v6.4.0 & v6.4.1 have a potential remote code execution vulnerability, when combined with other plugins.
A Remote Code Execution vulnerability that is not directly exploitable in core, however the security team feels that there is a potential for high severity when combined with some plugins, especially in multisite installs. - WordPress Team
The WordPress team has an impossible task of understanding how the core code works and integrates with thousands (millions?) of plugins! That's why it's important to update quickly (and slowly for major / minor version changes).