Dismissed suggestions Untriaged suggestions Draft issues Published issues Automatically generated suggestions Create Draft to queue a suggestion for refinement. Dismiss to remove a suggestion from the queue. CVE-2023-3899 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 1 week ago Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root. subscription-manager * pkgs.python311Packages.graphql-subscription-manager Python3 library for graphql subscription manager nixos-24.05 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 ??? nixos-24.11-small 0.7.1 nixos-unstable ??? nixos-unstable-small 0.7.1 nixpkgs-unstable 0.7.1 pkgs.python312Packages.graphql-subscription-manager Python3 library for graphql subscription manager nixos-24.05 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 0.7.1 nixpkgs-24.11-darwin 0.7.1 nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixos-unstable-small 0.7.1 nixpkgs-unstable 0.7.1 pkgs.python311Packages.graphql-subscription-manager.x86_64-linux Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 0.7.1 nixpkgs-24.11-darwin 0.7.1 nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixos-unstable-small 0.7.1 nixpkgs-unstable 0.7.1 pkgs.python312Packages.graphql-subscription-manager.x86_64-linux Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 ??? nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixpkgs-unstable 0.7.1 pkgs.python311Packages.graphql-subscription-manager.aarch64-linux Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 0.7.1 nixpkgs-24.11-darwin 0.7.1 nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixos-unstable-small 0.7.1 nixpkgs-unstable 0.7.1 pkgs.python311Packages.graphql-subscription-manager.x86_64-darwin Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 0.7.1 nixpkgs-24.11-darwin 0.7.1 nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixos-unstable-small 0.7.1 nixpkgs-unstable 0.7.1 pkgs.python312Packages.graphql-subscription-manager.aarch64-linux Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 ??? nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixpkgs-unstable 0.7.1 pkgs.python312Packages.graphql-subscription-manager.x86_64-darwin Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 ??? nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixpkgs-unstable 0.7.1 pkgs.python311Packages.graphql-subscription-manager.aarch64-darwin Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 0.7.1 nixpkgs-24.11-darwin 0.7.1 nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixos-unstable-small 0.7.1 nixpkgs-unstable 0.7.1 pkgs.python312Packages.graphql-subscription-manager.aarch64-darwin Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 ??? nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixpkgs-unstable 0.7.1 Package maintainers: 1 @dotlambda Robert Schütz <rschuetz17@gmail.com> CVE-2025-26595 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 1 week ago Xorg: xwayland: buffer overflow in xkbvmodmasktext() A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixpkgs-24.05-darwin 1.13.1 nixos-24.11 ??? nixpkgs-24.11-darwin 1.14.0 nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 pkgs.tigervnc.x86_64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.x86_64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 Package maintainers: 1 @viric Lluís Batlle i Rossell <viric@viric.name> CVE-2025-26597 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 1 week ago Xorg: xwayland: buffer overflow in xkbchangetypesofkey() A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixpkgs-24.05-darwin 1.13.1 nixos-24.11 ??? nixpkgs-24.11-darwin 1.14.0 nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 pkgs.tigervnc.x86_64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.x86_64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 Package maintainers: 1 @viric Lluís Batlle i Rossell <viric@viric.name> CVE-2025-26594 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 1 week ago X.org: xwayland: use-after-free of the root cursor A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixpkgs-24.05-darwin 1.13.1 nixos-24.11 ??? nixpkgs-24.11-darwin 1.14.0 nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 pkgs.tigervnc.x86_64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.x86_64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 Package maintainers: 1 @viric Lluís Batlle i Rossell <viric@viric.name> CVE-2025-26599 