NIXPKGS-2026-1948

GitHub issue published 13 hours ago

Evil-WinRM - Path Traversal in download_dir() Function

          Permalink
          
            CVE-2026-55201
          
        7.4 HIGH
      
        CVSS version (CVSS): 4.0
      
          Attack Vector (AV): Network (N)
        
          Attack Complexity (AC): Low (L)
        
          Attack Requirement (AT): Present (P)
        
          Privileges Required (PR): None (N)
        
          User Interaction (UI): Active (A)
        
          Vulnerable System Impact Confidentiality (VC): High (H)
        
          Vulnerable System Impact Integrity (VI): High (H)
        
          Vulnerable System Impact Availability (VA): None (N)
        
          Subsequent System Impact Confidentiality (SC): None (N)
        
          Subsequent System Impact Integrity (SI): None (N)
        
          Subsequent System Impact Availability (SA): None (N)
        
          Modified Attack Vector (MAV): Network (N)
        
          Modified Attack Complexity (MAC): Low (L)
        
          Modified Attack Requirement (MAT): Present (P)
        
          Modified Privileges Required (MPR): None (N)
        
          Modified User Interaction (MUI): Active (A)
        
          Modified Vulnerable System Impact Confidentiality (MVC): High (H)
        
          Modified Vulnerable System Impact Integrity (MVI): High (H)
        
          Modified Vulnerable System Impact Availability (MVA): None (N)
        
          Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
        
          Modified Subsequent System Impact Integrity (MSI): Negligible (N)
        
          Modified Subsequent System Impact Availability (MSA): Negligible (N)
        
          Safety (S): Not Defined (X)
        
          Automatable (AU): Not Defined (X)
        
          Recovery (R): Not Defined (X)
        
          Value Density (V): Not Defined (X)
        
          Vulnerability Response Effort (RE): Not Defined (X)
        
          Provider Urgency (U): Not Defined (X)
        
          Confidentiality Req. (CR): Not Defined (X)
        
          Integrity Req. (IR): Not Defined (X)
        
          Availability Req. (AR): Not Defined (X)
        
          Exploit Maturity (E): Not Defined (X)
        
              updated
            
          13 hours ago
          by @LeSuisse
        
      Activity log
    
              Created suggestion
            
          18 hours ago
          
          @LeSuisse
          
              ignored
            
              reference https://w…
            
          13 hours ago
          
          @LeSuisse
          
              ignored
            
              package evil-winrm-py
            
          13 hours ago
          
          @LeSuisse
          
              accepted
            
          13 hours ago
          
          @LeSuisse
          
              published on GitHub
            
          13 hours ago
          
            Evil-WinRM - Path Traversal in download_dir() Function
          
      Pull Request
    
    issue-tracking
  
      Patch Commit
    
    patch
  
          Ignored references (1)
        
      https://www.vulncheck.com/advisories/evil-winrm-path-traversal-in-download-dir-…
    
    third-party-advisory
  
    evil-winrm

            ==6ecd570a298562dc72ad73978307eb34182f5850
          
            =<3.9

NIXPKGS-2026-1947

GitHub issue published 13 hours ago

Python StateMachine 3.0.0 < 3.2.0 RCE via SCXML eval() Injection

          Permalink
          
            CVE-2026-47103
          
        9.3 CRITICAL
      
        CVSS version (CVSS): 4.0
      
          Attack Vector (AV): Network (N)
        
          Attack Complexity (AC): Low (L)
        
          Attack Requirement (AT): None (N)
        
          Privileges Required (PR): None (N)
        
          User Interaction (UI): None (N)
        
          Vulnerable System Impact Confidentiality (VC): High (H)
        
          Vulnerable System Impact Integrity (VI): High (H)
        
          Vulnerable System Impact Availability (VA): High (H)
        
          Subsequent System Impact Confidentiality (SC): None (N)
        
          Subsequent System Impact Integrity (SI): None (N)
        
          Subsequent System Impact Availability (SA): None (N)
        
          Modified Attack Vector (MAV): Network (N)
        
          Modified Attack Complexity (MAC): Low (L)
        
          Modified Attack Requirement (MAT): None (N)
        
