CVE-2025-39438 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): NONE created 3 months ago WordPress Theme Changer plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability Cross-Site Request Forgery (CSRF) vulnerability in momen2009 Theme Changer allows Cross Site Request Forgery. This issue affects Theme Changer: from n/a through 1.3. Affected products theme-changer =<1.3 Matching in nixpkgs pkgs.gnomeExtensions.dm-theme-changer Automatically change theme styles when dark mode is enabled or disabled. nixos-unstable ??? nixpkgs-unstable 4 Package maintainers: 1 @honnip Jung seungwoo <me@honnip.page>
pkgs.gnomeExtensions.dm-theme-changer Automatically change theme styles when dark mode is enabled or disabled. nixos-unstable ??? nixpkgs-unstable 4
CVE-2025-3576 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): HIGH Availability impact (A): NONE created 3 months ago Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. Affected products krb5 <1.22 * rhcos discovery/discovery-server-rhel9 * aap-cloud-metrics-collector-container ansible-automation-platform-24/ee-minimal-rhel9 ansible-automation-platform-25/ee-minimal-rhel8 ansible-automation-platform-24/ee-supported-rhel8 ansible-automation-platform-24/ee-supported-rhel9 registry.redhat.io/discovery/discovery-server-rhel9 * ansible-automation-platform-25/ansible-builder-rhel8 ansible-automation-platform-24/platform-resource-runner-rhel8 ansible-automation-platform-25/platform-resource-runner-rhel8 Matching in nixpkgs pkgs.libkrb5 MIT Kerberos 5 nixos-unstable ??? nixpkgs-unstable 1.22.1 pkgs.krb5Full MIT Kerberos 5 nixos-unstable ??? nixpkgs-unstable 1.22.1 pkgs.pam_krb5 PAM module allowing PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC nixos-unstable ??? nixpkgs-unstable krb5-4.11 pkgs.python312Packages.krb5 Kerberos API bindings for Python nixos-unstable ??? nixpkgs-unstable krb5-0.7.1 pkgs.python313Packages.krb5 Kerberos API bindings for Python nixos-unstable ??? nixpkgs-unstable krb5-0.7.1 Package maintainers: 3 @de11n Elliot Cameron <nixpkgs-commits@deshaw.com> @invokes-su Souvik Sen <nixpkgs-commits@deshaw.com> @despsyched Priyanshu Tripathi <priyanshu.tripathi@deshaw.com>
pkgs.pam_krb5 PAM module allowing PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC nixos-unstable ??? nixpkgs-unstable krb5-4.11
pkgs.python312Packages.krb5 Kerberos API bindings for Python nixos-unstable ??? nixpkgs-unstable krb5-0.7.1
pkgs.python313Packages.krb5 Kerberos API bindings for Python nixos-unstable ??? nixpkgs-unstable krb5-0.7.1
CVE-2025-26748 8.1 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 3 months ago WordPress Arkhe theme <= 3.11.0 - CSRF to Local File Inclusion vulnerability Cross-Site Request Forgery (CSRF) vulnerability in LOOS,Inc. Arkhe allows PHP Local File Inclusion. This issue affects Arkhe: from n/a through 3.11.0. Affected products arkhe =<3.11.0 Matching in nixpkgs pkgs.typstPackages.arkheion_0_1_0 A simple template reproducing popular arXiv templates nixos-unstable ??? nixpkgs-unstable 0.1.0 Package maintainers: 1 @cherrypiejam Gongqi Huang
pkgs.typstPackages.arkheion_0_1_0 A simple template reproducing popular arXiv templates nixos-unstable ??? nixpkgs-unstable 0.1.0
CVE-2025-32911 9.0 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 3 months ago Libsoup: double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" ghashtable value A flaw was found in libsoup, which is vulnerable to a use-after-free memory issue not on the heap in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server. Affected products libsoup <3.6.3 * libsoup3 mingw-freetype * spice-client-win * Matching in nixpkgs pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable ??? nixpkgs-unstable 3.6.5 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable ??? nixpkgs-unstable 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable ??? nixpkgs-unstable Package maintainers: 6 @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @jtojnar Jan Tojnar <jtojnar@gmail.com> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable ??? nixpkgs-unstable
CVE-2025-32912 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 3 months ago Libsoup: null pointer dereference in client when server omits the "nonce" parameter in an unauthorized response with digest authentication A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash. Affected products libsoup <3.6.5 libsoup3 * Matching in nixpkgs pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable ??? nixpkgs-unstable 3.6.5 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable ??? nixpkgs-unstable 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable ??? nixpkgs-unstable Package maintainers: 6 @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @jtojnar Jan Tojnar <jtojnar@gmail.com> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable ??? nixpkgs-unstable
CVE-2025-32909 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): LOW created 3 months ago Libsoup: null pointer dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash. Affected products libsoup <3.6.2 libsoup3 mingw-freetype * spice-client-win * Matching in nixpkgs pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable ??? nixpkgs-unstable 3.6.5 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable ??? nixpkgs-unstable 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable ??? nixpkgs-unstable Package maintainers: 6 @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @jtojnar Jan Tojnar <jtojnar@gmail.com> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable ??? nixpkgs-unstable
CVE-2025-32914 7.4 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): HIGH created 3 months ago Libsoup: oob read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds. Affected products libsoup <3.6.5 * libsoup3 * Matching in nixpkgs pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable ??? nixpkgs-unstable 3.6.5 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable ??? nixpkgs-unstable 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable ??? nixpkgs-unstable Package maintainers: 6 @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @jtojnar Jan Tojnar <jtojnar@gmail.com> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable ??? nixpkgs-unstable
CVE-2025-32906 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 3 months ago Libsoup: out of bounds reads in soup_headers_parse_request() A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server. Affected products libsoup <3.6.5 * libsoup3 * mingw-freetype * spice-client-win * Matching in nixpkgs pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable ??? nixpkgs-unstable 3.6.5 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable ??? nixpkgs-unstable 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable ??? nixpkgs-unstable Package maintainers: 6 @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @jtojnar Jan Tojnar <jtojnar@gmail.com> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable ??? nixpkgs-unstable
CVE-2025-32910 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 3 months ago Libsoup: null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an unauthorized response with digest authentication A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash. Affected products libsoup <3.6.3 libsoup3 mingw-freetype * spice-client-win * Matching in nixpkgs pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable ??? nixpkgs-unstable 3.6.5 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable ??? nixpkgs-unstable 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable ??? nixpkgs-unstable Package maintainers: 6 @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @jtojnar Jan Tojnar <jtojnar@gmail.com> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable ??? nixpkgs-unstable
CVE-2025-32907 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 3 months ago Libsoup: denial of service in server when client requests a large amount of overlapping ranges with range header A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. Affected products libsoup <3.6.5 * libsoup3 * mingw-freetype * spice-client-win * Matching in nixpkgs pkgs.libsoup_3 HTTP client/server library for GNOME nixos-unstable ??? nixpkgs-unstable 3.6.5 pkgs.libsoup_2_4 HTTP client/server library for GNOME nixos-unstable ??? nixpkgs-unstable 2.74.3 pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable ??? nixpkgs-unstable Package maintainers: 6 @dasj19 Daniel Șerbănescu <daniel@serbanescu.dk> @bobby285271 Bobby Rong <rjl931189261@126.com> @lovek323 Jason O'Conal <jason@oconal.id.au> @7c6f434c Michael Raskin <7c6f434c@mail.ru> @jtojnar Jan Tojnar <jtojnar@gmail.com> @hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4" Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4 nixos-unstable ??? nixpkgs-unstable