CVE-2025-62036 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 2 weeks, 6 days ago by @LeSuisse Activity log Created automatic suggestion 1 month ago @LeSuisse dismissed 2 weeks, 6 days ago WordPress Togo theme < 1.0.4 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. Affected products togo =<< 1.0.4 Matching in nixpkgs pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3
CVE-2025-62035 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 2 weeks, 6 days ago by @LeSuisse Activity log Created automatic suggestion 1 month ago @LeSuisse dismissed 2 weeks, 6 days ago WordPress Togo theme < 1.0.4 - PHP Object Injection vulnerability Deserialization of Untrusted Data vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. Affected products togo =<< 1.0.4 Matching in nixpkgs pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.gnomeExtensions.cryptogoldbitcoin-rate it just shows the rate of crypto gold(bitcoin) The extension uses coingecko services nixos-25.05 3 nixpkgs-25.05-darwin 3 nixos-25.05-small 3 nixos-unstable 3 nixos-unstable-small 3 nixpkgs-unstable 3
CVE-2025-54721 7.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 2 weeks, 6 days ago by @LeSuisse Activity log Created automatic suggestion 1 month ago @LeSuisse dismissed 2 weeks, 6 days ago WordPress Resca theme <= 3.0.2 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Resca resca allows Reflected XSS.This issue affects Resca: from n/a through <= 3.0.2. Affected products resca =<<= 3.0.2 Matching in nixpkgs pkgs.jpegrescan Losslessly shrink any JPEG file nixos-25.05 2019-03-27 nixpkgs-25.05-darwin 2019-03-27 nixos-25.05-small 2019-03-27 nixos-unstable 2019-03-27 nixos-unstable-small 2019-03-27 nixpkgs-unstable 2019-03-27 Package maintainers: 1 @RamKromberg Ram Kromberg <ramkromberg@mail.com>
pkgs.jpegrescan Losslessly shrink any JPEG file nixos-25.05 2019-03-27 nixpkgs-25.05-darwin 2019-03-27 nixos-25.05-small 2019-03-27 nixos-unstable 2019-03-27 nixos-unstable-small 2019-03-27 nixpkgs-unstable 2019-03-27
CVE-2025-64277 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 2 weeks, 6 days ago by @LeSuisse Activity log Created automatic suggestion 1 month ago @LeSuisse dismissed 2 weeks, 6 days ago WordPress ChatBot plugin <= 7.3.9 - Broken Access Control vulnerability Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.9. Affected products chatbot =<<= 7.3.9 Matching in nixpkgs pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that provides a chatbot interface using various LLM providers, including Anthropic, OpenAI, Gemini, and OpenRouter. Features include multiple provider support, customizable models, chat history, customizable appearance, a keyboard shortcut, and copy-to-clipboard functionality. nixos-25.05 22 nixpkgs-25.05-darwin 22 nixos-25.05-small 22 nixos-unstable 22 nixos-unstable-small 22 nixpkgs-unstable 22 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that provides a chatbot interface using various LLM providers, including Anthropic, OpenAI, Gemini, and OpenRouter. Features include multiple provider support, customizable models, chat history, customizable appearance, a keyboard shortcut, and copy-to-clipboard functionality. nixos-25.05 22 nixpkgs-25.05-darwin 22 nixos-25.05-small 22 nixos-unstable 22 nixos-unstable-small 22 nixpkgs-unstable 22
CVE-2025-64259 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE updated 2 weeks, 6 days ago by @LeSuisse Activity log Created automatic suggestion 1 month ago @LeSuisse dismissed 2 weeks, 6 days ago WordPress Theater for WordPress plugin <= 0.18.8 - Broken Access Control vulnerability Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through <= 0.18.8. Affected products theatre =<<= 0.18.8 Matching in nixpkgs pkgs.haskellPackages.theatre-dev Minimalistic actor library experiments nixos-25.05 0.5.0.1 nixpkgs-25.05-darwin 0.5.0.1 nixos-25.05-small 0.5.0.1 nixos-unstable 0.5.0.1 nixos-unstable-small 0.5.0.1 nixpkgs-unstable 0.5.0.1
pkgs.haskellPackages.theatre-dev Minimalistic actor library experiments nixos-25.05 0.5.0.1 nixpkgs-25.05-darwin 0.5.0.1 nixos-25.05-small 0.5.0.1 nixos-unstable 0.5.0.1 nixos-unstable-small 0.5.0.1 nixpkgs-unstable 0.5.0.1
CVE-2025-49251 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 1 month, 2 weeks ago by @LeSuisse Activity log Created automatic suggestion 3 months ago @LeSuisse removed 33 packages grafana grafanactl mcp-grafana grafana-loki grafana-alloy grafana-kiosk grafana-to-ntfy grafana-dash-n-grab dhallPackages.dhall-grafana terraform-providers.grafana python312Packages.grafanalib python313Packages.grafanalib haskellPackages.amazonka-grafana grafanaPlugins.grafana-oncall-app grafanaPlugins.grafana-clock-panel grafanaPlugins.grafana-pyroscope-app grafanaPlugins.grafana-googlesheets-datasource grafanaPlugins.grafana-opensearch-datasource grafanaPlugins.grafana-clickhouse-datasource python313Packages.types-aiobotocore-grafana python312Packages.types-aiobotocore-grafana grafanaPlugins.grafana-metricsdrilldown-app grafanaPlugins.grafana-discourse-datasource grafanaPlugins.grafana-sentry-datasource grafanaPlugins.grafana-github-datasource grafanaPlugins.grafana-exploretraces-app grafanaPlugins.grafana-mqtt-datasource grafanaPlugins.grafana-lokiexplore-app grafanaPlugins.grafana-worldmap-panel grafanaPlugins.grafana-polystat-panel grafanaPlugins.grafana-piechart-panel python313Packages.mypy-boto3-grafana python312Packages.mypy-boto3-grafana 1 month, 2 weeks ago @LeSuisse dismissed 1 month, 2 weeks ago WordPress Fana <= 1.1.28 - Local File Inclusion Vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana allows PHP Local File Inclusion. This issue affects Fana: from n/a through 1.1.28. Affected products fana =<1.1.28 Matching in nixpkgs
CVE-2025-49253 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 1 month, 2 weeks ago by @LeSuisse Activity log Created automatic suggestion 3 months ago @LeSuisse removed 3 packages typstPackages.lasagna_0_1_0 typstPackages.lasaveur_0_1_3 typstPackages.lasaveur_0_1_4 1 month, 2 weeks ago @LeSuisse dismissed 1 month, 2 weeks ago WordPress Lasa <= 1.1 - Local File Inclusion Vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Lasa allows PHP Local File Inclusion. This issue affects Lasa: from n/a through 1.1. Affected products lasa =<1.1 Matching in nixpkgs
CVE-2025-49259 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 1 month, 2 weeks ago by @LeSuisse Activity log Created automatic suggestion 3 months ago @LeSuisse removed 11 packages charasay gnome-characters keepass-charactercopy unicode-character-database haskellPackages.character-ps coqPackages.mathcomp-character python312Packages.characteristic python313Packages.characteristic magnetophonDSP.CharacterCompressor python312Packages.character-encoding-utils python313Packages.character-encoding-utils 1 month, 2 weeks ago @LeSuisse dismissed 1 month, 2 weeks ago WordPress Hara <= 1.2.10 - Local File Inclusion Vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara allows PHP Local File Inclusion. This issue affects Hara: from n/a through 1.2.10. Affected products hara =<1.2.10 Matching in nixpkgs
CVE-2025-23999 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 1 month, 2 weeks ago by @LeSuisse Activity log Created automatic suggestion 3 months ago @LeSuisse removed 14 packages kdePackages.breeze kdePackages.breeze-gtk kdePackages.breeze-grub libsForQt5.breeze-icons kdePackages.breeze-icons breeze-hacked-cursor-theme kdePackages.breeze-plymouth python312Packages.seabreeze python313Packages.seabreeze plasma5Packages.breeze-icons kdePackages.qqc2-breeze-style wordpressPackages.plugins.breeze kdePackages.sierra-breeze-enhanced qt6Packages.sierra-breeze-enhanced 1 month, 2 weeks ago @LeSuisse dismissed 1 month, 2 weeks ago WordPress Breeze plugin <= 2.2.13 - Broken Access Control vulnerability Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.2.13. Affected products breeze =<2.2.13 Matching in nixpkgs
CVE-2025-49976 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE updated 1 month, 2 weeks ago by @LeSuisse Activity log Created automatic suggestion 3 months ago @LeSuisse removed 10 packages fsnotifier mpris-notifier terminal-notifier usbguard-notifier python312Packages.pynotifier python312Packages.desktop-notifier python313Packages.desktop-notifier haskellPackages.status-notifier-item kdePackages.kstatusnotifieritem python313Packages.pynotifier 1 month, 2 weeks ago @LeSuisse dismissed 1 month, 2 weeks ago WordPress WANotifier plugin <= 2.7.7 - Broken Access Control Vulnerability Missing Authorization vulnerability in WANotifier WANotifier allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WANotifier: from n/a through 2.7.7. Affected products notifier =<2.7.7 Matching in nixpkgs