          Modified Privileges Required (MPR): None (N)
        
          Modified User Interaction (MUI): None (N)
        
          Modified Vulnerable System Impact Confidentiality (MVC): High (H)
        
          Modified Vulnerable System Impact Integrity (MVI): High (H)
        
          Modified Vulnerable System Impact Availability (MVA): High (H)
        
          Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
        
          Modified Subsequent System Impact Integrity (MSI): Negligible (N)
        
          Modified Subsequent System Impact Availability (MSA): Negligible (N)
        
          Safety (S): Not Defined (X)
        
          Automatable (AU): Not Defined (X)
        
          Recovery (R): Not Defined (X)
        
          Value Density (V): Not Defined (X)
        
          Vulnerability Response Effort (RE): Not Defined (X)
        
          Provider Urgency (U): Not Defined (X)
        
          Confidentiality Req. (CR): Not Defined (X)
        
          Integrity Req. (IR): Not Defined (X)
        
          Availability Req. (AR): Not Defined (X)
        
          Exploit Maturity (E): Not Defined (X)
        
              updated
            
          13 hours ago
          by @LeSuisse
        
      Activity log
    
              Created suggestion
            
          18 hours ago
          
          @LeSuisse
          
              ignored
            
              reference https://w…
            
          13 hours ago
          
          @LeSuisse
          
              accepted
            
          13 hours ago
          
          @LeSuisse
          
              published on GitHub
            
          13 hours ago
          
            Python StateMachine 3.0.0 < 3.2.0 RCE via SCXML eval() Injection
          
      https://github.com/fgmacedo/python-statemachine/releases/tag/v3.2.0
    
    release-notes
  
      https://github.com/fgmacedo/python-statemachine/security/advisories/GHSA-v4jc-p…
    
    vendor-advisory
  
          Ignored references (1)
        
      https://www.vulncheck.com/advisories/python-statemachine-rce-via-scxml-eval-inj…
    
    third-party-advisory
  
    python-statemachine

            <3.2.0

NIXPKGS-2026-1946

GitHub issue published 13 hours ago

joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization

Permalink CVE-2026-48990

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

updated 13 hours ago by @LeSuisse Activity log

Created suggestion 18 hours ago
@LeSuisse accepted 13 hours ago
@LeSuisse published on GitHub 13 hours ago

joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization

https://github.com/authlib/joserfc/security/advisories/GHSA-wphv-vfrh-23q5 x_refsource_CONFIRM
https://github.com/authlib/joserfc/releases/tag/1.6.7 x_refsource_MISC

joserfc

==< 1.6.7

NIXPKGS-2026-1945

GitHub issue published 13 hours ago

marimo < 0.23.9 XSS via file Query Parameter in assets.py

          Permalink
          
            CVE-2026-54386
          
        5.1 MEDIUM
      
        CVSS version (CVSS): 4.0
      
          Attack Vector (AV): Network (N)
        
          Attack Complexity (AC): Low (L)
        
          Attack Requirement (AT): None (N)
        
          Privileges Required (PR): None (N)
        
          User Interaction (UI): Active (A)
        
          Vulnerable System Impact Confidentiality (VC): None (N)
        
          Vulnerable System Impact Integrity (VI): None (N)
        
          Vulnerable System Impact Availability (VA): None (N)
        
          Subsequent System Impact Confidentiality (SC): Low (L)
        
          Subsequent System Impact Integrity (SI): Low (L)
        
          Subsequent System Impact Availability (SA): None (N)
        
          Modified Attack Vector (MAV): Network (N)
        
          Modified Attack Complexity (MAC): Low (L)
        
          Modified Attack Requirement (MAT): None (N)
        
          Modified Privileges Required (MPR): None (N)
        
          Modified User Interaction (MUI): Active (A)
        
          Modified Vulnerable System Impact Confidentiality (MVC): None (N)
        
          Modified Vulnerable System Impact Integrity (MVI): None (N)
        
          Modified Vulnerable System Impact Availability (MVA): None (N)
        
          Modified Subsequent System Impact Confidentiality (MSC): Low (L)
        
