Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f2eaab01 by Salvatore Bonaccorso at 2026-05-28T23:00:56+02:00
Mark gitlab as removed from unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1150,7 +1150,7 @@ CVE-2026-8906 (The WP Promoter plugin for WordPress is
vulnerable to Cross-Site
CVE-2026-8832 (The WPCode - Insert Headers and Footers + Custom Code Snippets
- WordP ...)
NOT-FOR-US: WordPress plugin
CVE-2026-8716 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-8405 (IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on
feature of G ...)
NOT-FOR-US: IBM
CVE-2026-8180 (IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix
Pack 1 ...)
@@ -1184,7 +1184,7 @@ CVE-2026-6938 (IBM Db2 12.1.0 through 12.1.4 is
vulnerable to authorization bypa
CVE-2026-6936 (IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a
denial-of-service attac ...)
NOT-FOR-US: IBM
CVE-2026-6713 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-6169 (The affiliate-toolkit plugin for WordPress is vulnerable to
remote cod ...)
NOT-FOR-US: WordPress plugin
CVE-2026-6053 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is
vulnerable ...)
@@ -8802,11 +8802,11 @@ CVE-2026-8328 (The ftpcp() function in Lib/ftplib.py
was not updated when CVE-2
NOTE: https://github.com/python/cpython/pull/149648
NOTE:
https://github.com/python/cpython/commit/eac4fe3b2c77693790a5ef7dfab127c1fee81bf9
CVE-2026-8280 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-8181 (The Burst Statistics \u2013 Privacy-Friendly WordPress
Analytics (Goog ...)
NOT-FOR-US: WordPress plugin
CVE-2026-8144 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-7648 (The LearnPress \u2013 WordPress LMS Plugin for Create and Sell
Online ...)
NOT-FOR-US: WordPress plugin
CVE-2026-7525 (The My Calendar \u2013 Accessible Event Manager plugin for
WordPress i ...)
@@ -8870,7 +8870,7 @@ CVE-2026-4608 (The ProfileGrid \u2013 User Profiles,
Groups and Communities plug
CVE-2026-4607 (The ProfileGrid \u2013 User Profiles, Groups and Communities
plugin fo ...)
NOT-FOR-US: WordPress plugin
CVE-2026-4527 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-4524 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <not-affected> (Vulnerable code not present)
CVE-2026-46446 (SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and
cleartext ...)
@@ -9254,17 +9254,17 @@ CVE-2026-3718 (The ManageWP Worker plugin for WordPress
is vulnerable to Stored
CVE-2026-3694 (The Bold Page Builder plugin for WordPress is vulnerable to
Stored Cro ...)
NOT-FOR-US: WordPress plugin
CVE-2026-3607 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-3426 (The RTMKit Addons for Elementor plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2026-3425 (The RTMKit Addons for Elementor plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2026-3160 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-3074 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-3073 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-3004 (The Snow Monkey Blocks plugin for WordPress is vulnerable to
Stored Cr ...)
NOT-FOR-US: WordPress plugin
CVE-2026-39806 (Loop with Unreachable Exit Condition ('Infinite Loop')
vulnerability i ...)
@@ -9370,11 +9370,11 @@ CVE-2026-21821 (The HCL BigFix SCM Reporting site
contains an outdated and unsup
CVE-2026-20916 (An authenticated iControl REST user with low privileges can
create or ...)
NOT-FOR-US: F5
CVE-2026-1659 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-1338 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-1322 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-1184 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- gitlab <not-affected> (Specific to EE)
CVE-2026-0265 (An authentication bypass vulnerability in Palo Alto Networks
PAN-OS\xa ...)
@@ -9448,15 +9448,15 @@ CVE-2025-27850 (The locally served web site on the
Garmin WDU (v1 1.4.6 and v2 5
CVE-2025-15345 (The MapGeo \u2013 Interactive Geo Maps plugin for WordPress is
vulnera ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14870 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-14869 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-14767 (The WPC Badge Management for WooCommerce plugin for WordPress
is vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13874 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-12669 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2024-55045 (Firmament-Autopilot FMT-Firmware commit de5aec was discovered
to conta ...)
NOT-FOR-US: Firmament-Autopilot FMT-Firmware
CVE-2024-51395 (Buffer Overflow vulnerability in Ardupiot Copter Latest commit
92693e0 ...)
@@ -23089,9 +23089,9 @@ CVE-2026-5748 (The Text Snippets plugin for WordPress
is vulnerable to Stored Cr
CVE-2026-5377 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <not-affected> (Only affects 18.x)
CVE-2026-5262 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-4922 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-4353 (The CI HUB Connector plugin for WordPress is vulnerable to
Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2026-4280 (The Breaking News WP plugin for WordPress is vulnerable to
Local File ...)
@@ -23998,7 +23998,7 @@ CVE-2026-1913 (The Gallagher Website Design plugin for
WordPress is vulnerable t
CVE-2026-1845 (The Real Estate Pro plugin for WordPress is vulnerable to
Stored Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1660 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-1395 (The Gutentools plugin for WordPress is vulnerable to Stored
Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1379 (The HTTP Headers plugin for WordPress is vulnerable to Stored
Cross-Si ...)
