CVE-2025-58986 updated 3 hours ago by @LeSuisse Activity log Created automatic suggestion 19 hours ago @LeSuisse removed 8 packages typstPackages.fh-joanneum-iit-thesis_1_1_0 typstPackages.fh-joanneum-iit-thesis_1_2_0 typstPackages.fh-joanneum-iit-thesis_1_2_2 typstPackages.fh-joanneum-iit-thesis_1_2_3 typstPackages.fh-joanneum-iit-thesis_2_0_2 typstPackages.fh-joanneum-iit-thesis_2_0_5 typstPackages.fh-joanneum-iit-thesis_2_1_2 typstPackages.fh-joanneum-iit-thesis_2_2_0 3 hours ago @LeSuisse dismissed 3 hours ago WordPress Jock On Air Now (JOAN) plugin <= 6.0.4 - Broken Access Control vulnerability Missing Authorization vulnerability in ganddser Jock On Air Now (JOAN) joan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jock On Air Now (JOAN): from n/a through <= 6.0.4. Affected products joan =<<= 6.0.4 Matching in nixpkgs Package maintainers: 1 @cherrypiejam Gongqi Huang
CVE-2025-69364 updated 3 hours ago by @LeSuisse Activity log Created automatic suggestion 19 hours ago @LeSuisse removed 27 packages kdePackages.breeze libsForQt5.breeze-gtk libsForQt5.breeze-qt5 kdePackages.breeze-gtk libsForQt5.breeze-grub sierra-breeze-enhanced kdePackages.breeze-grub libsForQt5.breeze-icons kdePackages.breeze-icons breeze-hacked-cursor-theme libsForQt5.breeze-plymouth plasma5Packages.breeze-gtk plasma5Packages.breeze-qt5 kdePackages.breeze-plymouth plasma5Packages.breeze-grub python312Packages.seabreeze python313Packages.seabreeze libsForQt5.qqc2-breeze-style plasma5Packages.breeze-icons kdePackages.qqc2-breeze-style plasma5Packages.breeze-plymouth wordpressPackages.plugins.breeze libsForQt5.sierra-breeze-enhanced plasma5Packages.qqc2-breeze-style kdePackages.sierra-breeze-enhanced qt6Packages.sierra-breeze-enhanced plasma5Packages.sierra-breeze-enhanced 3 hours ago @LeSuisse dismissed 3 hours ago WordPress Breeze plugin <= 2.2.21 - Broken Access Control vulnerability Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.21. Affected products breeze =<<= 2.2.21 Matching in nixpkgs Package maintainers: 14 @Anomalocaridid Duncan Russell <duncan@anomalocaris.xyz> @ttuegel Thomas Tuegel <ttuegel@mailbox.org> @ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru> @SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com> @LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev> @NickCao Nick Cao <nickcao@nichi.co> @peterhoeg Peter Hoeg <peter@hoeg.com> @nyanloutre Paul Trehiou <paul@nyanlout.re> @FRidh Frederik Rietdijk <fridh@fridh.nl> @mjm Matt Moriarity <matt@mattmoriarity.com> @SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com> @K900 Ilya K. <me@0upti.me> @bkchr Bastian Köcher <nixos@kchr.de> @A1ca7raz A1ca7raz <aya@wtm.moe>
CVE-2025-68505 updated 3 hours ago by @LeSuisse Activity log Created automatic suggestion 19 hours ago @LeSuisse removed 7 packages python312Packages.h5py python313Packages.h5py python312Packages.h5py-mpi python313Packages.h5py-mpi python312Packages.airtouch5py python313Packages.airtouch5py pkgsRocm.python3Packages.h5py-mpi 3 hours ago @LeSuisse dismissed 3 hours ago WordPress H5P plugin <= 1.16.1 - Broken Access Control vulnerability Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through <= 1.16.1. Affected products h5p =<<= 1.16.1 Matching in nixpkgs Package maintainers: 2 @JamieMagee Jamie Magee <jamie.magee@gmail.com> @doronbehar Doron Behar <me@doronbehar.com>