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 1 week ago Xorg: xwayland: use of uninitialized pointer in compredirectwindow() An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixpkgs-24.05-darwin 1.13.1 nixos-24.11 ??? nixpkgs-24.11-darwin 1.14.0 nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 pkgs.tigervnc.x86_64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.x86_64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 Package maintainers: 1 @viric Lluís Batlle i Rossell <viric@viric.name> CVE-2025-26932 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 1 week ago WordPress WPBot plugin <= 6.3.5 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QuantumCloud ChatBot allows PHP Local File Inclusion. This issue affects ChatBot: from n/a through 6.3.5. chatbot =<6.3.5 pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that uses openrouter.ai services - a platform/marketplace that offers APIs to talk to LLMs. Some of these APIs are free to use, including the one used by default in the extension: Llama 3.1 8B. nixos-24.11 11 nixos-24.11-small 11 nixos-unstable ??? nixos-unstable-small 11 nixpkgs-unstable 11 pkgs.gnomeExtensions.penguin-ai-chatbot.x86_64-linux A GNOME Shell extension that uses openrouter.ai services - a platform/marketplace that offers APIs to talk to LLMs. Some of these APIs are free to use, including the one used by default in the extension: Llama 3.1 8B. nixos-24.11 11 nixpkgs-24.11-darwin 11 nixos-unstable 11 pkgs.gnomeExtensions.penguin-ai-chatbot.aarch64-linux A GNOME Shell extension that uses openrouter.ai services - a platform/marketplace that offers APIs to talk to LLMs. Some of these APIs are free to use, including the one used by default in the extension: Llama 3.1 8B. nixos-24.11 11 nixpkgs-24.11-darwin 11 nixos-unstable 11 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page> CVE-2025-26596 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 1 week ago Xorg: xwayland: heap overflow in xkbwritekeysyms() A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixpkgs-24.05-darwin 1.13.1 nixos-24.11 ??? nixpkgs-24.11-darwin 1.14.0 nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 pkgs.tigervnc.x86_64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.x86_64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 Package maintainers: 1 @viric Lluís Batlle i Rossell <viric@viric.name> CVE-2025-26915 8.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): LOW created 4 months, 1 week ago WordPress Wishlist Plugin <= 1.0.41 - SQL Injection vulnerability Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist allows SQL Injection. This issue affects Wishlist: from n/a through 1.0.41. wishlist =<1.0.41 pkgs.wishlist A single entrypoint for multiple SSH endpoints nixos-24.05 0.14.1 nixpkgs-24.05-darwin 0.14.1 nixos-24.11 ??? nixpkgs-24.11-darwin 0.15.0 nixos-24.11-small 0.15.0 nixos-unstable 0.15.0 nixos-unstable-small 0.15.0 nixpkgs-unstable 0.15.0 pkgs.wishlist.x86_64-linux Single entrypoint for multiple SSH endpoints nixos-24.05 ??? nixos-24.05-small 0.14.1 nixos-24.11 0.15.0 nixos-unstable ??? nixos-unstable-small 0.15.0 pkgs.wishlist.aarch64-linux Single entrypoint for multiple SSH endpoints nixos-24.05 ??? nixos-24.05-small 0.14.1 nixos-24.11 0.15.0 nixos-unstable ??? nixos-unstable-small 0.15.0 pkgs.wishlist.x86_64-darwin Single entrypoint for multiple SSH endpoints nixos-24.05 ??? nixos-24.05-small 0.14.1 nixos-24.11 0.15.0 nixos-unstable ??? nixos-unstable-small 0.15.0 pkgs.wishlist.aarch64-darwin Single entrypoint for multiple SSH endpoints nixos-24.05 ??? nixos-24.05-small 0.14.1 nixos-24.11 0.15.0 nixos-unstable ??? nixos-unstable-small 0.15.0 Package maintainers: 2 @caarlos0 Carlos A Becker <carlos@becker.software> @penguwin Nicolas Martin <penguwin@penguwin.eu> CVE-2025-26600 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 1 week ago Xorg: xwayland: use-after-free in playreleasedevents() A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixpkgs-24.05-darwin 1.13.1 nixos-24.11 ??? nixpkgs-24.11-darwin 1.14.0 nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 pkgs.tigervnc.x86_64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.x86_64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 Package maintainers: 1 @viric Lluís Batlle i Rossell <viric@viric.name> CVE-2025-26601 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 1 week ago Xorg: xwayland: use-after-free in syncinittrigger() A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixpkgs-24.05-darwin 1.13.1 nixos-24.11 ??? nixpkgs-24.11-darwin 1.14.0 nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 pkgs.tigervnc.x86_64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.x86_64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 Package maintainers: 1 @viric Lluís Batlle i Rossell <viric@viric.name>
