» Blog

Summary A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user. The vulnerability, tracked as CVE-2024-5655, impacts all GitLab CE/EE versions from 15.8 through 16.11.4, 17.0.0 to 17.0.2, and 17.1.0 to 17.1.0. GitLab has addressed the vulnerability by releasing versions 17.1.1, 17.0.3, and 16.11.5, and…

Context  A recently patched high-severity flaw, tracked as CVE-2024-28995, impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. A patch is available for affected SolarWinds customers. Community Impact  Successful exploitation of this vulnerability could be a potential steppingstone for attackers. By gaining access to sensitive information like credentials…

Context Car dealership software-as-a-service provider (SaaS) CDK Global has been impacted by a large-scale cyberattack, causing the company to shut down a portion of its systems and leaving clients unable to operate their businesses normally. Community Impact The outage and restoration of CDK Global services impacts a portion of the RH-ISAC Core Membership and is notable due to…

Context A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide. The new RCE flaw, tracked as CVE-2024-4577, was discovered by Devcore Principal Security Researchers on 7 May 2024, who reported it to the PHP developers. PHP project maintainers released a…

Context Ariane Systems self-check-in systems installed at thousands of hotels worldwide are vulnerable to a kiosk mode bypass flaw that could allow access to guests’ personal information and the keys for other rooms, according to a new report form Pentagrid. Community Impact According to Ariane Systems, its self-checkout solutions are currently used by 3,000 hotels in 25 countries,…