@@ -24006,15 +24006,15 @@ CVE-2026-1379 (The HTTP Headers plugin for WordPress
is vulnerable to Stored Cro
CVE-2026-0539 (Incorrect Default Permissions in pcvisit service binary on
Windows all ...)
NOT-FOR-US: pcvisit
CVE-2025-9957 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-6016 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-58922 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion
Avada a ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-3922 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-0186 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2024-58344 (Carbon Forum 5.9.0 contains a persistent cross-site scripting
vulnerab ...)
NOT-FOR-US: Carbon Forum
CVE-2018-25272 (ELBA5 5.8.0 contains a remote code execution vulnerability
that allows ...)
@@ -30279,7 +30279,7 @@ CVE-2025-14551 (In Ubuntu, Subiquity version 24.04.4
could leak sensitive user c
CVE-2024-1490 (An authenticated remote attacker with high privileges can
exploit the ...)
NOT-FOR-US: WAGO
CVE-2026-1403
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-XXXX [RUSTSEC-2026-0049]
- rust-rustls-webpki 0.103.10+ds-1 (bug #1133085)
[trixie] - rust-rustls-webpki <no-dsa> (Minor issue)
@@ -30630,7 +30630,7 @@ CVE-2026-5300 (Unauthenticated functionality in
CoolerControl/coolercontrold <4
CVE-2026-5208 (Command injection in alerts in CoolerControl/coolercontrold
<4.0.0 all ...)
NOT-FOR-US: coolercontrold
CVE-2026-5173 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-4916 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <not-affected> (Vulnerable code introduced later)
CVE-2026-4837 (An eval() injection vulnerability in the Rapid7 Insight Agent
beaconin ...)
@@ -31270,7 +31270,7 @@ CVE-2026-1396 (The Magic Conversation For Gravity Forms
plugin for WordPress is
CVE-2026-1101 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- gitlab <not-affected> (Specific to EE)
CVE-2026-1092 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-0814 (The Advanced Contact form 7 DB plugin for WordPress is
vulnerable to u ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0811 (The Advanced Contact form 7 DB plugin for WordPress is
vulnerable to C ...)
@@ -31362,7 +31362,7 @@ CVE-2025-14815 (Cleartext Storage of Sensitive
Information vulnerability in Mits
CVE-2025-14243 (A flaw was found in the OpenShift Mirror Registry. This
vulnerability ...)
NOT-FOR-US: OpenShift Mirror Registry
CVE-2025-12664 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2023-46945 (QD 20230821 is vulnerable to Server-side request forgery
(SSRF) via a ...)
NOT-FOR-US: QD 20230821
CVE-2026-34757 (LIBPNG is a reference library for use in applications that
read, creat ...)
@@ -36571,7 +36571,7 @@ CVE-2026-4946 (Ghidra versions prior to 12.0.3
improperly process annotation dir
CVE-2026-3124 (The Download Monitor plugin for WordPress is vulnerable to
Insecure Di ...)
NOT-FOR-US: WordPress plugin
CVE-2026-2370 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-7741 (Hardcoded Password Vulnerability have been found in
CENTUM.Affected pr ...)
NOT-FOR-US: Yokogawa
CVE-2025-15036 (A path traversal vulnerability exists in the
`extract_archive_to_dir` ...)
@@ -38565,9 +38565,9 @@ CVE-2026-2995 (GitLab has remediated an issue in GitLab
EE affecting all version
CVE-2026-2973 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <not-affected> (Vulnerable code not present)
CVE-2026-2745 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-2726 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-2414 (Authorization bypass through User-Controlled key vulnerability
in HYPR ...)
NOT-FOR-US: HYPR
CVE-2026-2349 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
@@ -39052,9 +39052,9 @@ CVE-2025-14790 (IBM InfoSphere Information Server
11.7.0.0 through 11.7.1.6 coul
CVE-2025-14595 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- gitlab <not-affected> (Only affects Gitlab EE)
CVE-2025-13436 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-13078 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-12708 (IBM Concert 1.0.0 through 2.2.0 contains hard-coded
credentials that c ...)
NOT-FOR-US: IBM
CVE-2024-58341 (OpenCart Core 4.0.2.3 contains a SQL injection vulnerability
that allo ...)
@@ -46359,7 +46359,7 @@ CVE-2026-1653 (A potential divide by zero vulnerability
was reported in the Leno
CVE-2026-1652 (A potential buffer overflow vulnerability was reported in the
Lenovo V ...)
NOT-FOR-US: Lenovo
CVE-2026-1182 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-1068 (An improper certificate validation vulnerability was reported
in the L ...)
NOT-FOR-US: Lenovo
CVE-2026-0940 (A potential improper initialization vulnerability was reported
in the ...)
@@ -46430,7 +46430,7 @@ CVE-2026-3906 (WordPress core is vulnerable to
unauthorized access in versions 6
NOTE: https://core.trac.wordpress.org/changeset/61888
NOTE: https://wordpress.org/news/2026/03/wordpress-6-9-2-release/
CVE-2026-3848 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-3496 (The JetBooking plugin for WordPress is vulnerable to SQL
Injection via ...)