          Modified Subsequent System Impact Integrity (MSI): Low (L)
        
          Modified Subsequent System Impact Availability (MSA): Negligible (N)
        
          Safety (S): Not Defined (X)
        
          Automatable (AU): Not Defined (X)
        
          Recovery (R): Not Defined (X)
        
          Value Density (V): Not Defined (X)
        
          Vulnerability Response Effort (RE): Not Defined (X)
        
          Provider Urgency (U): Not Defined (X)
        
          Confidentiality Req. (CR): Not Defined (X)
        
          Integrity Req. (IR): Not Defined (X)
        
          Availability Req. (AR): Not Defined (X)
        
          Exploit Maturity (E): Not Defined (X)
        
              updated
            
          13 hours ago
          by @LeSuisse
        
      Activity log
    
              Created suggestion
            
          18 hours ago
          
          @LeSuisse
          
              ignored
            
              reference https://w…
            
          13 hours ago
          
          @LeSuisse
          
              accepted
            
          13 hours ago
          
          @LeSuisse
          
              published on GitHub
            
          13 hours ago
          
            marimo < 0.23.9 XSS via file Query Parameter in assets.py
          
      https://github.com/marimo-team/marimo/releases/tag/0.23.9
    
    release-notes
  
      https://github.com/marimo-team/marimo/pull/9789
    
    issue-tracking
  
      https://github.com/marimo-team/marimo/commit/fdd55c8cf6260ae23bb411dc9d9269def5…
    
    patch
  
          Ignored references (1)
        
      https://www.vulncheck.com/advisories/marimo-xss-via-file-query-parameter-in-ass…
    
    third-party-advisory
  
    marimo

            <0.23.9

NIXPKGS-2026-1944

GitHub issue published 13 hours ago

snes9x 1.63 allows an out-of-bounds write and denial of service …

Permalink CVE-2026-39199

2.9 LOW

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

updated 13 hours ago by @LeSuisse Activity log

Created suggestion 18 hours ago
@LeSuisse ignored
6 packages
- libretro.snes9x
- libretro.snes9x2002
- libretro.snes9x2005
- libretro.snes9x2010
- libretro.snes9x2005-plus
- kodiPackages.libretro-snes9x
13 hours ago
@LeSuisse accepted 13 hours ago
@LeSuisse published on GitHub 13 hours ago

snes9x 1.63 allows an out-of-bounds write and denial of service …

Snes9X

==1.63

NIXPKGS-2026-1943

GitHub issue published 13 hours ago

BBOT: security issues < 2.8.6

Permalink CVE-2026-12565

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): High (H)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): None (N)

updated 13 hours ago by @LeSuisse Activity log

Created suggestion 18 hours ago
@LeSuisse ignored package hebbot 13 hours ago
@LeSuisse accepted 13 hours ago
@LeSuisse published on GitHub 13 hours ago

Path Traversal (Zip-Slip) in unarchive module

https://github.com/blacklanternsecurity/bbot/commit/4fb38fd6e

BBOT

=<<=2.8.4

Permalink CVE-2026-12567

2.2 LOW

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): High (H)
Privileges Required (PR): Low (L)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): Low (L)
Availability (A): None (N)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): None (N)

updated 13 hours ago by @LeSuisse Activity log

Created suggestion 18 hours ago
@LeSuisse ignored package hebbot 13 hours ago
@LeSuisse accepted 13 hours ago
@LeSuisse published on GitHub 13 hours ago

Symlink-following arbitrary write via github_workflows module

https://github.com/blacklanternsecurity/bbot/commit/16d9c42b6

BBOT

=<<=2.8.4

Permalink CVE-2026-12568

6.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): High (H)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): None (N)

updated 13 hours ago by @LeSuisse Activity log

Created suggestion 18 hours ago
@LeSuisse ignored package hebbot 13 hours ago
@LeSuisse accepted 13 hours ago
@LeSuisse published on GitHub 13 hours ago

Arbitrary File Write in postman_download module

https://github.com/blacklanternsecurity/bbot/commit/36bc20818

BBOT

=<<=2.8.5

Permalink CVE-2026-12566

3.1 LOW

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

updated 13 hours ago by @LeSuisse Activity log

Created suggestion 18 hours ago
@LeSuisse ignored package hebbot 13 hours ago
@LeSuisse accepted 13 hours ago
@LeSuisse published on GitHub 13 hours ago

