NIXPKGS-2026-1025

GitHub issue published 2 months, 2 weeks ago

Permalink CVE-2026-34837

updated 2 months, 2 weeks ago by @LeSuisse Activity log

• Created suggestion 2 months, 2 weeks ago
• @LeSuisse ignored
  3 packages

  • python312Packages.zammad-py
  • python313Packages.zammad-py
  • python314Packages.zammad-py
  2 months, 2 weeks ago
• @LeSuisse accepted 2 months, 2 weeks ago
• @LeSuisse published on GitHub 2 months, 2 weeks ago

Zammad is miissing authorization in AI assistance controller for context data used in text tools

• https://github.com/zammad/zammad/security/advisories/GHSA-89vv-6639-wcv8 x_refsource_CONFIRM

---

zammad

• ==>= 7.0.0, < 7.0.1

NIXPKGS-2026-1024

GitHub issue published 2 months, 2 weeks ago

Permalink CVE-2026-34719

updated 2 months, 2 weeks ago by @LeSuisse Activity log

• Created suggestion 2 months, 2 weeks ago
• @LeSuisse ignored
  3 packages

  • python312Packages.zammad-py
  • python313Packages.zammad-py
  • python314Packages.zammad-py
  2 months, 2 weeks ago
• @LeSuisse accepted 2 months, 2 weeks ago
• @LeSuisse published on GitHub 2 months, 2 weeks ago

Zammad has a Server-side request forgery (SSRF) via webhooks

• https://github.com/zammad/zammad/security/advisories/GHSA-2vgc-vfh2-rw75 x_refsource_CONFIRM

---

zammad

• ==>= 7.0.0-alpha, < 7.0.1
• ==< 6.5.4

NIXPKGS-2026-1026

GitHub issue published 2 months, 2 weeks ago

Permalink CVE-2026-34718

updated 2 months, 2 weeks ago by @LeSuisse Activity log

• Created suggestion 2 months, 2 weeks ago
• @LeSuisse ignored
  3 packages

  • python312Packages.zammad-py
  • python313Packages.zammad-py
  • python314Packages.zammad-py
  2 months, 2 weeks ago
• @LeSuisse accepted 2 months, 2 weeks ago
• @LeSuisse published on GitHub 2 months, 2 weeks ago

Zammad improperly neutralizes of script-related HTML tags in ticket articles

• https://github.com/zammad/zammad/security/advisories/GHSA-c2cf-9fc7-jhf3 x_refsource_CONFIRM

---

zammad

• ==>= 7.0.0-alpha, < 7.0.1
• ==< 6.5.4

NIXPKGS-2026-1022

GitHub issue published 2 months, 2 weeks ago

Permalink CVE-2026-34720

updated 2 months, 2 weeks ago by @LeSuisse Activity log

• Created suggestion 2 months, 2 weeks ago
• @LeSuisse ignored
  3 packages

  • python312Packages.zammad-py
  • python313Packages.zammad-py
  • python314Packages.zammad-py
  2 months, 2 weeks ago
• @LeSuisse accepted 2 months, 2 weeks ago
• @LeSuisse published on GitHub 2 months, 2 weeks ago

Zammad has an origin validation error in SSO mechanism

• https://github.com/zammad/zammad/security/advisories/GHSA-hcv6-w4h9-p2p7 x_refsource_CONFIRM

---

zammad

• ==>= 7.0.0-alpha, < 7.0.1
• ==< 6.5.4

NIXPKGS-2026-1023

GitHub issue published 2 months, 2 weeks ago

Permalink CVE-2026-40024

7.1 HIGH

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Local (L)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): Required (R)
• Scope (S): Unchanged (U)
• Confidentiality (C): High (H)
• Integrity (I): High (H)
• Availability (A): None (N)
• Modified Attack Vector (MAV): Local (L)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): Required (R)
• Modified Confidentiality (MC): High (H)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): High (H)
• Modified Availability (MA): None (N)

updated 2 months, 2 weeks ago by @LeSuisse Activity log

• Created suggestion 2 months, 2 weeks ago
• @LeSuisse accepted 2 months, 2 weeks ago
• @LeSuisse published on GitHub 2 months, 2 weeks ago

Sleuth Kit tsk_recover Path Traversal

• Patch Commit patch

Ignored references (2)

• Mobasi Sentinel Vulnerability Index vendor-advisory
• VulnCheck Advisory: Sleuth Kit tsk_recover Path Traversal third-party-advisory

---

sleuthkit

• =<4.14.0
• ==a3f96b3bc36a8bb1a00c297f77110d4a6e7dd31b

NIXPKGS-2026-1021

GitHub issue published 2 months, 2 weeks ago

Permalink CVE-2026-34782

updated 2 months, 2 weeks ago by @LeSuisse Activity log

• Created suggestion 2 months, 2 weeks ago
• @LeSuisse ignored
  3 packages

  • python312Packages.zammad-py
  • python313Packages.zammad-py
  • python314Packages.zammad-py
  2 months, 2 weeks ago
• @LeSuisse accepted 2 months, 2 weeks ago
• @LeSuisse published on GitHub 2 months, 2 weeks ago

Zammad has improper access control in AI assistance controller for text tools

• https://github.com/zammad/zammad/security/advisories/GHSA-96r7-29c8-2j7q x_refsource_CONFIRM

