Application security news, updated daily (if there is any news to share).
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.
CVE-2026-33413 discloses High-severity authorization bypasses in etcd gRPC APIs, letting unauthorized clients call sensitive functions on clusters exposing gRPC to untrusted networks.
Wordfence disclosed a critical unauthenticated account-destruction bug in `WP DSGVO Tools (GDPR)` <=3.1.38 that irreversibly anonymizes non-admin users via a crafted AJAX request.