⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-6384 created 4 weeks, 1 day ago
Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution). This issue affects CrafterCMS: from 4.0.0 through 4.2.2.

Studio
<4.3.0

pkgs.rstudio

Set of integrated tools for the R language

pkgs.rstudio-server

Set of integrated tools for the R language

pkgs.vscode-extensions.visualstudiotoolsforunity.vstuc

Integrates Visual Studio Code for Unity

pkgs.vscode-extensions.visualstudioexptteam.vscodeintellicode

AI-assisted development

pkgs.vscode-extensions.visualstudioexptteam.intellicode-api-usage-examples

See relevant code examples from GitHub for over 100K different APIs right in your editor
Package maintainers: 5
CVE-2025-23999
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 4 weeks, 1 day ago
WordPress Breeze plugin <= 2.2.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.2.13.

breeze
=<2.2.13

pkgs.kdePackages.breeze

Artwork, styles and assets for the Breeze visual style for the Plasma Desktop

pkgs.kdePackages.breeze-gtk

Breeze widget theme for GTK 2 and 3

pkgs.kdePackages.breeze-grub

GRUB theme for the Breeze visual style for the Plasma Desktop

pkgs.libsForQt5.breeze-icons

pkgs.kdePackages.breeze-icons

Breeze icon theme.

pkgs.kdePackages.breeze-plymouth

Plymouth theme for the Breeze visual style for the Plasma Desktop

pkgs.python312Packages.seabreeze

Python library to access Ocean Optics spectrometers

pkgs.python313Packages.seabreeze

Python library to access Ocean Optics spectrometers

pkgs.plasma5Packages.breeze-icons

pkgs.kdePackages.qqc2-breeze-style

Breeze inspired QQC2 Style

pkgs.wordpressPackages.plugins.breeze

pkgs.kdePackages.sierra-breeze-enhanced

OSX-like window decoration for KDE Plasma written in C++

pkgs.qt6Packages.sierra-breeze-enhanced

OSX-like window decoration for KDE Plasma written in C++
Package maintainers: 10
CVE-2025-49254
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 weeks, 1 day ago
WordPress Nika <= 1.2.8 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika allows PHP Local File Inclusion. This issue affects Nika: from n/a through 1.2.8.

nika
=<1.2.8

pkgs.nika-fonts

Persian/Arabic Open Source Font

pkgs.python312Packages.minikanren

Relational programming in Python

pkgs.python313Packages.minikanren

Relational programming in Python
Package maintainers: 1
CVE-2025-49179
6.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 4 weeks, 1 day ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x record extension

A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL
CVE-2025-49259
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 weeks, 1 day ago
WordPress Hara <= 1.2.10 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara allows PHP Local File Inclusion. This issue affects Hara: from n/a through 1.2.10.

hara
=<1.2.10

pkgs.charasay

Future of cowsay - Colorful characters saying something

pkgs.gnome-characters

Simple utility application to find and insert unusual characters

pkgs.keepass-charactercopy

pkgs.unicode-character-database

Unicode Character Database

pkgs.haskellPackages.character-ps

Pattern synonyms for ASCII characters for Word8, Word16 etc

pkgs.coqPackages.mathcomp-character

pkgs.python312Packages.characteristic

Python attributes without boilerplate

pkgs.python313Packages.characteristic

Python attributes without boilerplate

pkgs.magnetophonDSP.CharacterCompressor

Compressor with character. For jack and lv2

pkgs.python312Packages.character-encoding-utils

Some character encoding utils

pkgs.python313Packages.character-encoding-utils

Some character encoding utils
Package maintainers: 11
CVE-2025-49175
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 4 weeks, 1 day ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: out-of-bounds read in x rendering extension animated cursors

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL
CVE-2025-49176
6.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 4 weeks, 1 day ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL
CVE-2025-24761
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 weeks, 1 day ago
CISA ADP Vulnrichment

None

dsk
=<2.2

pkgs.idsk

Manipulating CPC dsk images and files

pkgs.libdsk

Library for accessing discs and disc image files

pkgs.robotfindskitten

Yet another zen simulation; A simple find-the-kitten game

pkgs.python312Packages.pmdsky-debug-py

Autogenerated and statically check-able pmdsky-debug symbol definitions for Python

pkgs.python313Packages.pmdsky-debug-py

Autogenerated and statically check-able pmdsky-debug symbol definitions for Python
Package maintainers: 2
CVE-2025-31919
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 weeks, 1 day ago
WordPress Spare <= 1.7 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in themeton Spare allows Object Injection. This issue affects Spare: from n/a through 1.7.

spare
=<1.7

pkgs.asciiquarium-transparent

Aquarium/sea animation in ASCII art (with option of transparent background)

pkgs.materia-theme-transparent

Transparent Material Design theme for GNOME/GTK based desktop environments

pkgs.gnomeExtensions.transparent-top-bar

Bring back the transparent top bar when free-floating in GNOME Shell 3.32.

pkgs.gnomeExtensions.transparent-window-moving

Makes the window semi-transparent when moving or resizing

pkgs.sway-contrib.inactive-windows-transparency

It makes inactive sway windows transparent

pkgs.gnomeExtensions.transparent-top-bar-adjustable-transparency

Fork of: https://github.com/zhanghai/gnome-shell-extension-transparent-top-bar
Package maintainers: 4
CVE-2025-49253
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 4 weeks, 1 day ago
WordPress Lasa <= 1.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Lasa allows PHP Local File Inclusion. This issue affects Lasa: from n/a through 1.1.

lasa
=<1.1

pkgs.typstPackages.lasagna_0_1_0

Add layers, toggle them using tags easily

pkgs.typstPackages.lasaveur_0_1_3

Porting vim-latex's math shorthands to Typst. An accommendating vim syntax file is provided in the repo

pkgs.typstPackages.lasaveur_0_1_4

Porting vim-latex's math shorthands to Typst. An accommendating vim syntax file is provided in the repo
Package maintainers: 1