NOT-FOR-US: WordPress plugin
CVE-2026-3492 (The Gravity Forms plugin for WordPress is vulnerable to Stored
Cross-S ...)
@@ -46639,9 +46639,9 @@ CVE-2026-1993 (The ExactMetrics \u2013 Google Analytics
Dashboard for WordPress
CVE-2026-1992 (The ExactMetrics \u2013 Google Analytics Dashboard for
WordPress plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1732 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-1663 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-1524 (An edgecase in SSO implementation in Neo4j Enterprise edition
versions ...)
NOT-FOR-US: Neo4j Enterprise edition
CVE-2026-1497 (Incorrect resolving of namespaces in composite databases in
Neo4j Ente ...)
@@ -46651,13 +46651,13 @@ CVE-2026-1471 (Excessive caching of authentication
context in Neo4j Enterprise e
CVE-2026-1454 (The Responsive Contact Form Builder & Lead Generation Plugin
plugin fo ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1230 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-1090 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-1069 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <not-affected> (Vulnerable code introduced later)
CVE-2026-0602 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-0231 (An information disclosure vulnerability inPalo Alto Networks
Cortex XD ...)
NOT-FOR-US: Palo Alto Networks
CVE-2026-0230 (A problem with a protection mechanism in the Palo Alto Networks
Cortex ...)
@@ -46687,21 +46687,21 @@ CVE-2025-67035 (An issue was discovered in Lantronix
EDS5000 2.1.0.0R3. The SSH
CVE-2025-67034 (An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An
authenticat ...)
NOT-FOR-US: Lantronix
CVE-2025-14513 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-13929 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-13690 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-12704 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- gitlab <not-affected> (Specific to EE)
CVE-2025-12697 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-12690 (Execution with unnecessary privileges in Forcepoint NGFW
Engine allows ...)
NOT-FOR-US: Forcepoint
CVE-2025-12576 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-12555 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2019-25487 (SAPIDO RB-1732 V2.0.43 contains a remote command execution
vulnerabili ...)
NOT-FOR-US: SAPIDO RB-1732
CVE-2019-25486 (Varient 1.6.1 contains an SQL injection vulnerability that
allows unau ...)
@@ -52576,15 +52576,15 @@ CVE-2026-1747 (GitLab has remediated an issue in
GitLab EE affecting all version
CVE-2026-1725 (GitLab has remediated an issue in GitLab CE/EE affecting
versions from ...)
- gitlab <not-affected> (Vulnerable code introduced later)
CVE-2026-2845 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-1388 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-1662 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-14511 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-0752 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-3221 (Sensitive user account information is not encrypted in the
database i ...)
NOT-FOR-US: Devolutions
CVE-2026-3206 (Improper Resource Shutdown or Release vulnerability in KrakenD,
SLU Kr ...)
@@ -52824,7 +52824,7 @@ CVE-2025-62878 (A malicious user can manipulate the
parameters.pathPatternto cre
CVE-2025-50180 (esm.sh is a no-build content delivery network (CDN) for web
developmen ...)
NOT-FOR-US: esm.sh
CVE-2025-3525 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-1242 (The administrative credentials can be extracted through
application AP ...)
NOT-FOR-US: Gardyn
CVE-2025-14742 (The WP Recipe Maker plugin for WordPress is vulnerable to
unauthorized ...)
@@ -59622,11 +59622,11 @@ CVE-2026-1387 (GitLab has remediated an issue in
GitLab EE affecting all version
CVE-2026-1456 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <not-affected> (Vulnerable code not present)
CVE-2026-1458 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-0595 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-14560 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-0958 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <not-affected> (Vulnerable code not present)
CVE-2025-8099 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
@@ -63258,7 +63258,7 @@ CVE-2026-1757 (A flaw was identified in the interactive
shell of the xmllint uti
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/5446460ad3229579c91506317fb80ab333d44414
(v2.15.2)
NOTE: Negligible security impact, memory leak in xmllint CLI utility
CVE-2026-1751 (A vulnerability has been discovered in GitLab CE/EE affecting
all vers ...)
- - gitlab <unfixed>
+ - gitlab <removed>
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/519340
CVE-2026-1703 (When pip is installing and extracting a maliciously crafted
wheel arch ...)
- python-pip 26.0+dfsg-1 (bug #1126875)
@@ -67761,15 +67761,15 @@ CVE-2026-1190 (A flaw was found in Keycloak's SAML
brokering functionality. When
CVE-2026-0603 (A flaw was found in Hibernate. A remote attacker with low
privileges c ...)
NOT-FOR-US: Hibernate Core
CVE-2026-1102 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-13335 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-0723 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <not-affected> (Only affects 18.x)
CVE-2025-13928 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-13927 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2026-24026
REJECTED
CVE-2026-24025
@@ -73014,11 +73014,11 @@ CVE-2017-20212 (FLIR Thermal Camera F/FC/PT/D
firmware version 8.0.0.64 contains
CVE-2025-69262 (pnpm is a package manager. Versions 6.25.0 through 10.26.2
have a Comm ...)
- pnpm <itp> (bug #985669)
CVE-2025-3950 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-11246 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-10569 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-13781 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- gitlab <not-affected> (Specific to EE)
CVE-2025-13772 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
@@ -85799,7 +85799,7 @@ CVE-2025-14372 (Use after free in Password Manager in
Google Chrome prior to 143
CVE-2025-9436 (The Widgets for Google Reviews plugin for WordPress is
vulnerable to S ...)
NOT-FOR-US: WordPress plugin
CVE-2025-8405 (GitLab has remediated a security issue in GitLab CE/EE
affecting all v ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-67738 (squid/cachemgr.cgi in Webmin before 2.600 does not properly
quote argu ...)
- webmin <removed>
CVE-2025-67720 (Pyrofork is a modern, asynchronous MTProto API framework.
Versions 2.3 ...)
@@ -85926,36 +85926,36 @@ CVE-2025-65290 (Aqara Hub devices including Camera
Hub G3 4.1.9_0027, Hub M2 4.3
CVE-2025-62181 (Pega Platform versions 7.1.0 through Infinity 25.1.0 are
affected by a ...)
NOT-FOR-US: Pega Platform
CVE-2025-4097 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-24857 (Improper access control for volatile memory containing boot
code in Un ...)
- u-boot 2017.11+dfsg1-2
NOTE: https://www.cisa.gov/news-events/ics-advisories/icsa-25-343-01
CVE-2025-14485 (A weakness has been identified in EFM ipTIME A3004T 14.19.0.
This vuln ...)
NOT-FOR-US: EFM ipTIME A3004T
CVE-2025-14157 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-13978 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-13923
REJECTED
CVE-2025-13764 (The WP CarDealer plugin for WordPress is vulnerable to
Privilege Escal ...)
NOT-FOR-US: WordPress plugin
CVE-2025-12734 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-12731
REJECTED
CVE-2025-12716 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <not-affected> (Vulnerable code not present)
CVE-2025-12562 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-12029 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-11984 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-11467 (The RSS Aggregator by Feedzy \u2013 Feed to Post,
Autoblogging, News & ...)
NOT-FOR-US: WordPress plugin
CVE-2025-11247 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-10163 (The List category posts plugin for WordPress is vulnerable to
time-bas ...)
NOT-FOR-US: WordPress plugin
CVE-2024-58285 (Chyrp 2.5.2 contains a stored cross-site scripting
vulnerability that ...)
@@ -91741,7 +91741,7 @@ CVE-2025-9191 (The Houzez theme for WordPress is
vulnerable to PHP Object Inject
CVE-2025-9163 (The Houzez theme for WordPress is vulnerable to Stored
Cross-Site Scri ...)
NOT-FOR-US: WordPress plugin
CVE-2025-7449 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-6195 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- gitlab <not-affected> (Specific to EE)
CVE-2025-66028 (OneUptime is a solution for monitoring and managing online
services. P ...)
@@ -91840,7 +91840,7 @@ CVE-2025-13674 (BPv7 dissector crash in Wireshark 4.6.0
allows denial of service
NOTE: Introduced by:
https://gitlab.com/wireshark/wireshark/-/commit/81c14583b6ba4d47a8d2065cffc34dd6ff588783
(v4.6.0rc0)
NOTE: Crash in CLI tool, no security impact
CVE-2025-13611 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-14512 (A flaw was found in glib. This vulnerability allows a heap
buffer over ...)
{DLA-4412-1}
- glib2.0 2.86.3-1 (bug #1122346)
@@ -95006,23 +95006,23 @@ CVE-2016-15055 (JVC VN-T IP-camera models firmware
versions up to 2016-08-22 (co
CVE-2011-10034 (AUTOMGEN versions up to and including 8.0.0.7 (also referenced
as 8.02 ...)
NOT-FOR-US: AUTOMGEN
CVE-2025-12983 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-7736 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <not-affected> (Vulnerable code not yet present)
CVE-2025-6171 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-11990 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- gitlab <not-affected> (Specific to EE)
CVE-2025-6945 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- gitlab <not-affected> (Specific to EE)
CVE-2025-7000 (An issue has been discovered in GitLab CE/EE affecting all
versions f ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-2615 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-11865 (An issue has been discovered in GitLab EE affecting all
versions from ...)
- gitlab <not-affected> (Specific to EE)
CVE-2025-11224 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-12818 (Integer wraparound in multiple PostgreSQL libpq client library
functio ...)
{DLA-4420-1}
- postgresql-18 18.1-1
@@ -101767,11 +101767,11 @@ CVE-2025-11989 (GitLab has remediated an issue in
GitLab EE affecting all versio
CVE-2025-6601 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- gitlab <not-affected> (Specific to EE)
CVE-2025-11971 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-11974 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <not-affected> (Vulnerable code not present)
CVE-2025-11447 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-10497 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <not-affected> (Vulnerable code not present)
CVE-2025-11702 (GitLab has remediated an issue in EE affecting all versions
from 17.1 ...)
@@ -106911,11 +106911,11 @@ CVE-2017-20202 (Web Developer for Chrome v0.4.9
contained malicious code that ge
CVE-2017-20201 (CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit
builds) cont ...)
NOT-FOR-US: CCleaner
CVE-2025-2934 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-9825 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-10004 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-11340 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- gitlab <not-affected> (Specific to EE)
CVE-2025-8291 (The 'zipfile' module would not check the validity of the ZIP64
End of ...)
@@ -111364,7 +111364,7 @@ CVE-2025-11079 (A security flaw has been discovered
in Campcodes Farm Management
CVE-2025-11078 (A vulnerability was identified in itsourcecode Open Source Job
Portal ...)
NOT-FOR-US: itsourcecode Open Source Job Portal
CVE-2025-8014 (Denial of Service issue in GraphQL endpoints in Gitlab EE/CE
affecting ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-7647 (The llama-index-core package, up to version 0.12.44, contains a
vulner ...)
NOT-FOR-US: llama_index
CVE-2025-11077 (A vulnerability was determined in Campcodes Online Learning
Management ...)
@@ -111476,13 +111476,13 @@ CVE-2025-10498 (The Ninja Forms \u2013 The Contact
Form Builder That Grows With
CVE-2024-43192 (IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable
to cros ...)
NOT-FOR-US: IBM
CVE-2025-9958 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-9642 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-9267 (In Seagate Toolkit on Windows avulnerability exists in the
Toolkit Ins ...)
NOT-FOR-US: Seagate
CVE-2025-7691 (A privilege escalation issue has been discovered in GitLab EE
affectin ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-6396 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
NOT-FOR-US: Webbeyaz Website Design Website Software
CVE-2025-60219 (Unrestricted Upload of File with Dangerous Type vulnerability
in HaruT ...)
@@ -111725,7 +111725,7 @@ CVE-2025-1862 (An arbitrary file upload vulnerability
exists in multiple WSO2 pr
CVE-2025-11060 (A flaw was found in the live query subscription mechanism of
the datab ...)
NOT-FOR-US: SurrealDB
CVE-2025-11042 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-11039 (A security vulnerability has been detected in Campcodes
Computer Sales ...)
NOT-FOR-US: Campcodes
CVE-2025-11038 (A weakness has been identified in itsourcecode Online Clinic
Managemen ...)
@@ -111794,9 +111794,9 @@ CVE-2025-11010 (A vulnerability has been found in
vstakhov libucl up to 0.9.2. A
NOTE: https://github.com/vstakhov/libucl/issues/337
TODO: check if impacts security wise rspamd, which embeds libucl and
uses it a compile time
CVE-2025-10871 (An issue has been discovered in GitLab EE affecting all
versions from ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-10868 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-10867 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <not-affected> (Vulnerable code not present)
CVE-2025-10858 (An issue was discovered in GitLab CE/EE affecting all versions
before ...)
@@ -119171,17 +119171,17 @@ CVE-2024-45671 (IBM Security Verify Information
Queue 10.0.5, 10.0.6, 10.0.7, an
CVE-2024-45669 (IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7,
and 10.0 ...)
NOT-FOR-US: IBM
CVE-2025-6769 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-10094 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-7337 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-1250 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-6454 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-2256 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-10201 (Inappropriate implementation in Mojo in Google Chrome on
Android, Linu ...)
{DSA-5996-1}
- chromium 140.0.7339.127-1
@@ -123544,7 +123544,7 @@ CVE-2025-5187 (A vulnerability exists in the
NodeRestriction admission controlle
NOTE: https://github.com/kubernetes/kubernetes/issues/133471
NOTE:
https://groups.google.com/g/kubernetes-security-announce/c/znSNY7XCztE
CVE-2025-5101 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-58218 (Deserialization of Untrusted Data vulnerability in
enituretechnology S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-58217 (Cross-Site Request Forgery (CSRF) vulnerability in GeroNikolov
Instant ...)
@@ -123627,7 +123627,7 @@ CVE-2025-50972 (SQL Injection vulnerability in
AbanteCart 1.4.2, allows unauthen
CVE-2025-50428 (In RaspAP raspap-webgui 3.3.2 and earlier, a command injection
vulnera ...)
NOT-FOR-US: RaspAP
CVE-2025-4225 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-43882 (Dell ThinOS 10, versions prior to 2508_10.0127, contains an
Unverified ...)
NOT-FOR-US: Dell / EMC
CVE-2025-43730 (Dell ThinOS 10, versions prior to 2508_10.0127, contains an
Improper N ...)
@@ -123637,7 +123637,7 @@ CVE-2025-43729 (Dell ThinOS 10, versions prior to
2508_10.0127, contains an Inco
CVE-2025-43728 (Dell ThinOS 10, versions prior to 2508_10.0127, contain a
Protection M ...)
NOT-FOR-US: Dell / EMC
CVE-2025-3601 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-34161 (Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to
a remote ...)
NOT-FOR-US: Coolify
CVE-2025-34159 (Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to
a remote ...)
@@ -123679,7 +123679,7 @@ CVE-2025-30036 (Stored XSS vulnerability exists in
the "Oddzia\u0142" (Ward) mod
CVE-2025-2313 (In the Print.pl service, the "uhcPrintServerPrint" function
allows exe ...)
NOT-FOR-US: CGM CLININET
CVE-2025-2246 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-20348 (A vulnerability in the REST API endpoints of Cisco Nexus
Dashboard and ...)