---

zammad

• ==>= 7.0.0, < 7.0.1

NIXPKGS-2026-1020

GitHub issue published 2 months, 2 weeks ago

Permalink CVE-2026-40025

4.4 MEDIUM

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Local (L)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): Required (R)
• Scope (S): Unchanged (U)
• Confidentiality (C): Low (L)
• Integrity (I): None (N)
• Availability (A): Low (L)
• Modified Attack Vector (MAV): Local (L)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): Required (R)
• Modified Confidentiality (MC): Low (L)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): None (N)
• Modified Availability (MA): Low (L)

updated 2 months, 2 weeks ago by @LeSuisse Activity log

• Created suggestion 2 months, 2 weeks ago
• @LeSuisse accepted 2 months, 2 weeks ago
• @LeSuisse published on GitHub 2 months, 2 weeks ago

Sleuth Kit APFS Keybag Parser Out-of-Bounds Read

• Pull Request product
• Patch Commit patch

Ignored references (2)

• Mobasi Sentinel Vulnerability Index vendor-advisory
• VulnCheck Advisory: Sleuth Kit APFS Keybag Parser Out-of-Bounds Read third-party-advisory

---

sleuthkit

• =<4.14.0
• ==8b9c9e7d493bd68624f3b1a3963edd45c3ff7611

NIXPKGS-2026-1019

GitHub issue published 2 months, 2 weeks ago

Permalink CVE-2026-33753

6.2 MEDIUM

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Local (L)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): None (N)
• User Interaction (UI): None (N)
• Scope (S): Unchanged (U)
• Confidentiality (C): None (N)
• Integrity (I): High (H)
• Availability (A): None (N)
• Modified Attack Vector (MAV): Local (L)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): None (N)
• Modified User Interaction (MUI): None (N)
• Modified Confidentiality (MC): None (N)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): High (H)
• Modified Availability (MA): None (N)

updated 2 months, 2 weeks ago by @LeSuisse Activity log

• Created suggestion 2 months, 2 weeks ago
• @LeSuisse accepted 2 months, 2 weeks ago
• @LeSuisse published on GitHub 2 months, 2 weeks ago

Improper Certificate Validation in rfc3161-client

• https://github.com/trailofbits/rfc3161-client/security/advisories/GHSA-3xxc-pwj6-jgrj x_refsource_CONFIRMexploit

---

rfc3161-client

• ==< 1.0.6

NIXPKGS-2026-1018

GitHub issue published 2 months, 2 weeks ago

Permalink CVE-2026-39892

updated 2 months, 2 weeks ago by @LeSuisse Activity log

• Created suggestion 2 months, 2 weeks ago
• @LeSuisse ignored
  12 packages

  • python312Packages.django-cryptography
  • python313Packages.django-cryptography
  • python312Packages.mypy-boto3-payment-cryptography
  • python313Packages.mypy-boto3-payment-cryptography
  • python314Packages.mypy-boto3-payment-cryptography
  • python312Packages.mypy-boto3-payment-cryptography-data
  • python313Packages.mypy-boto3-payment-cryptography-data
  • python314Packages.mypy-boto3-payment-cryptography-data
  • python312Packages.types-aiobotocore-payment-cryptography
  • python313Packages.types-aiobotocore-payment-cryptography
  • python312Packages.types-aiobotocore-payment-cryptography-data
  • python313Packages.types-aiobotocore-payment-cryptography-data
  2 months, 2 weeks ago
• @LeSuisse deleted
  2 maintainers

  • @SuperSandro2000
  • @mdaniels5757
  2 months, 2 weeks ago maintainer.delete
• @LeSuisse accepted 2 months, 2 weeks ago
• @LeSuisse published on GitHub 2 months, 2 weeks ago

cryptography has a buffer overflow if non-contiguous buffers were passed to APIs

• https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq x_refsource_CONFIRM
• http://www.openwall.com/lists/oss-security/2026/04/08/12

---

cryptography

• ==>= 45.0.0, < 46.0.7

NIXPKGS-2026-1017

GitHub issue published 2 months, 2 weeks ago

Permalink CVE-2026-35455

7.3 HIGH

• CVSS version (CVSS): 3.1
• Attack Vector (AV): Local (L)
• Attack Complexity (AC): Low (L)
• Privileges Required (PR): Low (L)
• User Interaction (UI): Required (R)
• Scope (S): Unchanged (U)
• Confidentiality (C): High (H)
• Integrity (I): High (H)
• Availability (A): High (H)
• Modified Attack Vector (MAV): Local (L)
• Modified Attack Complexity (MAC): Low (L)
• Modified Privileges Required (MPR): Low (L)
• Modified User Interaction (MUI): Required (R)
• Modified Confidentiality (MC): High (H)
• Modified Scope (MS): Unchanged (U)
• Modified Integrity (MI): High (H)
• Modified Availability (MA): High (H)

updated 2 months, 2 weeks ago by @LeSuisse Activity log

• Created suggestion 2 months, 2 weeks ago
• @LeSuisse ignored
  13 packages

  • immich-go
  • immich-cli
  • immichframe
  • immich-kiosk
  • immich-public-proxy
  • immich-machine-learning
  • python312Packages.aioimmich
  • python313Packages.aioimmich
  • python314Packages.aioimmich
  • gnomeExtensions.immich-wallpaper
  • pkgsRocm.immich-machine-learning
  • home-assistant-component-tests.immich
  • tests.home-assistant-component-tests.immich
  2 months, 2 weeks ago
• @LeSuisse deleted
  4 maintainers

  • @Scrumplex
  • @dotlambda
  • @titaniumtown
  • @jvanbruegge
  2 months, 2 weeks ago maintainer.delete
• @LeSuisse accepted 2 months, 2 weeks ago
• @LeSuisse published on GitHub 2 months, 2 weeks ago

immich has Stored XSS via OCR Text in 360° Panorama Viewer

• https://github.com/immich-app/immich/security/advisories/GHSA-9qx4-67jm-cc66 x_refsource_CONFIRM

---

immich

• ==< 2.7.0