Blog
Sonar's latest blog posts
What Code Issues Caused the CrowdStrike Outage?
This blog post takes a look at the potential code issues behind the recent global CrowdStrike outage.
WordPress 5.8.2 Stored XSS Vulnerability
We reported a Stored XSS vulnerability in WordPress (CVE-2022-21662) which remained unpatched for more than 3 years and affected the wordpress.org website.
Read Blog post >
Vulnerability Research Highlights 2021
Our research team looks back at a great year and summarizes the highlights of their vulnerability research in 2021.
Read Blog post >
Modernizing your code with C++20
C++20 is here! It's a big release with many features designed to make your code easier, faster and safer. Let's see how the latest C++ analysis rules in SonarLint, SonarQube and SonarCloud can help us modernize our code to take advantage of some of the new features.
Read Blog post >
NodeBB 1.18.4 - Remote Code Execution With One Shot
We recently discovered three interesting code vulnerabilities in NodeBB 1.18.4, allowing attackers to compromise servers. Find out about the details in this article!
Read Blog post >
Code Security Advent Calendar 2021
Our code security advent calendar is back for the sixth consecutive year. We will release daily challenges until December 24th, get ready to fill your bag of tricks!
Read Blog post >
10 Unknown Security Pitfalls for Python
In this blog post, we share 10 security pitfalls for Python developers that we encountered in real-world projects.
Read Blog post >
Agent 008: Chaining Vulnerabilities to Compromise GoCD
We discovered 3 more code vulnerabilities in the popular GoCD CI/CD system that can be chained by attackers to leak or modify internal code. Learn more in this blog post.
Read Blog post >
SmartStoreNET - Malicious Message leading to E-Commerce Takeover
Check out the details of a Cross-Site Scripting bug in the BBCode processing in SmartStoreNET and how it can be chained into arbitrary code execution!
Read Blog post >
Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD
We recently discovered critical security issues in the popular CI/CD solution GoCD that can be exploited by unauthenticated attackers
Read Blog post >
Meet the new project experience for SonarCloud
We are very pleased to announce that we have released a new project experience. It’s now available in SonarCloud for all users. You’ll notice a few improvements the next time you open SonarCloud.
Read Blog post >
Squirrel Sandbox Escape allows Code Execution in Games and Cloud Services
We discovered and reported a vulnerability in the Squirrel VM, written in C, that allows an attacker to escape the sandbox.
Read Blog post >