#CriticalPatch

Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug

January 25, 2024 by Xynik

January 25, 2024 at 11:48AM Over 5,000 unpatched GitLab servers are vulnerable to account takeover due to CVE-2023-7028. The flaw, affecting versions 16.1.0 and onwards, allows send password reset emails to unverified addresses, disclosed by a non-profit group. Patches are available in GitLab versions 16.5.6, 16.6.4, and 16.7.2, with hundreds of vulnerable servers globally. GitLab … Read more

WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability

December 8, 2023 by Xynik

December 8, 2023 at 04:48AM WordPress version 6.4.2 patches a critical security flaw potentially exploitable with plugins, particularly in multisite setups. The vulnerability stems from the WP_HTML_Token class and can lead to arbitrary PHP code execution when chained with other bugs. Patchstack advises developers to replace ‘unserialize’ function calls to prevent attacks. Takeaways from the … Read more