SSRF via unvalidated WWW-Authenticate realm in docker_pull module

https://github.com/blacklanternsecurity/bbot/commit/c2f4bc0f4

BBOT

=<<=2.8.4

NIXPKGS-2026-1942

GitHub issue published 13 hours ago

Tinyproxy: security issues (CVE-2026-54387, CVE-2026-55202 and CVE-2026-54388)

          Permalink
          
            CVE-2026-54388
          
        9.3 CRITICAL
      
        CVSS version (CVSS): 4.0
      
          Attack Vector (AV): Network (N)
        
          Attack Complexity (AC): Low (L)
        
          Attack Requirement (AT): None (N)
        
          Privileges Required (PR): None (N)
        
          User Interaction (UI): None (N)
        
          Vulnerable System Impact Confidentiality (VC): High (H)
        
          Vulnerable System Impact Integrity (VI): High (H)
        
          Vulnerable System Impact Availability (VA): None (N)
        
          Subsequent System Impact Confidentiality (SC): None (N)
        
          Subsequent System Impact Integrity (SI): None (N)
        
          Subsequent System Impact Availability (SA): None (N)
        
          Modified Attack Vector (MAV): Network (N)
        
          Modified Attack Complexity (MAC): Low (L)
        
          Modified Attack Requirement (MAT): None (N)
        
          Modified Privileges Required (MPR): None (N)
        
          Modified User Interaction (MUI): None (N)
        
          Modified Vulnerable System Impact Confidentiality (MVC): High (H)
        
          Modified Vulnerable System Impact Integrity (MVI): High (H)
        
          Modified Vulnerable System Impact Availability (MVA): None (N)
        
          Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
        
          Modified Subsequent System Impact Integrity (MSI): Negligible (N)
        
          Modified Subsequent System Impact Availability (MSA): Negligible (N)
        
          Safety (S): Not Defined (X)
        
          Automatable (AU): Not Defined (X)
        
          Recovery (R): Not Defined (X)
        
          Value Density (V): Not Defined (X)
        
          Vulnerability Response Effort (RE): Not Defined (X)
        
          Provider Urgency (U): Not Defined (X)
        
          Confidentiality Req. (CR): Not Defined (X)
        
          Integrity Req. (IR): Not Defined (X)
        
          Availability Req. (AR): Not Defined (X)
        
          Exploit Maturity (E): Not Defined (X)
        
              updated
            
          13 hours ago
          by @LeSuisse
        
      Activity log
    
              Created suggestion
            
          18 hours ago
          
          @LeSuisse
          
              ignored
            
              reference https://w…
            
          13 hours ago
          
          @LeSuisse
          
              accepted
            
          13 hours ago
          
          @LeSuisse
          
              published on GitHub
            
          13 hours ago
          
            Tinyproxy - HTTP Request Smuggling via Duplicate Content-Length Headers
          
      Researcher Pull Request
    
    technical-description
  
      Maintainer Pull Request
    
    issue-tracking
  
      Patch Commit
    
    patch
  
          Ignored references (1)
        
      https://www.vulncheck.com/advisories/tinyproxy-http-request-smuggling-via-dupli…
    
    third-party-advisory
  
    tinyproxy

            =<1.11.3
          
            ==364cdb67e0ea00a8e4a7037e2693e0711e816adb

          Permalink
          
            CVE-2026-55202
          
        8.8 HIGH
      
        CVSS version (CVSS): 4.0
      
          Attack Vector (AV): Network (N)
        
          Attack Complexity (AC): Low (L)
        
          Attack Requirement (AT): None (N)
        
          Privileges Required (PR): None (N)
        
          User Interaction (UI): None (N)
        
          Vulnerable System Impact Confidentiality (VC): High (H)
        
          Vulnerable System Impact Integrity (VI): Low (L)
        
          Vulnerable System Impact Availability (VA): None (N)
        
          Subsequent System Impact Confidentiality (SC): None (N)
        
          Subsequent System Impact Integrity (SI): None (N)
        
          Subsequent System Impact Availability (SA): None (N)
        
          Modified Attack Vector (MAV): Network (N)
        
          Modified Attack Complexity (MAC): Low (L)
        
          Modified Attack Requirement (MAT): None (N)
        
          Modified Privileges Required (MPR): None (N)
        
          Modified User Interaction (MUI): None (N)
        
          Modified Vulnerable System Impact Confidentiality (MVC): High (H)
        
          Modified Vulnerable System Impact Integrity (MVI): Low (L)
        
          Modified Vulnerable System Impact Availability (MVA): None (N)
        
          Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
        
          Modified Subsequent System Impact Integrity (MSI): Negligible (N)
        
          Modified Subsequent System Impact Availability (MSA): Negligible (N)
        
          Safety (S): Not Defined (X)
        
          Automatable (AU): Not Defined (X)
        
          Recovery (R): Not Defined (X)
        
          Value Density (V): Not Defined (X)
        
          Vulnerability Response Effort (RE): Not Defined (X)
        
          Provider Urgency (U): Not Defined (X)
        
          Confidentiality Req. (CR): Not Defined (X)
        
          Integrity Req. (IR): Not Defined (X)
        
          Availability Req. (AR): Not Defined (X)
        
          Exploit Maturity (E): Not Defined (X)
        
              updated
            
          13 hours ago
          by @LeSuisse
        
      Activity log
    
              Created suggestion
            
          18 hours ago
          
          @LeSuisse
          
              ignored
            
              reference https://w…
            
          13 hours ago
          
          @LeSuisse
          
              accepted
            
          13 hours ago
          
          @LeSuisse
          
              published on GitHub
            
          13 hours ago
          
            Tinyproxy - Stathost Detection Bypass via Host Header Manipulation
          
      Pull Request
    
    issue-tracking
  
      Patch Commit
    
    patch
  
          Ignored references (1)
        
      https://www.vulncheck.com/advisories/evil-winrm-path-traversal-in-download-dir-…
    
    third-party-advisory
  
    tinyproxy

            =<1.11.3
          
            ==09312a185ae25cc486b4ff5987638a7917a48bce

          Permalink
          
            CVE-2026-54387
          
        9.3 CRITICAL
      
        CVSS version (CVSS): 4.0
      
          Attack Vector (AV): Network (N)
        
          Attack Complexity (AC): Low (L)
        
          Attack Requirement (AT): None (N)
        
          Privileges Required (PR): None (N)
        
          User Interaction (UI): None (N)
        
          Vulnerable System Impact Confidentiality (VC): High (H)
        
          Vulnerable System Impact Integrity (VI): High (H)
        
          Vulnerable System Impact Availability (VA): None (N)
        
          Subsequent System Impact Confidentiality (SC): None (N)
        
          Subsequent System Impact Integrity (SI): None (N)
        
          Subsequent System Impact Availability (SA): None (N)
        
          Modified Attack Vector (MAV): Network (N)
        
          Modified Attack Complexity (MAC): Low (L)
        
          Modified Attack Requirement (MAT): None (N)
        
          Modified Privileges Required (MPR): None (N)
        
          Modified User Interaction (MUI): None (N)
        
          Modified Vulnerable System Impact Confidentiality (MVC): High (H)
        
          Modified Vulnerable System Impact Integrity (MVI): High (H)
        
          Modified Vulnerable System Impact Availability (MVA): None (N)
        
          Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
        
          Modified Subsequent System Impact Integrity (MSI): Negligible (N)
        
          Modified Subsequent System Impact Availability (MSA): Negligible (N)
        
          Safety (S): Not Defined (X)
        
          Automatable (AU): Not Defined (X)
        
          Recovery (R): Not Defined (X)
        
          Value Density (V): Not Defined (X)
        
          Vulnerability Response Effort (RE): Not Defined (X)
        
          Provider Urgency (U): Not Defined (X)
        
          Confidentiality Req. (CR): Not Defined (X)
        
          Integrity Req. (IR): Not Defined (X)
        
          Availability Req. (AR): Not Defined (X)
        
