Application security news, updated daily (if there is any news to share).
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.
NVD published a Critical Apache Artemis/ActiveMQ Artemis auth-bypass where unauthenticated Core protocol clients can coerce outbound federation connections for queue message injection or exfiltration.
CVE-2026-28364 was published for OCaml Marshal deserialization, where missing bounds validation can enable a multi-phase attack chain leading to remote code execution.
Apache disclosed CVE-2026-23982, a High-severity authorization bypass in Superset versions before 6.0.0 enabling low-privilege users to access restricted data via dataset SQL overwrite.