CVE-2023-3899 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 1 week ago Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root. subscription-manager * pkgs.python311Packages.graphql-subscription-manager Python3 library for graphql subscription manager nixos-24.05 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 ??? nixos-24.11-small 0.7.1 nixos-unstable ??? nixos-unstable-small 0.7.1 nixpkgs-unstable 0.7.1 pkgs.python312Packages.graphql-subscription-manager Python3 library for graphql subscription manager nixos-24.05 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 0.7.1 nixpkgs-24.11-darwin 0.7.1 nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixos-unstable-small 0.7.1 nixpkgs-unstable 0.7.1 pkgs.python311Packages.graphql-subscription-manager.x86_64-linux Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 0.7.1 nixpkgs-24.11-darwin 0.7.1 nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixos-unstable-small 0.7.1 nixpkgs-unstable 0.7.1 pkgs.python312Packages.graphql-subscription-manager.x86_64-linux Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 ??? nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixpkgs-unstable 0.7.1 pkgs.python311Packages.graphql-subscription-manager.aarch64-linux Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 0.7.1 nixpkgs-24.11-darwin 0.7.1 nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixos-unstable-small 0.7.1 nixpkgs-unstable 0.7.1 pkgs.python311Packages.graphql-subscription-manager.x86_64-darwin Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 0.7.1 nixpkgs-24.11-darwin 0.7.1 nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixos-unstable-small 0.7.1 nixpkgs-unstable 0.7.1 pkgs.python312Packages.graphql-subscription-manager.aarch64-linux Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 ??? nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixpkgs-unstable 0.7.1 pkgs.python312Packages.graphql-subscription-manager.x86_64-darwin Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 ??? nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixpkgs-unstable 0.7.1 pkgs.python311Packages.graphql-subscription-manager.aarch64-darwin Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 0.7.1 nixpkgs-24.11-darwin 0.7.1 nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixos-unstable-small 0.7.1 nixpkgs-unstable 0.7.1 pkgs.python312Packages.graphql-subscription-manager.aarch64-darwin Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 ??? nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixpkgs-unstable 0.7.1 Package maintainers: 1 @dotlambda Robert Schütz <rschuetz17@gmail.com>
pkgs.python311Packages.graphql-subscription-manager Python3 library for graphql subscription manager nixos-24.05 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 ??? nixos-24.11-small 0.7.1 nixos-unstable ??? nixos-unstable-small 0.7.1 nixpkgs-unstable 0.7.1
pkgs.python312Packages.graphql-subscription-manager Python3 library for graphql subscription manager nixos-24.05 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 0.7.1 nixpkgs-24.11-darwin 0.7.1 nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixos-unstable-small 0.7.1 nixpkgs-unstable 0.7.1
pkgs.python311Packages.graphql-subscription-manager.x86_64-linux Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 0.7.1 nixpkgs-24.11-darwin 0.7.1 nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixos-unstable-small 0.7.1 nixpkgs-unstable 0.7.1
pkgs.python312Packages.graphql-subscription-manager.x86_64-linux Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 ??? nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixpkgs-unstable 0.7.1
pkgs.python311Packages.graphql-subscription-manager.aarch64-linux Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 0.7.1 nixpkgs-24.11-darwin 0.7.1 nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixos-unstable-small 0.7.1 nixpkgs-unstable 0.7.1