NOT-FOR-US: Cisco
CVE-2025-20347 (A vulnerability in the REST API endpoints of Cisco Nexus
Dashboard and ...)
@@ -128238,11 +128238,11 @@ CVE-2025-8671 (A mismatch caused by
client-triggered server-sent stream resets b
CVE-2025-7739 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <not-affected> (Vulnerable code introduced later)
CVE-2025-7734 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-6186 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <not-affected> (Vulnerable code introduced later)
CVE-2025-5819 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-55668 (Session Fixation vulnerability in Apache Tomcat via rewrite
valve. Th ...)
{DSA-6121-1 DSA-6120-1}
- tomcat11 11.0.11-1 (bug #1111099)
@@ -128385,11 +128385,11 @@ CVE-2025-34153 (Hyland OnBase versions prior to
17.0.2.87 (other versions may be
CVE-2025-32451 (A memory corruption vulnerability exists in Foxit Reader
2025.1.0.2793 ...)
NOT-FOR-US: Foxit Reader
CVE-2025-2937 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-2614 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-2498 (An improper access control in Gitlab EE affecting all versions
from 12 ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-2184 (A credential management flaw in Palo Alto Networks Cortex
XDR\xae Brok ...)
NOT-FOR-US: Palo Alto Networks
CVE-2025-2183 (An insufficient certificate validation issue in the Palo Alto
Networks ...)
@@ -128417,13 +128417,13 @@ CVE-2025-23295 (NVIDIA Apex for all platforms
contains a vulnerability in a Pyth
CVE-2025-23294 (NVIDIA WebDataset for all platforms contains a vulnerability
where an ...)
NOT-FOR-US: NVIDIA
CVE-2025-1477 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2024-5477 (A potential security vulnerability has been identified in the
System B ...)
NOT-FOR-US: HP
CVE-2024-12303 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <not-affected> (Vulnerable code not present)
CVE-2024-10219 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-53859 (NGINX Open Source and NGINX Plus have a vulnerability in the
ngx_mail_ ...)
{DLA-4589-1}
[experimental] - nginx 1.28.0-2
@@ -133846,7 +133846,7 @@ CVE-2025-7745 (Buffer Over-read vulnerability in ABB
AC500 V2.This issue affects
CVE-2025-7437 (The Ebook Store plugin for WordPress is vulnerable to arbitrary
file u ...)
NOT-FOR-US: WordPress plugin
CVE-2025-7001 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-54377 (Roo Code is an AI-powered autonomous coding agent that lives
in users' ...)
NOT-FOR-US: Roo Code
CVE-2025-54371
@@ -133865,7 +133865,7 @@ CVE-2025-53537 (LibHTP is a security-aware parser for
the HTTP protocol and its
NOTE: Introduced by:
https://github.com/OISF/libhtp/commit/226580d502ae98c148aaecc4846f78694b5e253c
(0.5.50)
NOTE: Fixed by:
https://github.com/OISF/libhtp/commit/9037ea35110a0d97be5cedf8d31fb4cd9a38c7a7
(0.5.51)
CVE-2025-4976 (An issue has been discovered in GitLab EE affecting all
versions from ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-4968 (The WPBakery Page Builder for WordPress plugin for WordPress is
vulner ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4395 (Medtronic MyCareLink Patient Monitor has a built-in user
account with ...)
@@ -133883,7 +133883,7 @@ CVE-2025-32019 (Harbor is an open source trusted
cloud native registry project t
CVE-2025-26397 (SolarWinds Observability Self-Hosted is susceptible to
Deserialization ...)
NOT-FOR-US: SolarWinds
CVE-2025-1299 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-0765 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <not-affected> (Vulnerable code introduced later)
CVE-2016-15044 (A remote code execution vulnerability exists in Kaltura
versions prior ...)
@@ -134018,9 +134018,9 @@ CVE-2025-50477 (A URL redirection in lbry-desktop
v0.53.9 allows attackers to re
CVE-2025-50127 (A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla
was disc ...)
NOT-FOR-US: Joomla
CVE-2025-4700 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-4439 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-4411 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
NOT-FOR-US: Dataprom Informatics PACS-ACSS
CVE-2025-4296 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in H ...)
@@ -137272,7 +137272,7 @@ CVE-2025-7407 (A vulnerability, which was classified
as critical, was found in N
CVE-2025-7021 (Fullscreen API Spoofing and UI Redressing in the handling of
Fullscree ...)
NOT-FOR-US: OpenAI Operator SaaS
CVE-2025-6948 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-6211 (A vulnerability in the DocugamiReader class of the
run-llama/llama_ind ...)
NOT-FOR-US: run-llama/llama_index
CVE-2025-6168 (An issue has been discovered in GitLab EE affecting all
versions from ...)
@@ -142717,13 +142717,13 @@ CVE-2021-4457 (The ZoomSounds plugin before 6.05
contains a PHP file allowing un
CVE-2025-5846 (An issue has been discovered in GitLab EE affecting all
versions from ...)
- gitlab <not-affected> (Specific to EE)
CVE-2025-2938 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-5315 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-1754 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-3279 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-6583 (A vulnerability, which was classified as critical, was found in
Source ...)