          Exploit Maturity (E): Not Defined (X)
        
              updated
            
          13 hours ago
          by @LeSuisse
        
      Activity log
    
              Created suggestion
            
          18 hours ago
          
          @LeSuisse
          
              ignored
            
                2 references
                
                      Patch Commit
                    
                      https://www.vulncheck.com/advisories/ti…
                    
          13 hours ago
          
          @LeSuisse
          
              accepted
            
          13 hours ago
          
          @LeSuisse
          
              published on GitHub
            
          13 hours ago
          
            Tinyproxy - HTTP Request Smuggling via CL/TE Desynchronization
          
      Researcher Pull Request
    
    technical-description
  
      Maintainer Pull Request
    
    issue-tracking
  
          Ignored references (2)
        
      Patch Commit
    
    patch
  
      https://www.vulncheck.com/advisories/tinyproxy-http-request-smuggling-via-cl-te…
    
    third-party-advisory
  
    tinyproxy

            =<1.11.3
          
            ==ff45d3bf0e61d0f8ed97ab379d3047f04eb67521
          
          Patch: https://github.com/tinyproxy/tinyproxy/commit/364cdb67e0ea00a8e4a7037e2693e0711e816adb

NIXPKGS-2026-1941

GitHub issue published 13 hours ago

Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification

Permalink CVE-2026-47774

7.5 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 13 hours ago by @LeSuisse Activity log

Created suggestion 18 hours ago
@LeSuisse ignored
7 packages
- opa-envoy-plugin
- python313Packages.envoy-utils
- python314Packages.envoy-utils
- python313Packages.envoy-reader
- python314Packages.envoy-reader
- python313Packages.envoy-data-plane
- python314Packages.envoy-data-plane
13 hours ago
@LeSuisse accepted 13 hours ago
@LeSuisse published on GitHub 13 hours ago

Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification

envoy

==>= 1.38.0, < 1.38.1
==< 1.35.11
==>= 1.36.0, < 1.36.7
==>= 1.37.0, < 1.37.3

NIXPKGS-2026-1940

GitHub issue published 13 hours ago

libssh2: security issues CVE-2026-55199 and CVE-2026-55200

          Permalink
          
            CVE-2026-55199
          
        8.2 HIGH
      
        CVSS version (CVSS): 4.0
      
          Attack Vector (AV): Network (N)
        
          Attack Complexity (AC): Low (L)
        
          Attack Requirement (AT): Present (P)
        
          Privileges Required (PR): None (N)
        
          User Interaction (UI): None (N)
        
          Vulnerable System Impact Confidentiality (VC): None (N)
        
          Vulnerable System Impact Integrity (VI): None (N)
        
          Vulnerable System Impact Availability (VA): High (H)
        
          Subsequent System Impact Confidentiality (SC): None (N)
        
          Subsequent System Impact Integrity (SI): None (N)
        
          Subsequent System Impact Availability (SA): None (N)
        
          Modified Attack Vector (MAV): Network (N)
        
          Modified Attack Complexity (MAC): Low (L)
        
          Modified Attack Requirement (MAT): Present (P)
        
          Modified Privileges Required (MPR): None (N)
        
          Modified User Interaction (MUI): None (N)
        
          Modified Vulnerable System Impact Confidentiality (MVC): None (N)
        
          Modified Vulnerable System Impact Integrity (MVI): None (N)
        
          Modified Vulnerable System Impact Availability (MVA): High (H)
        
          Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
        
          Modified Subsequent System Impact Integrity (MSI): Negligible (N)
        
          Modified Subsequent System Impact Availability (MSA): Negligible (N)
        
          Safety (S): Not Defined (X)
        
          Automatable (AU): Not Defined (X)
        
          Recovery (R): Not Defined (X)
        
          Value Density (V): Not Defined (X)
        
          Vulnerability Response Effort (RE): Not Defined (X)
        
          Provider Urgency (U): Not Defined (X)
        
          Confidentiality Req. (CR): Not Defined (X)
        
          Integrity Req. (IR): Not Defined (X)
        
          Availability Req. (AR): Not Defined (X)
        
