CVE-2025-60042 updated 1 week, 4 days ago by @LeSuisse Activity log Created automatic suggestion 1 week, 5 days ago @LeSuisse removed package vscode-extensions.chrischinchilla.vscode-pandoc 1 week, 4 days ago @LeSuisse dismissed 1 week, 4 days ago WordPress Chinchilla theme <= 1.16 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Chinchilla chinchilla allows PHP Local File Inclusion.This issue affects Chinchilla: from n/a through <= 1.16. Affected products chinchilla =<<= 1.16 Matching in nixpkgs Package maintainers: 1 @Pandapip1 Gavin John <gavinnjohn@gmail.com>
CVE-2025-53439 updated 1 week, 4 days ago by @LeSuisse Activity log Created automatic suggestion 1 week, 5 days ago @LeSuisse removed 2 packages vscode-extensions.elijah-potter.harper harper 1 week, 4 days ago @LeSuisse dismissed 1 week, 4 days ago WordPress Harper theme <= 1.13 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Harper harper allows PHP Local File Inclusion.This issue affects Harper: from n/a through <= 1.13. Affected products harper =<<= 1.13 Matching in nixpkgs Package maintainers: 4 @pbsds Peder Bergebakken Sundt <pbsds@hotmail.com> @sumnerevans Sumner Evans <me@sumnerevans.com> @ddogfoodd Jost Alemann @MasterEvarior MasterEvarior <nix-maintainer@giannin.ch>
CVE-2025-58949 updated 1 week, 4 days ago by @LeSuisse Activity log Created automatic suggestion 1 week, 5 days ago @LeSuisse removed package chickenPackages_5.chickenEggs.spock 1 week, 4 days ago @LeSuisse dismissed 1 week, 4 days ago WordPress Spock theme <= 1.17 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Spock spock allows PHP Local File Inclusion.This issue affects Spock: from n/a through <= 1.17. Affected products spock =<<= 1.17 Matching in nixpkgs
CVE-2025-58933 updated 1 week, 4 days ago by @LeSuisse Activity log Created automatic suggestion 1 week, 5 days ago @LeSuisse removed package anubis 1 week, 4 days ago @LeSuisse dismissed 1 week, 4 days ago WordPress Anubis theme <= 1.25 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Anubis anubis allows PHP Local File Inclusion.This issue affects Anubis: from n/a through <= 1.25. Affected products anubis =<<= 1.25 Matching in nixpkgs Package maintainers: 5 @SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net> @soopyc Cassie Cheung <me@soopy.moe> @Defelo Defelo @knightpp Danylo Kondratiev <knightpp@proton.me> @ryand56 Ryan Omasta <git@ryand.ca>
CVE-2025-58928 updated 1 week, 4 days ago by @LeSuisse Activity log Created automatic suggestion 1 week, 5 days ago @LeSuisse removed 2 packages heartbeat7 anytype-heart 1 week, 4 days ago @LeSuisse dismissed 1 week, 4 days ago WordPress Heart theme <= 1.8 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Heart heart allows PHP Local File Inclusion.This issue affects Heart: from n/a through <= 1.8. Affected products heart =<<= 1.8 Matching in nixpkgs Package maintainers: 6 @kira-bruneau Kira Bruneau <kira.bruneau@pm.me> @autrimpo Michal Koutenský <michal@koutensky.net> @adda0 David Chocholatý <chocholaty.david@protonmail.com> @fadenb Tristan Helmich <tristan.helmich+nixos@gmail.com> @basvandijk Bas van Dijk <v.dijk.bas@gmail.com> @dfithian Daniel Fithian <daniel.m.fithian@gmail.com>
CVE-2025-66117 updated 1 week, 4 days ago by @LeSuisse Activity log Created automatic suggestion 1 week, 5 days ago @LeSuisse removed package ocamlPackages.easy-format 1 week, 4 days ago @LeSuisse dismissed 1 week, 4 days ago WordPress Easy Form plugin <= 2.7.8 - Broken Access Control vulnerability Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.8. Affected products easy-form =<<= 2.7.8 Matching in nixpkgs Package maintainers: 1 @vbgl Vincent Laporte <Vincent.Laporte@gmail.com>
CVE-2025-53445 updated 1 week, 4 days ago by @LeSuisse Activity log Created automatic suggestion 1 week, 5 days ago @LeSuisse removed package catppuccin-catwalk 1 week, 4 days ago @LeSuisse dismissed 1 week, 4 days ago WordPress Catwalk theme <= 1.4 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Catwalk catwalk allows PHP Local File Inclusion.This issue affects Catwalk: from n/a through <= 1.4. Affected products catwalk =<<= 1.4 Matching in nixpkgs Package maintainers: 1 @ryanccn Ryan Cao <hello@ryanccn.dev>
CVE-2025-67921 updated 1 week, 4 days ago by @LeSuisse Activity log Created automatic suggestion 1 week, 5 days ago @LeSuisse removed package colobot 1 week, 4 days ago @LeSuisse dismissed 1 week, 4 days ago WordPress Lobo theme < 2.8.6 - SQL Injection vulnerability Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VanKarWai Lobo lobo allows Blind SQL Injection.This issue affects Lobo: from n/a through < 2.8.6. Affected products lobo =<< 2.8.6 Matching in nixpkgs Package maintainers: 1 @freezeboy freezeboy
CVE-2025-14430 updated 1 week, 4 days ago by @LeSuisse Activity log Created automatic suggestion 1 week, 5 days ago @LeSuisse removed package brook 1 week, 4 days ago @LeSuisse dismissed 1 week, 4 days ago WordPress Brook - Agency Business Creative theme <= 2.8.9 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Brook - Agency Business Creative brook allows PHP Local File Inclusion.This issue affects Brook - Agency Business Creative: from n/a through <= 2.8.9. Affected products brook =<<= 2.8.9 Matching in nixpkgs Package maintainers: 1 @xrelkd xrelkd
CVE-2025-67928 updated 1 week, 4 days ago by @LeSuisse Activity log Created automatic suggestion 1 week, 5 days ago @LeSuisse removed package haskellPackages.automotive-cse 1 week, 4 days ago @LeSuisse dismissed 1 week, 4 days ago WordPress Automotive Listings plugin <= 18.6 - SQL Injection vulnerability Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in themesuite Automotive Listings automotive allows Blind SQL Injection.This issue affects Automotive Listings: from n/a through <= 18.6. Affected products automotive =<<= 18.6 Matching in nixpkgs