[Git][security-tracker-team/security-tracker][master] Add new gitlab issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 14 09:13:02 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7d6944d9 by Salvatore Bonaccorso at 2026-05-14T10:12:43+02:00
Add new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10,23 +10,23 @@ CVE-2026-8367 (aria2c accepts a server certificate with incorrect Extended Key U
 CVE-2026-8328 (The ftpcp() function in Lib/ftplib.py was not updated when  CVE-2021-4 ...)
 	TODO: check
 CVE-2026-8280 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2026-8181 (The Burst Statistics \u2013 Privacy-Friendly WordPress Analytics (Goog ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-8144 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2026-7648 (The LearnPress \u2013 WordPress LMS Plugin for Create and Sell Online  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-7525 (The My Calendar \u2013 Accessible Event Manager plugin for WordPress i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-7481 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects Gitlab EE)
 CVE-2026-7471 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects Gitlab EE)
 CVE-2026-7377 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects Gitlab EE)
 CVE-2026-6883 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects Gitlab EE)
 CVE-2026-6670 (The Media Sync plugin for WordPress is vulnerable to Path Traversal in ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-6510 (The InfusedWoo Pro plugin for WordPress is vulnerable to privilege esc ...)
@@ -36,7 +36,7 @@ CVE-2026-6506 (The InfusedWoo Pro plugin for WordPress is vulnerable to privileg
 CVE-2026-6417 (The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-6335 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <not-affected> (Vulnerable code not present)
 CVE-2026-6282 (A potential improper file path validation vulnerability was reported i ...)
 	NOT-FOR-US: Lenovo
 CVE-2026-6281 (A potential vulnerability was reported in some Lenovo Personal Cloud S ...)
@@ -50,9 +50,9 @@ CVE-2026-6225 (The Taskbuilder \u2013 Project Management & Task Management Tool
 CVE-2026-6177 (The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-6073 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects Gitlab EE)
 CVE-2026-6063 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects Gitlab EE)
 CVE-2026-5486 (The Unlimited Elements for Elementor plugin for WordPress is vulnerabl ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-5396 (The Fluent Forms plugin for WordPress is vulnerable to Authorization B ...)
@@ -78,9 +78,9 @@ CVE-2026-4608 (The ProfileGrid \u2013 User Profiles, Groups and Communities plug
 CVE-2026-4607 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-4527 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2026-4524 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	- gitlab <not-affected> (Vulnerable code not present)
 CVE-2026-46446 (SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext  ...)
 	- sogo 5.12.7-1
 	NOTE: https://github.com/Alinto/sogo/commit/1f7e5d2b2c2047c44a6a9e05f73c36491cb96d21 (SOGo-5.12.7)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6944d920fab24734bd716ea338e124bb75dca7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6944d920fab24734bd716ea338e124bb75dca7
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260514/4b72b938/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list