Application security news, updated daily (if there is any news to share).
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.
A CVEProject record reports a critical unauthenticated RCE chain in `WWBN/AVideo` `<= 26.0`, where CloneSite endpoints leak keys, dump databases, and reach command injection.
CVEProject published CVE-2026-32968, a critical unauthenticated OS command injection in `com_mb24sysapi` enabling remote code execution on mbCONNECT24-class gateways running firmware `<=2.19.3`.