CVE-2025-32283 updated 3 hours ago by @LeSuisse Activity log Created automatic suggestion 19 hours ago @LeSuisse removed 47 packages solarus solargraph coc-solargraph solarc-gtk-theme solarus-launcher dircolors-solarized solarus-quest-editor rubyPackages.solargraph numix-solarized-gtk-theme vimPlugins.coc-solargraph nodePackages.coc-solargraph rubyPackages_3_1.solargraph rubyPackages_3_2.solargraph rubyPackages_3_3.solargraph rubyPackages_3_4.solargraph rubyPackages_3_5.solargraph python312Packages.zeversolar python313Packages.zeversolar rubyPackages.yard-solargraph prometheus-solaredge-exporter python312Packages.aiosolaredge python312Packages.pysolarmanv5 python312Packages.solarlog-cli python313Packages.aiosolaredge python313Packages.pysolarmanv5 python313Packages.solarlog-cli python312Packages.solaredge-web python313Packages.solaredge-web python312Packages.forecast-solar python313Packages.forecast-solar rubyPackages_3_1.yard-solargraph rubyPackages_3_2.yard-solargraph rubyPackages_3_3.yard-solargraph rubyPackages_3_4.yard-solargraph rubyPackages_3_5.yard-solargraph python312Packages.solaredge-local python312Packages.zeversolarlocal python313Packages.solaredge-local python313Packages.zeversolarlocal nodePackages_latest.coc-solargraph vscode-extensions.castwide.solargraph home-assistant-component-tests.solarlog home-assistant-component-tests.solaredge home-assistant-component-tests.zeversolar home-assistant-custom-components.solarman home-assistant-component-tests.forecast_solar vscode-extensions.brandonkirbyson.solarized-palenight 3 hours ago @LeSuisse dismissed 3 hours ago WordPress Solar Energy theme <= 3.5 - PHP Object Injection Vulnerability Deserialization of Untrusted Data vulnerability in designthemes Solar Energy solar allows Object Injection.This issue affects Solar Energy: from n/a through <= 3.5. Affected products solar =<<= 3.5 Matching in nixpkgs Package maintainers: 12 @polyfloyd polyfloyd <floyd@polyfloyd.net> @fabaff Fabian Affolter <mail@fabian-affolter.ch> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> @dotlambda Robert Schütz <rschuetz17@gmail.com> @offlinehacker Jaka Hudoklin <jaka@x-truder.net> @paepckehh Michael Paepcke <git@paepcke.de> @SebTM Sebastian Sellmeier <mail@sebastian-sellmeier.de> @bbenno Benno Bielmeier <nix@bbenno.com> @pyrox0 Pyrox <pyrox@pyrox.dev> @Scrumplex Sefa Eyeoglu <contact@scrumplex.net> @JamieMagee Jamie Magee <jamie.magee@gmail.com> @marcin-serwin Marcin Serwin <marcin@serwin.dev>
CVE-2025-67532 updated 3 hours ago by @LeSuisse Activity log Created automatic suggestion 19 hours ago @LeSuisse removed 11 packages charasay gnome-characters keepass-charactercopy unicode-character-database haskellPackages.character-ps coqPackages.mathcomp-character python312Packages.characteristic python313Packages.characteristic magnetophonDSP.CharacterCompressor python312Packages.character-encoding-utils python313Packages.character-encoding-utils 3 hours ago @LeSuisse dismissed 3 hours ago WordPress Hara theme <= 1.2.17 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through <= 1.2.17. Affected products hara =<<= 1.2.17 Matching in nixpkgs Package maintainers: 11 @hmajid2301 Haseeb Majid <hello@haseebmajid.dev> @vbgl Vincent Laporte <Vincent.Laporte@gmail.com> @CohenCyril Cyril Cohen <cyril.cohen@inria.fr> @jwiegley John Wiegley <johnw@newartisans.com> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com> @bobby285271 Bobby Rong <rjl931189261@126.com> @jtojnar Jan Tojnar <jtojnar@gmail.com> @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @magnetophon Bart Brouns <bart@magnetophon.nl> @TakWolf TakWolf <takwolf@foxmail.com> @h7x4 h7x4 <h7x4@nani.wtf>
CVE-2025-68556 updated 3 hours ago by @LeSuisse Activity log Created automatic suggestion 19 hours ago @LeSuisse removed 18 packages happy triggerhappy haskellPackages.happy haskellPackages.happy-dot haskellPackages.happy-lib haskellPackages.happy-meta ocamlPackages.happy-eyeballs haskellPackages.happy-arbitrary ocamlPackages.happy-eyeballs-lwt gnomeExtensions.happy-appy-hotkey ocamlPackages.mimic-happy-eyeballs python312Packages.aiohappyeyeballs python313Packages.aiohappyeyeballs ocamlPackages.happy-eyeballs-mirage tests.testers.testBuildFailure.happy tests.testers.testBuildFailure'.happy