Joomla on Tuesday patched a critical LDAP injection vulnerability that had lingered in the content management system for eight years. Attackers could use this bug to steal admin login credentials.

Open source webmail provider Roundcube was patched against a vulnerability that could be trivially exploited to run code on servers or access email accounts.