⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2023-6476
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 weeks ago
Cri-o: pods are able to break out of resource confinement on cgroupv2

A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node.

cri-o
*
cri-o:1.21/cri-o

pkgs.cri-o.x86_64-linux

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

pkgs.cri-o.aarch64-linux

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

pkgs.cri-o-unwrapped.x86_64-linux

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface

pkgs.cri-o-unwrapped.aarch64-linux

Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface
Package maintainers: 2
CVE-2025-6196
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 weeks ago
Libgepub: integer overflow in libgepub's epub archive handling

A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service.

libgepub

pkgs.libgepub.x86_64-linux

GObject based library for handling and rendering epub documents

pkgs.libgepub.aarch64-linux

GObject based library for handling and rendering epub documents
Package maintainers: 4
CVE-2025-49258
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 weeks ago
WordPress Maia <= 1.1.15 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Maia allows PHP Local File Inclusion. This issue affects Maia: from n/a through 1.1.15.

maia
=<1.1.15
Package maintainers: 2
CVE-2024-0409
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 weeks ago
Xorg-x11-server: selinux context corruption

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

tigervnc
xorg-server
<21.1.11
xorg-x11-server
*
xorg-x11-server-Xwayland
*
Package maintainers: 1
CVE-2025-49177
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 3 weeks ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: data leak in xfixes extension's xfixessetclientdisconnectmode

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

tigervnc
xorg-x11-server
xorg-x11-server-Xwayland
Package maintainers: 1
CVE-2022-45083
6.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 weeks ago
WordPress ProfilePress Plugin <= 4.3.2 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.3.2.

wp-user-avatar
=<4.3.2

pkgs.wordpressPackages.plugins.wp-user-avatars

CVE-2025-49254
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 weeks ago
WordPress Nika <= 1.2.8 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika allows PHP Local File Inclusion. This issue affects Nika: from n/a through 1.2.8.

nika
=<1.2.8

pkgs.python313Packages.minikanren

Relational programming in Python

pkgs.python312Packages.minikanren.aarch64-linux

Relational programming in Python

pkgs.python312Packages.minikanren.x86_64-darwin

Relational programming in Python

pkgs.python312Packages.minikanren.aarch64-darwin

Relational programming in Python
Package maintainers: 1
CVE-2025-49180
6.1 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 weeks ago
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.

tigervnc
xorg-x11-server
xorg-x11-server-Xwayland
Package maintainers: 1
CVE-2025-49253
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 weeks ago
WordPress Lasa <= 1.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Lasa allows PHP Local File Inclusion. This issue affects Lasa: from n/a through 1.1.

lasa
=<1.1

pkgs.gnomeExtensions.glasa

This extension puts adds an indicator to the top panel whose icon continuously renders two comic-like eyes that follow the mouse cursor.

pkgs.texlivePackages.unizgklasa

A LaTeX class for theses at the Faculty Of Graphic Arts in Zagreb

pkgs.typstPackages.lasagna_0_1_0

Add layers, toggle them using tags easily

pkgs.typstPackages.lasaveur_0_1_3

Porting vim-latex's math shorthands to Typst. An accommendating vim syntax file is provided in the repo

pkgs.typstPackages.lasaveur_0_1_4

Porting vim-latex's math shorthands to Typst. An accommendating vim syntax file is provided in the repo

pkgs.gnomeExtensions.glasa.x86_64-linux

This extension puts adds an indicator to the top panel whose icon continuously renders two comic-like eyes that follow the mouse cursor.

pkgs.gnomeExtensions.glasa.aarch64-linux

This extension puts adds an indicator to the top panel whose icon continuously renders two comic-like eyes that follow the mouse cursor.

pkgs.texlivePackages.unizgklasa.x86_64-linux

A LaTeX class for theses at the Faculty Of Graphic Arts in Zagreb
Package maintainers: 1
CVE-2024-0408
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 weeks ago
Xorg-x11-server: selinux unlabeled glx pbuffer

A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.

tigervnc
xorg-server
<21.1.11
xorg-x11-server
*
xorg-x11-server-Xwayland
*
Package maintainers: 1