pkgs.python311Packages.graphql-subscription-manager.x86_64-darwin Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 0.7.1 nixpkgs-24.11-darwin 0.7.1 nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixos-unstable-small 0.7.1 nixpkgs-unstable 0.7.1
pkgs.python312Packages.graphql-subscription-manager.aarch64-linux Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 ??? nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixpkgs-unstable 0.7.1
pkgs.python312Packages.graphql-subscription-manager.x86_64-darwin Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 ??? nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixpkgs-unstable 0.7.1
pkgs.python311Packages.graphql-subscription-manager.aarch64-darwin Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 0.7.1 nixpkgs-24.11-darwin 0.7.1 nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixos-unstable-small 0.7.1 nixpkgs-unstable 0.7.1
pkgs.python312Packages.graphql-subscription-manager.aarch64-darwin Python3 library for graphql subscription manager nixos-24.05 ??? nixpkgs-24.05-darwin 0.7.1 nixos-24.05-small 0.7.1 nixos-24.11 ??? nixos-24.11-small 0.7.1 nixos-unstable 0.7.1 nixpkgs-unstable 0.7.1
CVE-2025-26595 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 1 week ago Xorg: xwayland: buffer overflow in xkbvmodmasktext() A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixpkgs-24.05-darwin 1.13.1 nixos-24.11 ??? nixpkgs-24.11-darwin 1.14.0 nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 pkgs.tigervnc.x86_64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.x86_64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 Package maintainers: 1 @viric Lluís Batlle i Rossell <viric@viric.name>
pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixpkgs-24.05-darwin 1.13.1 nixos-24.11 ??? nixpkgs-24.11-darwin 1.14.0 nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
pkgs.tigervnc.x86_64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
pkgs.tigervnc.aarch64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
pkgs.tigervnc.x86_64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
pkgs.tigervnc.aarch64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
CVE-2025-26597 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 1 week ago Xorg: xwayland: buffer overflow in xkbchangetypesofkey() A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixpkgs-24.05-darwin 1.13.1 nixos-24.11 ??? nixpkgs-24.11-darwin 1.14.0 nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 pkgs.tigervnc.x86_64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.x86_64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 Package maintainers: 1 @viric Lluís Batlle i Rossell <viric@viric.name>
pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixpkgs-24.05-darwin 1.13.1 nixos-24.11 ??? nixpkgs-24.11-darwin 1.14.0 nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
pkgs.tigervnc.x86_64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
pkgs.tigervnc.aarch64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
pkgs.tigervnc.x86_64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
pkgs.tigervnc.aarch64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
CVE-2025-26594 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 1 week ago X.org: xwayland: use-after-free of the root cursor A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixpkgs-24.05-darwin 1.13.1 nixos-24.11 ??? nixpkgs-24.11-darwin 1.14.0 nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 pkgs.tigervnc.x86_64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.x86_64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 Package maintainers: 1 @viric Lluís Batlle i Rossell <viric@viric.name>
pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixpkgs-24.05-darwin 1.13.1 nixos-24.11 ??? nixpkgs-24.11-darwin 1.14.0 nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
pkgs.tigervnc.x86_64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
pkgs.tigervnc.aarch64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
pkgs.tigervnc.x86_64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
pkgs.tigervnc.aarch64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
CVE-2025-26599 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 1 week ago Xorg: xwayland: use of uninitialized pointer in compredirectwindow() An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixpkgs-24.05-darwin 1.13.1 nixos-24.11 ??? nixpkgs-24.11-darwin 1.14.0 nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 pkgs.tigervnc.x86_64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.x86_64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 Package maintainers: 1 @viric Lluís Batlle i Rossell <viric@viric.name>
pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixpkgs-24.05-darwin 1.13.1 nixos-24.11 ??? nixpkgs-24.11-darwin 1.14.0 nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
pkgs.tigervnc.x86_64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
pkgs.tigervnc.aarch64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
pkgs.tigervnc.x86_64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
pkgs.tigervnc.aarch64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
CVE-2025-26932 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 1 week ago WordPress WPBot plugin <= 6.3.5 - Local File Inclusion vulnerability Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QuantumCloud ChatBot allows PHP Local File Inclusion. This issue affects ChatBot: from n/a through 6.3.5. chatbot =<6.3.5 pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that uses openrouter.ai services - a platform/marketplace that offers APIs to talk to LLMs. Some of these APIs are free to use, including the one used by default in the extension: Llama 3.1 8B. nixos-24.11 11 nixos-24.11-small 11 nixos-unstable ??? nixos-unstable-small 11 nixpkgs-unstable 11 pkgs.gnomeExtensions.penguin-ai-chatbot.x86_64-linux A GNOME Shell extension that uses openrouter.ai services - a platform/marketplace that offers APIs to talk to LLMs. Some of these APIs are free to use, including the one used by default in the extension: Llama 3.1 8B. nixos-24.11 11 nixpkgs-24.11-darwin 11 nixos-unstable 11 pkgs.gnomeExtensions.penguin-ai-chatbot.aarch64-linux A GNOME Shell extension that uses openrouter.ai services - a platform/marketplace that offers APIs to talk to LLMs. Some of these APIs are free to use, including the one used by default in the extension: Llama 3.1 8B. nixos-24.11 11 nixpkgs-24.11-darwin 11 nixos-unstable 11 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.gnomeExtensions.penguin-ai-chatbot A GNOME Shell extension that uses openrouter.ai services - a platform/marketplace that offers APIs to talk to LLMs. Some of these APIs are free to use, including the one used by default in the extension: Llama 3.1 8B. nixos-24.11 11 nixos-24.11-small 11 nixos-unstable ??? nixos-unstable-small 11 nixpkgs-unstable 11
pkgs.gnomeExtensions.penguin-ai-chatbot.x86_64-linux A GNOME Shell extension that uses openrouter.ai services - a platform/marketplace that offers APIs to talk to LLMs. Some of these APIs are free to use, including the one used by default in the extension: Llama 3.1 8B. nixos-24.11 11 nixpkgs-24.11-darwin 11 nixos-unstable 11
pkgs.gnomeExtensions.penguin-ai-chatbot.aarch64-linux A GNOME Shell extension that uses openrouter.ai services - a platform/marketplace that offers APIs to talk to LLMs. Some of these APIs are free to use, including the one used by default in the extension: Llama 3.1 8B. nixos-24.11 11 nixpkgs-24.11-darwin 11 nixos-unstable 11
CVE-2025-26596 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 1 week ago Xorg: xwayland: heap overflow in xkbwritekeysyms() A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixpkgs-24.05-darwin 1.13.1 nixos-24.11 ??? nixpkgs-24.11-darwin 1.14.0 nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 pkgs.tigervnc.x86_64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.x86_64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 Package maintainers: 1 @viric Lluís Batlle i Rossell <viric@viric.name>
pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixpkgs-24.05-darwin 1.13.1 nixos-24.11 ??? nixpkgs-24.11-darwin 1.14.0 nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
pkgs.tigervnc.x86_64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
pkgs.tigervnc.aarch64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
pkgs.tigervnc.x86_64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
pkgs.tigervnc.aarch64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
