analyzing untrusted...

Exploit for Generation of Error Message Containing Sensitive Information in Postgresql

This is a PoC exploit for CVE-2021-3393, a Java source code static code analysis and danger function identifier program. The tool, named JavaID, identifies dangerous functions in Java source code by way of regular matching. It targets Java vulnerabilities such as XXE, Java Object Deserialization,...

Client-Side Zero-Shot LLM Inference for Comprehensive In-Browser URL Analysis

Malicious websites and phishing URLs pose an ever-increasing cybersecurity risk, with phishing attacks growing by 40% in a single year. Traditional detection approaches rely on machine learning classifiers or rule-based scanners operating in the cloud, but these face significant challenges in...

CVE-2025-23215

PMD Designer’s release signing keys were found with passphrases exposed in Maven Central jars. The two compromised keys (94A5 2756 9CAF 7A47 AFCA BDE4 86D3 7ECA 8C2E 4C5B and EBB2 41A5 45CB 17C8 7FAC B2EB D0BF 1D73 7C9A 1C22) have been revoked; signatures on past artifacts remain valid, and the g...

This Week in Spring - June 18th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! I've just come from Paris, France, and now I'm in equally beautiful Krakow, Poland, for the amazing Devoxx PL event. We've got a ton of good stuff to dive into, so let's get going! In last week's installment of Spring Tips, I...

libssh security update

0.9.6-14 - Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol BPP - Fix CVE-2023-6918 Missing checks for return values for digests - Fix CVE-2023-6004 ProxyCommand/ProxyJump features allow injection of malicious code through hostname - Note: version is bumped from 12 to 14...

Fedora: Security Advisory for jcip-annotations (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: jcip-annotations-1-43.20060626.fc40

This package provides class, field, and method level annotations for describing thread-safety policies. These annotations are relatively unintrusive and are beneficial to both users and maintainers. Users can see immediately whether a class is thread-safe, and maintainers can see immediately...

HackBot - A Simple Cli Chatbot Having Llama2 As Its Backend Chat AI

Welcome to HackBot, an AI-powered cybersecurity chatbot designed to provide helpful and accurate answers to your cybersecurity-related queries and also do code analysis and scan analysis. Whether you are a security researcher, an ethical hacker, or just curious about cybersecurity, HackBot is her...

APKHunt - Comprehensive Static Code Analysis Tool For Android Apps That Is Based On The OWASP MASVS Framework

APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their cod...

SQL Injection inside category creation (checkIfCategoryExists)

Description A user with the permission to Add category can abuse this feature to execute his own SQL queries. Proof of Concept Static code analysis The vulnerable php code is : php public function checkIfCategoryExistsarray $categoryData: int $query = sprintf "SELECT name from %sfaqcategories WHE...

Packj - Large-Scale Security Analysis Platform To Detect Malicious/Risky Open-Source Packages

Packj pronounced package is a command line CLI tool to vet open-source software packages for "risky" attributes that make them vulnerable to supply chain attacks. This is the tool behind our large-scale security analysis platform Packj.dev that continuously vets packages and provides free reports...

LambdaGuard - AWS Serverless Security

AWS Lambda is an event-driven, serverless computing platform provided by Amazon Web Services. It is a computing service that runs code in response to events and automatically manages the computing resources required by that code. LambdaGuard is an AWS Lambda auditing tool designed to create asset...

detekt 代码问题漏洞

detekt is a static code analysis tool for the Kotlin programming language. A security vulnerability exists in detekt that stems from an improperly restricted XML external entity reference...

Codecat v0.56 - An Open-Source Tool To Help You Find/Track User Input Sinks And Security Bugs Using Static Code Analysis

CodeCat is an open-source tool to help you find/track user input sinks and security bugs using static code analysis. These points follow regex rules. Current rules for C,C++,GO,Python,javascript,Swift,PHP,Ruby,ASP,Kotlin,Dart and Java.you can create your rules video How too install, step by step:...

Checkov - Prevent Cloud Misconfigurations During Build-Time For Terraform, CloudFormation, Kubernetes, Serverless Framework And Other Infrastructure-As-Code-Languages

Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform, Terraform plan, Cloudformation, AWS SAM, Kubernetes, Dockerfile, Serverless or ARM Templates and detects securi ty and compliance misconfigurations using graph-based...

Whispers - Identify Hardcoded Secrets In Static Structured Text

"My little birds are everywhere, even in the North, they whisper to me the strangest stories." - Lord Varys Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can...

Bughound - Static Code Analysis Tool Based On Elasticsearch

Bughound is an open-source static code analysis tool that analyzes your code and sends the results to Elasticsearch and Kibana to get useful insights about the potential vulnerabilities in your code. Bughound has its own Elasticsearch and Kibana Docker image that is preconfigured with dashboards ...

Design/Logic Flaw

Through routine static code analysis of the Juniper Networks Junos OS software codebase, the Secure Development Life Cycle team identified a Use After Free vulnerability in PFE packet processing on the QFX10002-60C switching platform. Exploitation of this vulnerability may allow a logically...