TECH NEWS

GitLab Patches Code Execution, Information Disclosure Vulnerabilities

GitLab has rolled out Community Edition (CE) and Enterprise Edition (EE) security updates that resolve 13 vulnerabilities, including three high-severity bugs.

The most severe is CVE-2026-10086, an XSS flaw in the Analytics dashboard of GitLab EE, rooted in the improper sanitization of user-supplied input.

According to GitLab, the security defect could have allowed an authenticated user with developer rights to execute arbitrary client-side code in the context of other users’ sessions.

Next in line is CVE-2026-10712, an XSS in the Web IDE workbench asset handler that could have allowed unauthenticated attackers to execute JavaScript code in users’ browser sessions.

The third high-severity vulnerability is CVE-2026-12053, described as an insufficient output filtering in Duo Workflows, which could have allowed users to access sensitive information already committed to a project.

The fresh GitLab CE/EE updatesalso resolve seven medium-severity flaws, including authorization bypass, incorrect authorization, insufficient filtering, improper input validation, and improper...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

https://www.zdnet.com/a/img/resize/961ce5a3dac3b8b7fabb15da57edc815971da192/2024/09/26/e745b369-a69a-43af-9afd-325b56e779e6/microsoft-surface-laptop-8.jpg?auto=webp&fit=crop&height=675&wid...

A crucial Windows security certificate just expired - how to check your PC

Follow ZDNET: Add us as a preferred source on Google. ZDNET's key takeaways * Secure Boot protects modern Windows and Linux PCs. * Microsoft Secure Boot certificates from 2011 expire in June and October 2026. * Most PC owners are fine if they install the latest updates. Last year's

https://media.wired.com/photos/6a3d125aae3c1cc072f46224/191:100/w_1280,c_limit/GettyImages-2282651869.jpg

Thousands Feared Dead After Venezuela Struck by Strongest Earthquake in Over 125 Years

Thousands of Venezuelans are feared dead after two major earthquakes struck the country less than a minute apart on Wednesday evening. People felt the ground shake across the north of the country, including the capital Caracas, as the earthquakes struck just outside the northwestern town of Yumare around 6pm locally.

https://platform.theverge.com/wp-content/uploads/sites/2/2025/08/acastro_STK056_02.jpg?quality=90&strip=all&crop=0%2C10.732984293194%2C100%2C78.534031413613&w=1200

Ford had to hire back former engineers to fix mistakes made by its automated systems

To celebrate its new status as No. 1 in JD Power’s initial quality ranking among mainstream automakers, Ford is opening up about the challenges it has faced in recent years, especially around its reliance on automated systems in production and design. It turns out that those automated systems were

https://cdn.mos.cms.futurecdn.net/4syjDYp3WERZNGTw898fJ8-2560-80.jpg

Tom Hanks calls AI replacing him 'a scary thought' — and Hollywood should probably listen

Woody the toy cowboy has faced a lot of frightening moments over the course of five Toy Story movies, but the actor voicing him for the last 30 years is trepidatious over the possibility that AI will supplant him. Tom Hanks told Entertainment Weekly in a new interview that the

Read more

A crucial Windows security certificate just expired - how to check your PC

Thousands Feared Dead After Venezuela Struck by Strongest Earthquake in Over 125 Years

Ford had to hire back former engineers to fix mistakes made by its automated systems

Tom Hanks calls AI replacing him 'a scary thought' &mdash; and Hollywood should probably listen

Tom Hanks calls AI replacing him 'a scary thought' — and Hollywood should probably listen