News

Application security news, updated daily (if there is any news to share).

OCaml fixes Marshal deserialization buffer over-read that can enable RCE (CVE-2026-28364)

CVE-2026-28364 was published for OCaml Marshal deserialization, where missing bounds validation can enable a multi-phase attack chain leading to remote code execution; upgrade to 4.14.3 or 5.4.1.

VulnerabilitiesLanguagesSecure Coding

27 Feb 2026

Apache Superset fixes High-severity dataset authorization bypass (CVE-2026-23982)

Apache disclosed CVE-2026-23982, a High-severity authorization bypass in Superset versions before 6.0.0 enabling low-privilege users to access restricted data via dataset SQL overwrite.

NewsVulnerabilitiesWeb Security

24 Feb 2026

Loading news…