CVE-2025-49976 updated 2 months, 2 weeks ago by @LeSuisse Activity log Created automatic suggestion 4 months ago @LeSuisse removed 10 packages fsnotifier mpris-notifier terminal-notifier usbguard-notifier python312Packages.pynotifier python312Packages.desktop-notifier python313Packages.desktop-notifier haskellPackages.status-notifier-item kdePackages.kstatusnotifieritem python313Packages.pynotifier 2 months, 2 weeks ago @LeSuisse dismissed 2 months, 2 weeks ago WordPress WANotifier plugin <= 2.7.7 - Broken Access Control Vulnerability Missing Authorization vulnerability in WANotifier WANotifier allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WANotifier: from n/a through 2.7.7. Affected products notifier =<2.7.7 Matching in nixpkgs
CVE-2025-49974 updated 2 months, 2 weeks ago by @LeSuisse Activity log Created automatic suggestion 4 months ago @LeSuisse removed 3 packages git-upstream lomiri.qtmir tests.haskell.upstreamStackHpackVersion 2 months, 2 weeks ago @LeSuisse dismissed 2 months, 2 weeks ago WordPress UpStream: a Project Management Plugin for WordPress plugin <= 2.1.0 - Broken Access Control Vulnerability Missing Authorization vulnerability in upstreamplugin UpStream: a Project Management Plugin for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects UpStream: a Project Management Plugin for WordPress: from n/a through 2.1.0. Affected products upstream =<2.1.0 Matching in nixpkgs
CVE-2025-53338 updated 2 months, 2 weeks ago by @LeSuisse Activity log Created automatic suggestion 4 months ago @LeSuisse removed 23 packages replace fireplace qsreplace replacement replace-secret haskellPackages.replace-attoparsec haskellPackages.replace-megaparsec haskellPackages.text-regex-replace tests.substitute.legacySingleReplace tests.replaceVars.replaceVars.succeeds tests.replaceVars.replaceVarsWith.succeeds tests.replaceVars.replaceVars.fails-on-directory tests.replaceVars.replaceVars.fails-in-build-phase tests.replaceVars.replaceVars.fails-in-check-phase tests.replaceVars.replaceVarsWith.fails-on-directory tests.replaceVars.replaceVars.succeeds-with-exemption tests.replaceVars.replaceVarsWith.fails-in-build-phase tests.replaceVars.replaceVarsWith.fails-in-check-phase tests.replaceVars.replaceVarsWith.succeeds-with-exemption tests.replaceVars.replaceVars.fails-in-check-phase-with-exemption tests.replaceVars.replaceVars.fails-in-check-phase-with-bad-exemption tests.replaceVars.replaceVarsWith.fails-in-check-phase-with-exemption tests.replaceVars.replaceVarsWith.fails-in-check-phase-with-bad-exemption 2 months, 2 weeks ago @LeSuisse dismissed 2 months, 2 weeks ago WordPress re.place plugin <= 0.2.1 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in dor re.place allows Stored XSS. This issue affects re.place: from n/a through 0.2.1. Affected products replace =<0.2.1 Matching in nixpkgs
CVE-2025-52826 updated 2 months, 2 weeks ago by @LeSuisse Activity log Created automatic suggestion 4 months ago @LeSuisse removed 4 packages python312Packages.datasalad python313Packages.datasalad python312Packages.schema-salad python313Packages.schema-salad 2 months, 2 weeks ago @LeSuisse dismissed 2 months, 2 weeks ago WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3. Affected products sala =<1.1.3 Matching in nixpkgs
CVE-2025-31428 updated 2 months, 2 weeks ago by @LeSuisse Activity log Created automatic suggestion 4 months ago @LeSuisse removed 11 packages hydrogen hydroxide libhydrogen tau-hydrogen fishPlugins.hydro hydrogen-web-unwrapped python312Packages.hydrogram python313Packages.hydrogram haskellPackages.hydrogen-version python312Packages.swisshydrodata python313Packages.swisshydrodata 2 months, 2 weeks ago @LeSuisse dismissed 2 months, 2 weeks ago WordPress HYDRO theme <= 2.8 - Reflected Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddhaThemes HYDRO allows Reflected XSS. This issue affects HYDRO: from n/a through 2.8. Affected products hydro =<2.8 Matching in nixpkgs
CVE-2025-53200 updated 2 months, 2 weeks ago by @LeSuisse Activity log Created automatic suggestion 4 months ago @LeSuisse removed package gnomeExtensions.penguin-ai-chatbot 2 months, 2 weeks ago @LeSuisse dismissed 2 months, 2 weeks ago WordPress ChatBot plugin <= 6.7.3 - Broken Access Control Vulnerability Missing Authorization vulnerability in QuantumCloud ChatBot allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ChatBot: from n/a through 6.7.3. Affected products chatbot =<6.7.3 Matching in nixpkgs