CVE-2025-26915 8.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): LOW created 4 months, 1 week ago WordPress Wishlist Plugin <= 1.0.41 - SQL Injection vulnerability Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist allows SQL Injection. This issue affects Wishlist: from n/a through 1.0.41. wishlist =<1.0.41 pkgs.wishlist A single entrypoint for multiple SSH endpoints nixos-24.05 0.14.1 nixpkgs-24.05-darwin 0.14.1 nixos-24.11 ??? nixpkgs-24.11-darwin 0.15.0 nixos-24.11-small 0.15.0 nixos-unstable 0.15.0 nixos-unstable-small 0.15.0 nixpkgs-unstable 0.15.0 pkgs.wishlist.x86_64-linux Single entrypoint for multiple SSH endpoints nixos-24.05 ??? nixos-24.05-small 0.14.1 nixos-24.11 0.15.0 nixos-unstable ??? nixos-unstable-small 0.15.0 pkgs.wishlist.aarch64-linux Single entrypoint for multiple SSH endpoints nixos-24.05 ??? nixos-24.05-small 0.14.1 nixos-24.11 0.15.0 nixos-unstable ??? nixos-unstable-small 0.15.0 pkgs.wishlist.x86_64-darwin Single entrypoint for multiple SSH endpoints nixos-24.05 ??? nixos-24.05-small 0.14.1 nixos-24.11 0.15.0 nixos-unstable ??? nixos-unstable-small 0.15.0 pkgs.wishlist.aarch64-darwin Single entrypoint for multiple SSH endpoints nixos-24.05 ??? nixos-24.05-small 0.14.1 nixos-24.11 0.15.0 nixos-unstable ??? nixos-unstable-small 0.15.0 Package maintainers: 2 @caarlos0 Carlos A Becker <carlos@becker.software> @penguwin Nicolas Martin <penguwin@penguwin.eu>
pkgs.wishlist A single entrypoint for multiple SSH endpoints nixos-24.05 0.14.1 nixpkgs-24.05-darwin 0.14.1 nixos-24.11 ??? nixpkgs-24.11-darwin 0.15.0 nixos-24.11-small 0.15.0 nixos-unstable 0.15.0 nixos-unstable-small 0.15.0 nixpkgs-unstable 0.15.0
pkgs.wishlist.x86_64-linux Single entrypoint for multiple SSH endpoints nixos-24.05 ??? nixos-24.05-small 0.14.1 nixos-24.11 0.15.0 nixos-unstable ??? nixos-unstable-small 0.15.0
pkgs.wishlist.aarch64-linux Single entrypoint for multiple SSH endpoints nixos-24.05 ??? nixos-24.05-small 0.14.1 nixos-24.11 0.15.0 nixos-unstable ??? nixos-unstable-small 0.15.0
pkgs.wishlist.x86_64-darwin Single entrypoint for multiple SSH endpoints nixos-24.05 ??? nixos-24.05-small 0.14.1 nixos-24.11 0.15.0 nixos-unstable ??? nixos-unstable-small 0.15.0
pkgs.wishlist.aarch64-darwin Single entrypoint for multiple SSH endpoints nixos-24.05 ??? nixos-24.05-small 0.14.1 nixos-24.11 0.15.0 nixos-unstable ??? nixos-unstable-small 0.15.0
CVE-2025-26600 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 1 week ago Xorg: xwayland: use-after-free in playreleasedevents() A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixpkgs-24.05-darwin 1.13.1 nixos-24.11 ??? nixpkgs-24.11-darwin 1.14.0 nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 pkgs.tigervnc.x86_64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.x86_64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 Package maintainers: 1 @viric Lluís Batlle i Rossell <viric@viric.name>
pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixpkgs-24.05-darwin 1.13.1 nixos-24.11 ??? nixpkgs-24.11-darwin 1.14.0 nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
pkgs.tigervnc.x86_64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
pkgs.tigervnc.aarch64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
pkgs.tigervnc.x86_64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
pkgs.tigervnc.aarch64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
CVE-2025-26601 7.8 HIGH CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 4 months, 1 week ago Xorg: xwayland: use-after-free in syncinittrigger() A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers. xserver <24.1.6 <21.1.16 tigervnc * xorg-x11-server * xorg-x11-server-Xwayland * pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixpkgs-24.05-darwin 1.13.1 nixos-24.11 ??? nixpkgs-24.11-darwin 1.14.0 nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0 pkgs.tigervnc.x86_64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.x86_64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 pkgs.tigervnc.aarch64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0 Package maintainers: 1 @viric Lluís Batlle i Rossell <viric@viric.name>
pkgs.tigervnc Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixpkgs-24.05-darwin 1.13.1 nixos-24.11 ??? nixpkgs-24.11-darwin 1.14.0 nixos-unstable 1.14.0 nixos-unstable-small 1.14.0 nixpkgs-unstable 1.14.0
pkgs.tigervnc.x86_64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
pkgs.tigervnc.aarch64-linux Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
pkgs.tigervnc.x86_64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0
pkgs.tigervnc.aarch64-darwin Fork of tightVNC, made in cooperation with VirtualGL nixos-24.05 1.13.1 nixos-24.05-small 1.13.1 nixos-24.11 1.14.0 nixos-24.11-small 1.14.0 nixos-unstable 1.14.0