          Exploit Maturity (E): Not Defined (X)
        
              updated
            
          13 hours ago
          by @LeSuisse
        
      Activity log
    
              Created suggestion
            
          18 hours ago
          
          @LeSuisse
          
              ignored
            
                2 packages
                haskellPackages.libssh2
haskellPackages.libssh2-conduit

          13 hours ago
          
          @LeSuisse
          
              ignored
            
              reference https://w…
            
          13 hours ago
          
          @LeSuisse
          
              accepted
            
          13 hours ago
          
          @LeSuisse
          
              published on GitHub
            
          13 hours ago
          
            libssh2 - Pre-Authentication DoS via SSH_MSG_EXT_INFO Handler
          
      Pull Request
    
    issue-tracking
  
      Patch Commit
    
    patch
  
          Ignored references (1)
        
      https://www.vulncheck.com/advisories/libssh2-pre-authentication-dos-via-ssh-msg…
    
    third-party-advisory
  
    libssh2

            ==17626857d20b3c9a1addfa45979dadcee1cd84a4
          
            =<1.11.1

          Permalink
          
            CVE-2026-55200
          
        9.2 CRITICAL
      
        CVSS version (CVSS): 4.0
      
          Attack Vector (AV): Network (N)
        
          Attack Complexity (AC): Low (L)
        
          Attack Requirement (AT): Present (P)
        
          Privileges Required (PR): None (N)
        
          User Interaction (UI): None (N)
        
          Vulnerable System Impact Confidentiality (VC): High (H)
        
          Vulnerable System Impact Integrity (VI): High (H)
        
          Vulnerable System Impact Availability (VA): High (H)
        
          Subsequent System Impact Confidentiality (SC): None (N)
        
          Subsequent System Impact Integrity (SI): None (N)
        
          Subsequent System Impact Availability (SA): None (N)
        
          Modified Attack Vector (MAV): Network (N)
        
          Modified Attack Complexity (MAC): Low (L)
        
          Modified Attack Requirement (MAT): Present (P)
        
          Modified Privileges Required (MPR): None (N)
        
          Modified User Interaction (MUI): None (N)
        
          Modified Vulnerable System Impact Confidentiality (MVC): High (H)
        
          Modified Vulnerable System Impact Integrity (MVI): High (H)
        
          Modified Vulnerable System Impact Availability (MVA): High (H)
        
          Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
        
          Modified Subsequent System Impact Integrity (MSI): Negligible (N)
        
          Modified Subsequent System Impact Availability (MSA): Negligible (N)
        
          Safety (S): Not Defined (X)
        
          Automatable (AU): Not Defined (X)
        
          Recovery (R): Not Defined (X)
        
          Value Density (V): Not Defined (X)
        
          Vulnerability Response Effort (RE): Not Defined (X)
        
          Provider Urgency (U): Not Defined (X)
        
          Confidentiality Req. (CR): Not Defined (X)
        
          Integrity Req. (IR): Not Defined (X)
        
          Availability Req. (AR): Not Defined (X)
        
          Exploit Maturity (E): Not Defined (X)
        
              updated
            
          13 hours ago
          by @LeSuisse
        
      Activity log
    
              Created suggestion
            
          18 hours ago
          
          @LeSuisse
          
              ignored
            
                2 packages
                haskellPackages.libssh2
haskellPackages.libssh2-conduit

          13 hours ago
          
          @LeSuisse
          
              accepted
            
          13 hours ago
          
          @LeSuisse
          
              ignored
            
              reference https://w…
            
          13 hours ago
          
          @LeSuisse
          
              published on GitHub
            
          13 hours ago
          
            libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
          
      Pull Request
    
    issue-tracking
  
      Patch Commit
    
    patch
  
          Ignored references (1)
        
      https://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-…
    
    third-party-advisory
  
    libssh2

            =<1.11.1
          
            ==7acf3dfda80c91c3a8c9f2372546301d4a1a7a8

NIXPKGS-2026-1939

GitHub issue published 13 hours ago

Python Starlette: security issues < 1.1.0

          Permalink
          
            CVE-2026-48818
          
        7.5 HIGH
      
        CVSS version (CVSS): 3.1
      
          Attack Vector (AV): Network (N)
        