NOT-FOR-US: SourceCodester
CVE-2025-6582 (A vulnerability, which was classified as critical, has been
found in S ...)
@@ -143660,7 +143660,7 @@ CVE-2025-5963 (The Postbox's configuration on macOS,
specifically the presence o
CVE-2025-5255 (The Phoenix Code's configuration on macOS, specifically the
presence o ...)
NOT-FOR-US: Phoenix Code
CVE-2025-5121 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-52825 (Cross-Site Request Forgery (CSRF) vulnerability in Rameez
Iqbal Real E ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-52822 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -143929,9 +143929,9 @@ CVE-2024-7586 (An issue was discovered in GitLab EE
affecting all versions start
CVE-2024-53298 (Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1,
contains a m ...)
NOT-FOR-US: Dell / EMC
CVE-2024-4994 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2024-4025 (A Denial of Service (DoS) condition has been discovered in
GitLab CE/E ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-38083 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
{DSA-5973-1 DLA-4328-1 DLA-4327-1}
- linux 6.12.35-1
@@ -146795,9 +146795,9 @@ CVE-2025-6021 (A flaw was found in libxml2's
xmlBuildQName function, where integ
CVE-2025-6003 (The WordPress Single Sign-On (SSO) plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2025-5996 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-5982 (An issue has been discovered in GitLab EE affecting all
versions from ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-5485 (User names used to access the web management interface are
limited to ...)
NOT-FOR-US: SinoTrack
CVE-2025-5484 (A username and password are required to authenticate to the
central S ...)
@@ -146891,9 +146891,9 @@ CVE-2025-2254 (An issue has been discovered in GitLab
CE/EE affecting all versio
CVE-2025-29744 (pg-promise before 11.5.5 is vulnerable to SQL Injection due to
imprope ...)
NOT-FOR-US: pg-promise
CVE-2025-1516 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-1478 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-0673 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <not-affected> (Vulnerable code not present)
CVE-2024-9512 (An issue has been discovered in GitLab EE affecting all
versions prior ...)
@@ -152262,9 +152262,9 @@ CVE-2025-24916 (When installing Tenable Network
Monitor to a non-default locatio
CVE-2025-1123 (The Solid Mail \u2013 SMTP email and logging made by SolidWP
plugin fo ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9163 (A business logic error in GitLab CE/EE affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2024-7803 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2024-51360 (An issue in Hospital Management System In PHP V4.0 allows a
remote att ...)
NOT-FOR-US: Hospital Management System In PHP
CVE-2024-51108 (Multiple stored cross-site scripting (XSS) vulnerabilities in
the comp ...)
@@ -152332,7 +152332,7 @@ CVE-2025-5074 (A vulnerability, which was classified
as critical, was found in F
CVE-2025-5073 (A vulnerability, which was classified as critical, has been
found in F ...)
NOT-FOR-US: FreeFloat FTP Server
CVE-2025-4979 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-4419 (The Hot Random Image plugin for WordPress is vulnerable to Path
Traver ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4405 (The Hot Random Image plugin for WordPress is vulnerable to
Stored Cros ...)
@@ -152409,7 +152409,7 @@ CVE-2025-3836 (ZohocorpManageEngine ADAudit Plus
versions 8510 and prior are vul
CVE-2025-3444 (Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter
Plus vers ...)
NOT-FOR-US: Zoho
CVE-2025-3111 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-33138 (IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML
injection ...)
NOT-FOR-US: IBM
CVE-2025-33137 (IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an
authenticated us ...)
@@ -152435,7 +152435,7 @@ CVE-2025-30170 (Exposure of file path, file size or
file existence vulnerabiliti
CVE-2025-30169 (File upload and execute vulnerabilities in ASPECT allow PHP
script inj ...)
NOT-FOR-US: ABB group
CVE-2025-2853 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-2506 (When pglogical attempts to replicate data, it does not verify
it is us ...)
- pglogical <not-affected> (Specific to pglogical 3 and later)
NOTE: https://www.enterprisedb.com/docs/security/advisories/cve20252506/
@@ -152450,13 +152450,13 @@ CVE-2025-23183 (CWE-601: URL Redirection to
Untrusted Site ('Open Redirect'))
CVE-2025-23182 (CWE-203: Observable Discrepancy)
NOT-FOR-US: UBtech FreePass
CVE-2025-1110 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-0993 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-0679 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-0605 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2024-9639 (Remote Code Execution vulnerabilities are present in ASPECT if
session ...)
NOT-FOR-US: ABB group
CVE-2024-9544 (The MapSVG plugin for WordPress is vulnerable to Stored
Cross-Site Scr ...)
@@ -152540,7 +152540,7 @@ CVE-2024-13929 (Servlet injection vulnerabilities in
ASPECT allow remote code ex
CVE-2024-13928 (SQL injection vulnerabilities in ASPECT allow unintended
access and ma ...)
NOT-FOR-US: ABB group
CVE-2024-12093 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2023-47466 (TagLib before 2.0 allows a segmentation violation and
application cras ...)
