Vulnerability research
Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities
Our Code Quality solution, SonarQube Cloud, led us to a severe security issue in the popular Content Management System Joomla.
Read article >
Pitfalls of Desanitization: Leaking Customer Data from osTicket
The dangerous Desanitization pattern led to an XSS vulnerability in the open-source helpdesk software osTicket, which can be used to leak customer data.
Read article >
Who are you? The Importance of Verifying Message Origins
This blog post highlights the importance of verifying the origin of JavaScript message events and outlines the potential impact of omitting this by detailing two critical vulnerabilities in the Squidex application.
Read article >
Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins
This blog uncovers two vulnerabilities, a Critical and High severity, recently discovered by our research team. Exploiting these vulnerabilities, attackers have the potential to gain Remote Code Execution on a Jenkins instance.
Read article >
Vulnerability Research Highlights 2023
Our Vulnerability Research team looks back at a great year and summarizes the highlights of 2023.
Read article >
A Twist in the Code: OpenMeetings Vulnerabilities through Unexpected Application State
Unexpected application states are often overlooked and can introduce severe security vulnerabilities. Read more about this real-world example.
Read article >