CVE-2025-52799 updated 2 months, 2 weeks ago by @LeSuisse Activity log Created automatic suggestion 4 months ago @LeSuisse removed 16 packages lms flmsg helmsman lmstudio python312Packages.calmsize python313Packages.calmsize python312Packages.dlms-cosem python313Packages.dlms-cosem python312Packages.llama-index-llms-ollama python312Packages.llama-index-llms-openai python313Packages.llama-index-llms-ollama python313Packages.llama-index-llms-openai python312Packages.llama-index-llms-openai-like python313Packages.llama-index-llms-openai-like python312Packages.llama-index-multi-modal-llms-openai python313Packages.llama-index-multi-modal-llms-openai 2 months, 2 weeks ago @LeSuisse dismissed 2 months, 2 weeks ago WordPress LMS theme <= 9.1 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes LMS allows Reflected XSS. This issue affects LMS: from n/a through 9.1. Affected products lms =<9.1 Matching in nixpkgs
CVE-2025-52833 updated 2 months, 2 weeks ago by @LeSuisse Activity log Created automatic suggestion 4 months ago @LeSuisse removed 16 packages lms flmsg helmsman lmstudio python312Packages.calmsize python313Packages.calmsize python312Packages.dlms-cosem python313Packages.dlms-cosem python312Packages.llama-index-llms-ollama python312Packages.llama-index-llms-openai python313Packages.llama-index-llms-ollama python313Packages.llama-index-llms-openai python312Packages.llama-index-llms-openai-like python313Packages.llama-index-llms-openai-like python312Packages.llama-index-multi-modal-llms-openai python313Packages.llama-index-multi-modal-llms-openai 2 months, 2 weeks ago @LeSuisse dismissed 2 months, 2 weeks ago WordPress LMS <= 9.1 - SQL Injection Vulnerability Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in designthemes LMS allows SQL Injection. This issue affects LMS: from n/a through 9.1. Affected products lms =<9.1 Matching in nixpkgs
CVE-2025-52718 updated 2 months, 2 weeks ago by @LeSuisse Activity log Created automatic suggestion 4 months ago @LeSuisse removed 8 packages selendroid stalonetray art-standalone argp-standalone cbqn-standalone htmlunit-driver cbqn-standalone-replxx selenium-server-standalone 2 months, 2 weeks ago @LeSuisse dismissed 2 months, 2 weeks ago WordPress Alone <= 7.8.2 - Arbitrary Code Execution Vulnerability Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Remote Code Inclusion. This issue affects Alone: from n/a through 7.8.2. Affected products alone =<7.8.2 Matching in nixpkgs
CVE-2025-6505 updated 2 months, 2 weeks ago by @LeSuisse Activity log Created automatic suggestion 4 months ago @LeSuisse removed 45 packages perlPackages.NetServer perl538Packages.NetServer perl540Packages.NetServer perlPackages.NetLDAPServer perlPackages.NetServerCoro perlPackages.ServerStarter perl538Packages.NetLDAPServer perl538Packages.NetServerCoro perl538Packages.ServerStarter perl540Packages.NetLDAPServer perl540Packages.NetServerCoro perl540Packages.ServerStarter perlPackages.HTTPServerSimple perlPackages.NetLDAPServerTest perlPackages.NetAsyncHTTPServer perlPackages.NetServerSSPrefork perlPackages.PerlLanguageServer perl538Packages.HTTPServerSimple perl540Packages.HTTPServerSimple perl538Packages.NetLDAPServerTest perl540Packages.NetLDAPServerTest perlPackages.HTTPServerSimplePSGI perlPackages.TestHTTPServerSimple perl538Packages.NetAsyncHTTPServer perl538Packages.NetServerSSPrefork perl538Packages.PerlLanguageServer perl540Packages.NetAsyncHTTPServer perl540Packages.NetServerSSPrefork perl540Packages.PerlLanguageServer perlPackages.HTTPServerSimpleMason perlPackages.HTTPServerSimpleAuthen perl538Packages.HTTPServerSimplePSGI perl538Packages.TestHTTPServerSimple perl538Packages.HTTPServerSimpleAuthen perl540Packages.HTTPServerSimpleMason perl538Packages.HTTPServerSimpleMason perlPackages.PlackTestExternalServer perl540Packages.TestHTTPServerSimple perl540Packages.HTTPServerSimplePSGI perl540Packages.HTTPServerSimpleAuthen perl538Packages.PlackTestExternalServer perl540Packages.PlackTestExternalServer perlPackages.CatalystXScriptServerStarman perl538Packages.CatalystXScriptServerStarman perl540Packages.CatalystXScriptServerStarman 2 months, 2 weeks ago @LeSuisse dismissed 2 months, 2 weeks ago Unauthorized access and impersonation can occur in versions 4.6.2.3226 and … Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability allows attackers to combine credentials from different sources, potentially leading to client impersonation and unauthorized access. When OAuth Clients perform an OAuth handshake with the Hybrid Data Pipeline Server, the server accepts client credentials from both HTTP headers and request parameters. Affected products Server =<4.6.2.3226 Matching in nixpkgs