{DLA-4450-1}
- taglib 2.0.2-1
@@ -157659,11 +157659,11 @@ CVE-2025-5473 (GIMP ICO File Parsing Integer
Overflow Remote Code Execution Vuln
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/13910
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/c855d1df60ebaf5ef8d02807d448eb088f147a2b
CVE-2025-1278 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2024-8973 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-0549 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-43904 (In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the
accounting ...)
{DSA-5961-1}
- slurm-wlm 24.11.5-1 (bug #1104929)
@@ -162448,11 +162448,11 @@ CVE-2025-25045 (IBM InfoSphere Information 11.7
Server authenticated user to obt
CVE-2025-1976 (Brocade Fabric OS versions starting with 9.1.0 have root access
remove ...)
NOT-FOR-US: Brocade
CVE-2025-1908 (An issue has been discovered in GitLab EE/CE that could allow
an attac ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-1453 (The Category Posts Widget WordPress plugin before 4.9.20 does
not sani ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0639 (An issue has been discovered affecting service availability via
issue ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2024-22351 (IBM InfoSphere Information 11.7 Server does not invalidate
session aft ...)
NOT-FOR-US: IBM
CVE-2024-12244 (An issue has been discovered in access controls could allow
users to v ...)
@@ -166702,11 +166702,11 @@ CVE-2025-2469 (An issue has been discovered in
GitLab CE/EE affecting all versio
CVE-2024-11129 (An issue has been discovered in GitLab EE affecting all
versions from ...)
- gitlab <not-affected> (Specific to EE)
CVE-2025-2408 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-0362 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-1677 (A Denial of Service (DoS) issue has been discovered in GitLab
CE/EE af ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-3475 (Allocation of Resources Without Limits or Throttling, Incorrect
Author ...)
NOT-FOR-US: Drupal core and addons
CVE-2025-3474 (Missing Authentication for Critical Function vulnerability in
Drupal P ...)
@@ -173505,15 +173505,15 @@ CVE-2024-13411 (The Zapier for WordPress plugin for
WordPress is vulnerable to S
CVE-2024-9773 (An issue was discovered in GitLab EE affecting all versions
starting f ...)
- gitlab <not-affected> (Specific to EE)
CVE-2024-10307 (An issue has been discovered in GitLab EE/CE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2024-12619 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-2242 (An improper access control vulnerability in GitLab CE/EE
affecting all ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-0811 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-2255 (An issue has been discovered in Gitlab EE/CE for AppSec
affecting all ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-30232 (A use-after-free in Exim 4.96 through 4.98.1 could allow users
(with c ...)
{DSA-5887-1}
- exim4 4.98.1-2
@@ -176710,7 +176710,7 @@ CVE-2025-1257 (An issue was discovered in GitLab EE
affecting all versions start
CVE-2025-1119 (The Appointment Booking Calendar \u2014 Simply Schedule
Appointments B ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0652 (An issue has been discovered in GitLab EE/CE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2024-8402 (An issue was discovered in GitLab EE affecting all versions
starting f ...)
- gitlab <not-affected> (Specific to EE)
CVE-2024-7296 (An issue was discovered in GitLab EE affecting all versions
from 16.5 ...)
@@ -176726,9 +176726,9 @@ CVE-2024-13884 (The Limit Bio WordPress plugin
through 1.0 does not sanitise and
CVE-2024-13703 (The CRM and Lead Management by vcita plugin for WordPress is
vulnerabl ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13054 (An issue was discovered in GitLab CE/EE affecting all versions
before ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2024-12380 (An issue was discovered in GitLab EE/CE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2020-36843 (The implementation of EdDSA in EdDSA-Java (aka ed25519-java)
through 0 ...)
- libeddsa-java 0.3.0-2.1 (bug #1100993)
NOTE: https://github.com/str4d/ed25519-java/pull/82
@@ -181741,13 +181741,13 @@ CVE-2024-46226 (A stored cross site scripting (XSS)
vulnerability in HelpDeskZ <
CVE-2024-13560 (The Subscriptions & Memberships for PayPal plugin for
WordPress is vul ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8186 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-0555 (A Cross Site Scripting (XSS) vulnerability in GitLab-EE
affecting all ...)
- gitlab <not-affected> (Specific to EE)
CVE-2024-10925 (A vulnerability in GitLab-EE affecting all versions from 16.2
prior to ...)
- gitlab <not-affected> (Specific to EE)
CVE-2025-0475 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2022-49732 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 5.18.14-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -187754,7 +187754,7 @@ CVE-2025-0919
CVE-2025-0556 (In Progress\xae Telerik\xae Report Server, versions prior to
2025 Q1 ( ...)
NOT-FOR-US: Progress Telerik Report Server
CVE-2025-0516 (Improper Authorization in GitLab CE/EE affecting all versions
from 17. ...)
- - gitlab <unfixed>
+ - gitlab <removed>
CVE-2025-0511 (The Welcart e-Commerce plugin for WordPress is vulnerable to
Stored Cr ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0506 (The Rise Blocks \u2013 A Complete Gutenberg Page Builder plugin
for Wo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2eaab01bd3a1b34353f7d99f721c81607255ebd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2eaab01bd3a1b34353f7d99f721c81607255ebd
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