tests.testers.testBuildFailure.happyStructuredAttrs tests.testers.testBuildFailure'.happyStructuredAttrs 3 hours ago @LeSuisse dismissed 3 hours ago WordPress HAPPY plugin <= 1.0.9 - Broken Access Control vulnerability Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through 1.0.9. Affected products happy-helpdesk-support-ticket-system =<1.0.9 Matching in nixpkgs Package maintainers: 8 @honnip Jung seungwoo <me@honnip.page> @ulysses4ever Artem Pelenitsyn <a@pelenitsyn.top> @mweinelt Martin Weinelt <hexa@darmstadt.ccc.de> @fabaff Fabian Affolter <mail@fabian-affolter.ch> @ConnorBaker Connor Baker <ConnorBaker01@gmail.com> @tgharib Taha Gharib <xrcrod@gmail.com> @vbgl Vincent Laporte <Vincent.Laporte@gmail.com> @ulrikstrid Ulrik Strid <ulrik.strid@outlook.com>
CVE-2025-67936 updated 3 hours ago by @LeSuisse Activity log Created automatic suggestion 19 hours ago @LeSuisse removed 3 packages ocamlPackages.curly haskellPackages.curly-expander haskellPackages.recurly-client 3 hours ago @LeSuisse dismissed 3 hours ago WordPress Curly theme < 3.3 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through < 3.3. Affected products curly =<< 3.3 Matching in nixpkgs Package maintainers: 1 @sternenseemann Lukas Epple <sternenseemann@systemli.org>
CVE-2025-60206 updated 3 hours ago by @LeSuisse Activity log Created automatic suggestion 19 hours ago @LeSuisse removed 8 packages selenium-server-standalone cbqn-standalone-replxx htmlunit-driver cbqn-standalone argp-standalone art-standalone selendroid stalonetray 3 hours ago @LeSuisse dismissed 3 hours ago WordPress Alone theme <= 7.8.3 - Remote Code Execution (RCE) vulnerability Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through <= 7.8.3. Affected products alone =<<= 7.8.3 Matching in nixpkgs Package maintainers: 9 @Amar1729 Amar Paul <amar.paul16@gmail.com> @shnarazk Narazaki Shuji <shujinarazaki@protonmail.com> @Detegr Antti Keränen <detegr@rbx.email> @sternenseemann Lukas Epple <sternenseemann@systemli.org> @Synthetica9 Patrick Hilhorst <nix@hilhorst.be> @coreyoconnor Corey O'Connor <coreyoconnor@gmail.com> @offlinehacker Jaka Hudoklin <jaka@x-truder.net> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @onny Jonas Heinrich <onny@project-insanity.org>
CVE-2025-67568 updated 3 hours ago by @LeSuisse Activity log Created automatic suggestion 19 hours ago @LeSuisse removed 10 packages python312Packages.baseline python313Packages.baseline python312Packages.baselines python313Packages.baselines pkgsRocm.python3Packages.baselines python312Packages.stable-baselines3 python313Packages.stable-baselines3 pkgsRocm.python3Packages.stable-baselines3 python312Packages.robotframework-databaselibrary python313Packages.robotframework-databaselibrary 3 hours ago @LeSuisse dismissed 3 hours ago WordPress Basel theme <= 5.9.1 - Broken Access Control vulnerability Missing Authorization vulnerability in xtemos Basel basel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Basel: from n/a through <= 5.9.1. Affected products basel =<<= 5.9.1 Matching in nixpkgs Package maintainers: 4 @dnr David Reiss <dnr@dnr.im> @timokau Timo Kaufmann <timokau@zoho.com> @talkara Taito Horiuchi <taito.horiuchi@relexsolutions.com> @DerDennisOP Dennis <dennish@wuitz.de>
CVE-2025-60212 updated 15 hours ago by @LeSuisse Activity log Created automatic suggestion 19 hours ago @LeSuisse removed package ocamlPackages.reactivedata 15 hours ago @LeSuisse dismissed 15 hours ago WordPress VEDA Theme <= 4.2 - PHP Object Injection Vulnerability Deserialization of Untrusted Data vulnerability in designthemes VEDA veda allows Object Injection.This issue affects VEDA: from n/a through <= 4.2. Affected products veda =<<= 4.2 Matching in nixpkgs Package maintainers: 1 @vbgl Vincent Laporte <Vincent.Laporte@gmail.com>