Click Studios has urged users of its Passwordstate password manager to promptly update to version 9.9 Build 9972 due to a critical authentication bypass vulnerability that could allow attackers to gain unauthorized access to the administration section via a crafted URL. The company recommends implementing a temporary workaround while users transition to the latest version.

CVE-2024-28080 is an authentication bypass vulnerability in Gitblit that affects the SSH service, allowing exploitation for users with public keys assigned to their accounts. The issue arose from the interaction between Gitblit's authentication code and the Apache MINA SSH library, where incorrect handling of public key authentication led to unintended successful logins. Version 1.10, released on June 14, 2025, addresses this vulnerability along with two others.