#advisory — Gatlab Security Blog

Advisory CRITICAL 23 Apr 2026 · 3m read

CVE-2023-20198CVE-2023-20273

ADVISORY: Critical Privilege Escalation in Cisco IOS XE Web UI — 50,000 Devices Exposed

Gatlab Security Advisory: Cisco IOS XE management interface vulnerabilities allow unauthenticated attackers to create privileged accounts. Over 50,000 devices remain unpatched and internet-exposed.

Gatlab Security Team Read

Advisory HIGH 10 Apr 2026 · 3m read

CVE-2024-28000CVE-2024-31210

ADVISORY: Mass Exploitation of WordPress Plugins — 1M+ Sites at Risk

Multiple critical vulnerabilities in popular WordPress plugins are being mass-exploited by automated bots. Sites running LiteSpeed Cache, Elementor Pro, and WP Fastest Cache should update immediately.

Gatlab Security Team Read

Advisory CRITICAL 25 Mar 2026 · 3m read

CVE-2024-38812CVE-2024-38813

ADVISORY: VMware vCenter Critical RCE — Patch Your Virtualization Infrastructure Now

Critical unauthenticated remote code execution vulnerabilities in VMware vCenter Server are being exploited by ransomware groups to compromise entire virtualized infrastructures.

Gatlab Security Team Read

Advisory CRITICAL 12 Mar 2026 · 3m read

CVE-2024-3400

ADVISORY: Palo Alto Networks GlobalProtect Command Injection — Unauthenticated RCE

A command injection vulnerability in Palo Alto Networks PAN-OS GlobalProtect gateway enables unauthenticated remote code execution. CISA confirms active exploitation by state-sponsored actors.

Gatlab Security Team Read

Advisory CRITICAL 20 Feb 2026 · 3m read

CVE-2024-6387

ADVISORY: regreSSHion — Critical OpenSSH RCE Returns After 18 Years

CVE-2024-6387 (regreSSHion) is a race condition in OpenSSH's signal handler that allows unauthenticated remote code execution as root. Affects 14 million internet-exposed servers.

Gatlab Security Team Read