CVE-2025-54709 updated 2 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 4 months ago @LeSuisse removed 4 packages python312Packages.datasalad python313Packages.datasalad python312Packages.schema-salad python313Packages.schema-salad 2 months, 3 weeks ago @LeSuisse dismissed 2 months, 3 weeks ago WordPress Sala Theme <= 1.1.6 - Local File Inclusion Vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6. Affected products sala =<1.1.6 Matching in nixpkgs
CVE-2025-58997 updated 2 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 4 months ago @LeSuisse removed 8 packages libmowgli python312Packages.aioautomower python313Packages.aioautomower python312Packages.automower-ble python313Packages.automower-ble home-assistant-component-tests.lawn_mower home-assistant-component-tests.husqvarna_automower home-assistant-component-tests.husqvarna_automower_ble 2 months, 3 weeks ago @LeSuisse dismissed 2 months, 3 weeks ago WordPress Mow Theme <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue affects Mow: from n/a through 4.10. Affected products mow =<4.10 Matching in nixpkgs
CVE-2025-58993 updated 2 months, 3 weeks ago by @LeSuisse Activity log Created automatic suggestion 4 months ago @LeSuisse removed 6 packages haskellPackages.timeless-tutorials typstPackages.tutor_0_8_0 typstPackages.tutor_0_7_0 typstPackages.tutor_0_6_1 typstPackages.tutor_0_4_0 typstPackages.tutor_0_3_0 2 months, 3 weeks ago @LeSuisse dismissed 2 months, 3 weeks ago WordPress Tutor LMS Plugin <= 3.7.4 - SQL Injection Vulnerability Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection. This issue affects Tutor LMS: from n/a through 3.7.4. Affected products tutor =<3.7.4 Matching in nixpkgs
CVE-2025-57924 updated 2 months, 3 weeks ago by @mweinelt Activity log Created automatic suggestion 3 months, 4 weeks ago @mweinelt removed package darwin.developer_cmds 2 months, 3 weeks ago @mweinelt dismissed 2 months, 3 weeks ago WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6. Affected products developer =<1.2.6 Matching in nixpkgs
CVE-2025-58199 updated 2 months, 3 weeks ago by @mweinelt Activity log Created automatic suggestion 3 months, 4 weeks ago @mweinelt removed 3 packages fastly prometheus-fastly-exporter terraform-providers.fastly 2 months, 3 weeks ago @mweinelt dismissed 2 months, 3 weeks ago WordPress Fastly Plugin <= 1.2.28 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Fastly Fastly allows Cross Site Request Forgery. This issue affects Fastly: from n/a through 1.2.28. Affected products fastly =<1.2.28 Matching in nixpkgs
CVE-2025-57996 updated 2 months, 3 weeks ago by @mweinelt Activity log Created automatic suggestion 3 months, 4 weeks ago @mweinelt removed 3 packages buckets python312Packages.bucketstore python313Packages.bucketstore 2 months, 3 weeks ago @mweinelt dismissed 2 months, 3 weeks ago WordPress Buckets Plugin <= 0.3.9 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matthewordie Buckets allows Stored XSS. This issue affects Buckets: from n/a through 0.3.9. Affected products buckets =<0.3.9 Matching in nixpkgs
CVE-2025-58245 updated 2 months, 3 weeks ago by @mweinelt Activity log Created automatic suggestion 3 months, 4 weeks ago @mweinelt removed 2 packages traderepublic-portfolio-downloader portfolio-filemanager 2 months, 3 weeks ago @mweinelt dismissed 2 months, 3 weeks ago WordPress Portfolio Plugin <= 2.58 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bestweblayout Portfolio allows DOM-Based XSS. This issue affects Portfolio : from n/a through 2.58. Affected products portfolio =<2.58 Matching in nixpkgs
CVE-2025-58244 updated 2 months, 3 weeks ago by @mweinelt Activity log Created automatic suggestion 3 months, 4 weeks ago @mweinelt removed package akkuPackages.cyclone-iset-constructors 2 months, 3 weeks ago @mweinelt dismissed 2 months, 3 weeks ago WordPress Constructo Theme <= 4.3.9 - Cross Site Request Forgery (CSRF) Vulnerability Cross-Site Request Forgery (CSRF) vulnerability in Anps Constructo allows Object Injection. This issue affects Constructo: from n/a through 4.3.9. Affected products constructo =<4.3.9 Matching in nixpkgs
CVE-2025-58020 updated 2 months, 3 weeks ago by @mweinelt Activity log Created automatic suggestion 3 months, 4 weeks ago @mweinelt removed package haskellPackages.theatre-dev 2 months, 3 weeks ago @mweinelt dismissed 2 months, 3 weeks ago WordPress Theater for WordPress Plugin <= 0.18.8 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress allows Stored XSS. This issue affects Theater for WordPress: from n/a through 0.18.8. Affected products theatre =<0.18.8 Matching in nixpkgs
CVE-2025-58652 updated 2 months, 3 weeks ago by @mweinelt Activity log Created automatic suggestion 3 months, 4 weeks ago @mweinelt removed package haskellPackages.data-carousel 2 months, 3 weeks ago @mweinelt dismissed 2 months, 3 weeks ago WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate allows Stored XSS. This issue affects Carousel Ultimate: from n/a through 1.8. Affected products carousel =<1.8 Matching in nixpkgs