[Git][security-tracker-team/security-tracker][master] new gitlab issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Apr 22 22:04:51 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6f581e14 by Moritz Muehlenhoff at 2026-04-22T23:04:40+02:00
new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,7 +33,7 @@ CVE-2026-6843 (A flaw was found in nano. A local user could exploit a format str
 CVE-2026-6842 (A flaw was found in nano. In environments with permissive umask settin ...)
 	TODO: check
 CVE-2026-6515 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects 18.x)
 CVE-2026-6396 (The Fast & Fancy Filter \u2013 3F plugin for WordPress is vulnerable t ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-6356 (A vulnerability in the web application allows standard users to escala ...)
@@ -57,7 +57,7 @@ CVE-2026-6022 (In Progress\xae Telerik\xae UI for AJAX prior to 2026.1.421, RadA
 CVE-2026-5820 (The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross- ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-5816 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects 18.x)
 CVE-2026-5767 (The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-5750 (An insecure direct object reference (IDOR) vulnerability in the Fullst ...)
@@ -67,11 +67,11 @@ CVE-2026-5749 (Inadequate access control in the registration process in Fullstep
 CVE-2026-5748 (The Text Snippets plugin for WordPress is vulnerable to Stored Cross-S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-5377 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects 18.x)
 CVE-2026-5262 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2026-4922 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2026-4353 (The CI HUB Connector plugin for WordPress is vulnerable to Stored Cros ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-4280 (The Breaking News WP plugin for WordPress is vulnerable to Local File  ...)
@@ -131,7 +131,7 @@ CVE-2026-40542 (Missing critical step in authentication in Apache HttpClient 5.6
 CVE-2026-3362 (The Short Comment Filter plugin for WordPress is vulnerable to Stored  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-3254 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects 18.x)
 CVE-2026-35548 (An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichmen ...)
 	TODO: check
 CVE-2026-35382
@@ -690,7 +690,7 @@ CVE-2026-1913 (The Gallagher Website Design plugin for WordPress is vulnerable t
 CVE-2026-1845 (The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-1660 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2026-1395 (The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-1379 (The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Si ...)
@@ -698,15 +698,15 @@ CVE-2026-1379 (The HTTP Headers plugin for WordPress is vulnerable to Stored Cro
 CVE-2026-0539 (Incorrect Default Permissions in pcvisit service binary on Windows all ...)
 	TODO: check
 CVE-2025-9957 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2025-6016 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2025-58922 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada a ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-3922 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2025-0186 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2024-58344 (Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerab ...)
 	TODO: check
 CVE-2018-25272 (ELBA5 5.8.0 contains a remote code execution vulnerability that allows ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f581e148314b999cf0b691eb675757a60d97f9e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f581e148314b999cf0b691eb675757a60d97f9e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260422/d04c50d6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list