CVE-2025-58949 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE updated 3 days, 20 hours ago by @LeSuisse Activity log Created automatic suggestion 4 days, 11 hours ago @LeSuisse removed package chickenPackages_5.chickenEggs.spock 3 days, 20 hours ago @LeSuisse dismissed 3 days, 20 hours ago WordPress Spock theme <= 1.17 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Spock spock allows PHP Local File Inclusion.This issue affects Spock: from n/a through <= 1.17. Affected products spock =<<= 1.17 Matching in nixpkgs
CVE-2025-58933 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): NONE updated 3 days, 20 hours ago by @LeSuisse Activity log Created automatic suggestion 4 days, 11 hours ago @LeSuisse removed package anubis 3 days, 20 hours ago @LeSuisse dismissed 3 days, 20 hours ago WordPress Anubis theme <= 1.25 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Anubis anubis allows PHP Local File Inclusion.This issue affects Anubis: from n/a through <= 1.25. Affected products anubis =<<= 1.25 Matching in nixpkgs Package maintainers: 5 @SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net> @soopyc Cassie Cheung <me@soopy.moe> @Defelo Defelo @knightpp Danylo Kondratiev <knightpp@proton.me> @ryand56 Ryan Omasta <git@ryand.ca>
CVE-2025-58928 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 3 days, 20 hours ago by @LeSuisse Activity log Created automatic suggestion 4 days, 10 hours ago @LeSuisse removed 2 packages heartbeat7 anytype-heart 3 days, 20 hours ago @LeSuisse dismissed 3 days, 20 hours ago WordPress Heart theme <= 1.8 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Heart heart allows PHP Local File Inclusion.This issue affects Heart: from n/a through <= 1.8. Affected products heart =<<= 1.8 Matching in nixpkgs Package maintainers: 6 @kira-bruneau Kira Bruneau <kira.bruneau@pm.me> @autrimpo Michal Koutenský <michal@koutensky.net> @adda0 David Chocholatý <chocholaty.david@protonmail.com> @fadenb Tristan Helmich <tristan.helmich+nixos@gmail.com> @basvandijk Bas van Dijk <v.dijk.bas@gmail.com> @dfithian Daniel Fithian <daniel.m.fithian@gmail.com>
CVE-2025-66117 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): HIGH Availability impact (A): NONE updated 3 days, 20 hours ago by @LeSuisse Activity log Created automatic suggestion 4 days, 10 hours ago @LeSuisse removed package ocamlPackages.easy-format 3 days, 20 hours ago @LeSuisse dismissed 3 days, 20 hours ago WordPress Easy Form plugin <= 2.7.8 - Broken Access Control vulnerability Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.8. Affected products easy-form =<<= 2.7.8 Matching in nixpkgs Package maintainers: 1 @vbgl Vincent Laporte <Vincent.Laporte@gmail.com>
CVE-2025-53445 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 3 days, 20 hours ago by @LeSuisse Activity log Created automatic suggestion 4 days, 10 hours ago @LeSuisse removed package catppuccin-catwalk 3 days, 20 hours ago @LeSuisse dismissed 3 days, 20 hours ago WordPress Catwalk theme <= 1.4 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Catwalk catwalk allows PHP Local File Inclusion.This issue affects Catwalk: from n/a through <= 1.4. Affected products catwalk =<<= 1.4 Matching in nixpkgs Package maintainers: 1 @ryanccn Ryan Cao <hello@ryanccn.dev>
CVE-2025-67921 9.8 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 3 days, 20 hours ago by @LeSuisse Activity log Created automatic suggestion 4 days, 10 hours ago @LeSuisse removed package colobot 3 days, 20 hours ago @LeSuisse dismissed 3 days, 20 hours ago WordPress Lobo theme < 2.8.6 - SQL Injection vulnerability Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VanKarWai Lobo lobo allows Blind SQL Injection.This issue affects Lobo: from n/a through < 2.8.6. Affected products lobo =<< 2.8.6 Matching in nixpkgs Package maintainers: 1 @freezeboy freezeboy
CVE-2025-14430 9.8 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 3 days, 20 hours ago by @LeSuisse Activity log Created automatic suggestion 4 days, 10 hours ago @LeSuisse removed package brook 3 days, 20 hours ago @LeSuisse dismissed 3 days, 20 hours ago WordPress Brook - Agency Business Creative theme <= 2.8.9 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Brook - Agency Business Creative brook allows PHP Local File Inclusion.This issue affects Brook - Agency Business Creative: from n/a through <= 2.8.9. Affected products brook =<<= 2.8.9 Matching in nixpkgs Package maintainers: 1 @xrelkd xrelkd
CVE-2025-67928 9.8 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 3 days, 20 hours ago by @LeSuisse Activity log Created automatic suggestion 4 days, 10 hours ago @LeSuisse removed package haskellPackages.automotive-cse 3 days, 20 hours ago @LeSuisse dismissed 3 days, 20 hours ago WordPress Automotive Listings plugin <= 18.6 - SQL Injection vulnerability Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in themesuite Automotive Listings automotive allows Blind SQL Injection.This issue affects Automotive Listings: from n/a through <= 18.6. Affected products automotive =<<= 18.6 Matching in nixpkgs
CVE-2025-22712 9.8 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH updated 3 days, 20 hours ago by @LeSuisse Activity log Created automatic suggestion 4 days, 10 hours ago @LeSuisse removed package cargo-typify 3 days, 20 hours ago @LeSuisse dismissed 3 days, 20 hours ago WordPress Typify theme <= 3.0.2 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Typify typify allows PHP Local File Inclusion.This issue affects Typify: from n/a through <= 3.0.2. Affected products typify =<<= 3.0.2 Matching in nixpkgs Package maintainers: 1 @david-r-cox David Cox <david@integrated-reasoning.com>
CVE-2025-62136 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 3 days, 20 hours ago by @LeSuisse Activity log Created automatic suggestion 4 days, 1 hour ago @LeSuisse removed package melos 3 days, 20 hours ago @LeSuisse dismissed 3 days, 20 hours ago WordPress Melos theme <= 1.6.0 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThinkUpThemes Melos allows Stored XSS.This issue affects Melos: from n/a through 1.6.0. Affected products melos =<1.6.0 Matching in nixpkgs Package maintainers: 1 @hatch01 Eymeric Dechelette <hatchchien@protonmail.com>