          Attack Complexity (AC): Low (L)
        
          Privileges Required (PR): None (N)
        
          User Interaction (UI): None (N)
        
          Scope (S): Unchanged (U)
        
          Confidentiality (C): High (H)
        
          Integrity (I): None (N)
        
          Availability (A): None (N)
        
          Modified Attack Vector (MAV): Network (N)
        
          Modified Attack Complexity (MAC): Low (L)
        
          Modified Privileges Required (MPR): None (N)
        
          Modified User Interaction (MUI): None (N)
        
          Modified Confidentiality (MC): High (H)
        
          Modified Scope (MS): Unchanged (U)
        
          Modified Integrity (MI): None (N)
        
          Modified Availability (MA): None (N)
        
              updated
            
          13 hours ago
          by @LeSuisse
        
      Activity log
    
              Created suggestion
            
          18 hours ago
          
          @LeSuisse
          
              ignored
            
                10 packages
                python313Packages.sse-starlette
python313Packages.starlette-wtf
python314Packages.sse-starlette
python314Packages.starlette-wtf
python313Packages.starlette-admin
python314Packages.starlette-admin
python313Packages.starlette-context
python314Packages.starlette-context
python313Packages.starlette-compress
python314Packages.starlette-compress

          13 hours ago
          
          @LeSuisse
          
              accepted
            
          13 hours ago
          
          @LeSuisse
          
              ignored
            
              maintainer @wd15
            
          13 hours ago
          
              maintainer.ignore
            
          @LeSuisse
          
              published on GitHub
            
          13 hours ago
          
            Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows
          
      https://github.com/Kludex/starlette/security/advisories/GHSA-wqp7-x3pw-xc5r
    
    x_refsource_CONFIRM
  
      https://github.com/Kludex/starlette/pull/3287
    
    x_refsource_MISC
  
      https://github.com/Kludex/starlette/commit/fd53168a7767b6b55ba5af787fd88f49e33cabc5
    
    x_refsource_MISC
  
      https://github.com/Kludex/starlette/releases/tag/1.1.0
    
    x_refsource_MISC
  
    starlette

            ==< 1.1.0

Permalink CVE-2026-48817

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): Low (L)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): None (N)

updated 13 hours ago by @LeSuisse Activity log

Created suggestion 18 hours ago
@LeSuisse ignored
10 packages
- python313Packages.sse-starlette
- python313Packages.starlette-wtf
- python314Packages.sse-starlette
- python314Packages.starlette-wtf
- python313Packages.starlette-admin
- python314Packages.starlette-admin
- python313Packages.starlette-context
- python314Packages.starlette-context
- python313Packages.starlette-compress
- python314Packages.starlette-compress
13 hours ago
@LeSuisse accepted 13 hours ago
@LeSuisse ignored maintainer @wd15 13 hours ago maintainer.ignore
@LeSuisse published on GitHub 13 hours ago

Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`

https://github.com/Kludex/starlette/security/advisories/GHSA-x746-7m8f-x49c x_refsource_CONFIRM
https://github.com/Kludex/starlette/releases/tag/1.1.0 x_refsource_MISC

starlette

==< 1.1.0

Nixpkgs security tracker

Published issues

Evil-WinRM - Path Traversal in download_dir() Function

Python StateMachine 3.0.0 < 3.2.0 RCE via SCXML eval() Injection

joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization

marimo < 0.23.9 XSS via file Query Parameter in assets.py

snes9x 1.63 allows an out-of-bounds write and denial of service …

Path Traversal (Zip-Slip) in unarchive module

Symlink-following arbitrary write via github_workflows module

Arbitrary File Write in postman_download module

SSRF via unvalidated WWW-Authenticate realm in docker_pull module

Tinyproxy - HTTP Request Smuggling via Duplicate Content-Length Headers

Tinyproxy - Stathost Detection Bypass via Host Header Manipulation

Tinyproxy - HTTP Request Smuggling via CL/TE Desynchronization

Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification

libssh2 - Pre-Authentication DoS via SSH_MSG_EXT_INFO Handler

libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c

Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`