Application security news, updated daily (if there is any news to share).
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.
A newly published CVE reports that `keras` safe loading can be bypassed, letting attacker-controlled `.keras` models execute code during deserialization in affected deployments.
Apache Storm disclosed an unsafe-deserialization RCE in `org.apache.storm:storm-client` Kerberos TGT credential handling, affecting versions before `2.8.6` when submitting topologies via Nimbus.