Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-6384 created 2 months, 2 weeks ago
Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution). This issue affects CrafterCMS: from 4.0.0 through 4.2.2.

Studio
<4.3.0

pkgs.rstudio

Set of integrated tools for the R language

pkgs.rstudio-server

Set of integrated tools for the R language

pkgs.vscode-extensions.visualstudiotoolsforunity.vstuc

Integrates Visual Studio Code for Unity

pkgs.vscode-extensions.visualstudioexptteam.vscodeintellicode

AI-assisted development

pkgs.vscode-extensions.visualstudioexptteam.intellicode-api-usage-examples

See relevant code examples from GitHub for over 100K different APIs right in your editor
Package maintainers: 5
CVE-2025-49254
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
WordPress Nika <= 1.2.8 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika allows PHP Local File Inclusion. This issue affects Nika: from n/a through 1.2.8.

nika
=<1.2.8

pkgs.nika-fonts

Persian/Arabic Open Source Font

pkgs.python312Packages.minikanren

Relational programming in Python

pkgs.python313Packages.minikanren

Relational programming in Python
Package maintainers: 1
CVE-2025-49179
6.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x record extension

A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL
CVE-2025-49175
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: out-of-bounds read in x rendering extension animated cursors

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL
CVE-2025-49176
6.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL
CVE-2025-24761
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
CISA ADP Vulnrichment

None

dsk
=<2.2

pkgs.idsk

Manipulating CPC dsk images and files

pkgs.libdsk

Library for accessing discs and disc image files

pkgs.robotfindskitten

Yet another zen simulation; A simple find-the-kitten game

pkgs.python312Packages.pmdsky-debug-py

Autogenerated and statically check-able pmdsky-debug symbol definitions for Python

pkgs.python313Packages.pmdsky-debug-py

Autogenerated and statically check-able pmdsky-debug symbol definitions for Python
Package maintainers: 2
CVE-2025-31919
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
WordPress Spare <= 1.7 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in themeton Spare allows Object Injection. This issue affects Spare: from n/a through 1.7.

spare
=<1.7

pkgs.asciiquarium-transparent

Aquarium/sea animation in ASCII art (with option of transparent background)

pkgs.materia-theme-transparent

Transparent Material Design theme for GNOME/GTK based desktop environments

pkgs.gnomeExtensions.transparent-top-bar

Bring back the transparent top bar when free-floating in GNOME Shell 3.32.

pkgs.gnomeExtensions.transparent-window-moving

Makes the window semi-transparent when moving or resizing

pkgs.sway-contrib.inactive-windows-transparency

It makes inactive sway windows transparent

pkgs.gnomeExtensions.transparent-top-bar-adjustable-transparency

Fork of: https://github.com/zhanghai/gnome-shell-extension-transparent-top-bar
Package maintainers: 4
CVE-2025-6199
3.3 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 2 months, 2 weeks ago
Gdk-pixbuf: uninitialized memory disclosure in gdkpixbuf gif lzw decoder

A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.

loupe
librsvg2
snapshot
gdk-pixbuf
<2.43.2
gdk-pixbuf2
glycin-loaders

pkgs.loupe

Simple image viewer application written with GTK4 and Rust

pkgs.snapshot

Take pictures and videos on your computer, tablet, or phone

pkgs.rsnapshot

Filesystem snapshot utility for making backups of local and remote systems

pkgs.aj-snapshot

Tool for storing/restoring JACK and/or ALSA connections to/from cml files

pkgs.glycin-loaders

Glycin loaders for several formats

pkgs.nix-snapshotter

Brings native understanding of Nix packages to containerd

pkgs.btrfs-auto-snapshot

BTRFS Automatic Snapshot Service for Linux

pkgs.zfs-prune-snapshots

Remove snapshots from one or more zpools that match given criteria

pkgs.python312Packages.torchsnapshot

Performant, memory-efficient checkpointing library for PyTorch applications, designed with large, complex distributed workloads in mind

pkgs.python313Packages.torchsnapshot

Performant, memory-efficient checkpointing library for PyTorch applications, designed with large, complex distributed workloads in mind

pkgs.python312Packages.inline-snapshot

Create and update inline snapshots in Python tests

pkgs.python312Packages.pytest-snapshot

Plugin to enable snapshot testing with pytest

pkgs.python313Packages.inline-snapshot

Create and update inline snapshots in Python tests

pkgs.python313Packages.pytest-snapshot

Plugin to enable snapshot testing with pytest

pkgs.python312Packages.snapshot-restore-py

Snapshot Restore for Python library which can be used for registering runtime hooks in Snapstart enabled Python Lambda functions

pkgs.python313Packages.snapshot-restore-py

Snapshot Restore for Python library which can be used for registering runtime hooks in Snapstart enabled Python Lambda functions

pkgs.python312Packages.pytest-textual-snapshot

Snapshot testing for Textual applications

pkgs.python313Packages.pytest-textual-snapshot

Snapshot testing for Textual applications
Package maintainers: 13
CVE-2025-6196
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
Libgepub: integer overflow in libgepub's epub archive handling

A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service.

libgepub
<0.7.2

pkgs.libgepub

GObject based library for handling and rendering epub documents
Package maintainers: 4
CVE-2025-49180
6.1 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months, 2 weeks ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.

tigervnc
*
xorg-x11-server
*
xorg-x11-server-Xwayland
*

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL