Application security news, updated daily (if there is any news to share).
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.
Saloon fixed unsafe `unserialize()` in `AccessTokenAuthenticator` OAuth token restore, where attacker-controlled serialized state can trigger PHP object injection and potential RCE in versions `< 4.0.0`.
A CVEProject record reports a critical unauthenticated RCE chain in `WWBN/AVideo` `<= 26.0`, where CloneSite endpoints leak keys, dump databases, and reach command injection.