Security News CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability TheHackerNews Daniel Bender May 2, 2024 A critical flaw (CVE-2023-7028) is being actively exploited, allowing account takeover by sending password reset emails to unverified addresses.