Sonar's latest blog posts
Building Confidence and Trust in AI-Generated Code
To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance


WordPress 5.8.2 Stored XSS Vulnerability
We reported a Stored XSS vulnerability in WordPress (CVE-2022-21662) which remained unpatched for more than 3 years and affected the wordpress.org website.
Read Blog post >

Vulnerability Research Highlights 2021
Our research team looks back at a great year and summarizes the highlights of their vulnerability research in 2021.
Read Blog post >
Get new blogs delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

Modernizing your code with C++20
C++20 is here! It's a big release with many features designed to make your code easier, faster and safer. Let's see how the latest C++ analysis rules in SonarQube for IDE, SonarQube Server and SonarQube Cloud can help us modernize our code to take advantage of some of the new features.
Read Blog post >

NodeBB 1.18.4 - Remote Code Execution With One Shot
We recently discovered three interesting code vulnerabilities in NodeBB 1.18.4, allowing attackers to compromise servers. Find out about the details in this article!
Read Blog post >

Code Security Advent Calendar 2021
Our code security advent calendar is back for the sixth consecutive year. We will release daily challenges until December 24th, get ready to fill your bag of tricks!
Read Blog post >

10 Unknown Security Pitfalls for Python
In this blog post, we share 10 security pitfalls for Python developers that we encountered in real-world projects.
Read Blog post >

Agent 008: Chaining Vulnerabilities to Compromise GoCD
We discovered 3 more code vulnerabilities in the popular GoCD CI/CD system that can be chained by attackers to leak or modify internal code. Learn more in this blog post.
Read Blog post >

SmartStoreNET - Malicious Message leading to E-Commerce Takeover
Check out the details of a Cross-Site Scripting bug in the BBCode processing in SmartStoreNET and how it can be chained into arbitrary code execution!
Read Blog post >

Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD
We recently discovered critical security issues in the popular CI/CD solution GoCD that can be exploited by unauthenticated attackers
Read Blog post >

Meet the new project experience for SonarQube Cloud
We are very pleased to announce that we have released a new project experience. It’s now available in SonarQube Cloud for all users. You’ll notice a few improvements the next time you open SonarQube Cloud.
Read Blog post >

Squirrel Sandbox Escape allows Code Execution in Games and Cloud Services
We discovered and reported a vulnerability in the Squirrel VM, written in C, that allows an attacker to escape the sandbox.
Read Blog post >