CVE-2025-62396 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 1 month, 3 weeks ago Moodle: router (r.php) could expose application directories An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured. Affected products moodle <4.5.7 <5.0.3 Matching in nixpkgs pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable 5.0.2 nixpkgs-unstable 5.0.2 nixos-unstable-small 5.0.2 nixos-25.05 5.0 nixos-25.05-small 5.0 nixpkgs-25.05-darwin 5.0 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable 2.3.13 nixpkgs-unstable 2.3.13 nixos-unstable-small 2.3.13 nixos-25.05 2.3.13 nixos-25.05-small 2.3.13 nixpkgs-25.05-darwin 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable 5.0.2 nixpkgs-unstable 5.0.2 nixos-unstable-small 5.0.2 nixos-25.05 5.0 nixos-25.05-small 5.0 nixpkgs-25.05-darwin 5.0
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable 2.3.13 nixpkgs-unstable 2.3.13 nixos-unstable-small 2.3.13 nixos-25.05 2.3.13 nixos-25.05-small 2.3.13 nixpkgs-25.05-darwin 2.3.13
CVE-2025-62068 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 1 month, 3 weeks ago WordPress e2pdf plugin <= 1.28.09 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.28.09. Affected products e2pdf =<<= 1.28.09 Matching in nixpkgs pkgs.haskellPackages.line2pdf Simple command-line utility to convert text into PDF nixos-unstable 0.0.7 nixpkgs-unstable 0.0.7 nixos-unstable-small 0.0.7 nixos-25.05 0.0.7 nixos-25.05-small 0.0.7 nixpkgs-25.05-darwin 0.0.7
pkgs.haskellPackages.line2pdf Simple command-line utility to convert text into PDF nixos-unstable 0.0.7 nixpkgs-unstable 0.0.7 nixos-unstable-small 0.0.7 nixos-25.05 0.0.7 nixos-25.05-small 0.0.7 nixpkgs-25.05-darwin 0.0.7
CVE-2025-11568 4.4 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): HIGH Availability impact (A): NONE created 1 month, 3 weeks ago Luksmeta: data corruption when handling luks1 partitions with luksmeta A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue. Affected products rhcos luksmeta <10 * Matching in nixpkgs pkgs.luksmeta Simple library for storing metadata in the LUKSv1 header nixos-unstable 9 nixpkgs-unstable 9 nixos-unstable-small 9 nixos-25.05 9 nixos-25.05-small 9 nixpkgs-25.05-darwin 9 Package maintainers: 1 @fpletz Franz Pletz <fpletz@fnordicwalking.de>
pkgs.luksmeta Simple library for storing metadata in the LUKSv1 header nixos-unstable 9 nixpkgs-unstable 9 nixos-unstable-small 9 nixos-25.05 9 nixos-25.05-small 9 nixpkgs-25.05-darwin 9
CVE-2025-9640 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 1 month, 3 weeks ago Samba: vfs_streams_xattr uninitialized memory write possible A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability. Affected products rhcos samba <4.23.2 <4.21.9 <4.21.5 samba4 Matching in nixpkgs pkgs.samba Standard Windows interoperability suite of programs for Linux and Unix nixos-unstable - nixpkgs-unstable 4.22.3 nixos-unstable-small 4.22.3 pkgs.samba4 Standard Windows interoperability suite of programs for Linux and Unix nixos-unstable 4.22.3 nixpkgs-unstable 4.22.3 nixos-unstable-small 4.22.3 nixos-25.05 4.20.8 nixos-25.05-small 4.20.8 nixpkgs-25.05-darwin 4.20.8 pkgs.sambamba SAM/BAM processing tool nixos-unstable 1.0.1 nixpkgs-unstable 1.0.1 nixos-unstable-small 1.0.1 nixos-25.05 1.0.1 nixos-25.05-small 1.0.1 nixpkgs-25.05-darwin 1.0.1 pkgs.sambaFull Standard Windows interoperability suite of programs for Linux and Unix nixos-unstable 4.22.3 nixpkgs-unstable 4.22.3 nixos-unstable-small 4.22.3 nixos-25.05 4.20.8 nixos-25.05-small 4.20.8 nixpkgs-25.05-darwin 4.20.8 pkgs.samba4Full Standard Windows interoperability suite of programs for Linux and Unix nixos-unstable 4.22.3 nixpkgs-unstable 4.22.3 nixos-unstable-small 4.22.3 nixos-25.05 4.20.8 nixos-25.05-small 4.20.8 nixpkgs-25.05-darwin 4.20.8 Package maintainers: 2 @aneeshusa Aneesh Agrawal <aneeshusa@gmail.com> @jbedo Justin Bedő <cu@cua0.org>
pkgs.samba Standard Windows interoperability suite of programs for Linux and Unix nixos-unstable - nixpkgs-unstable 4.22.3 nixos-unstable-small 4.22.3
pkgs.samba4 Standard Windows interoperability suite of programs for Linux and Unix nixos-unstable 4.22.3 nixpkgs-unstable 4.22.3 nixos-unstable-small 4.22.3 nixos-25.05 4.20.8 nixos-25.05-small 4.20.8 nixpkgs-25.05-darwin 4.20.8
pkgs.sambamba SAM/BAM processing tool nixos-unstable 1.0.1 nixpkgs-unstable 1.0.1 nixos-unstable-small 1.0.1 nixos-25.05 1.0.1 nixos-25.05-small 1.0.1 nixpkgs-25.05-darwin 1.0.1
pkgs.sambaFull Standard Windows interoperability suite of programs for Linux and Unix nixos-unstable 4.22.3 nixpkgs-unstable 4.22.3 nixos-unstable-small 4.22.3 nixos-25.05 4.20.8 nixos-25.05-small 4.20.8 nixpkgs-25.05-darwin 4.20.8
pkgs.samba4Full Standard Windows interoperability suite of programs for Linux and Unix nixos-unstable 4.22.3 nixpkgs-unstable 4.22.3 nixos-unstable-small 4.22.3 nixos-25.05 4.20.8 nixos-25.05-small 4.20.8 nixpkgs-25.05-darwin 4.20.8
CVE-2025-11731 3.1 LOW CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): LOW created 1 month, 3 weeks ago Libxslt: type confusion in exsltfuncresultcompfunction of libxslt A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service. Affected products rhcos libxslt <1.1.44 Matching in nixpkgs pkgs.libxslt C library and tools to do XSL transformations nixos-unstable 1.1.43 nixpkgs-unstable 1.1.43 nixos-unstable-small 1.1.43 nixos-25.05 1.1.43 nixos-25.05-small 1.1.43 nixpkgs-25.05-darwin 1.1.43 pkgs.python312Packages.libxslt C library and tools to do XSL transformations nixos-unstable 1.1.43 nixpkgs-unstable 1.1.43 nixos-unstable-small 1.1.43 nixos-25.05 1.1.43 nixos-25.05-small 1.1.43 nixpkgs-25.05-darwin 1.1.43 pkgs.python313Packages.libxslt C library and tools to do XSL transformations nixos-unstable 1.1.43 nixpkgs-unstable 1.1.43 nixos-unstable-small 1.1.43 nixos-25.05 1.1.43 nixos-25.05-small 1.1.43 nixpkgs-25.05-darwin 1.1.43 Package maintainers: 1 @jtojnar Jan Tojnar <jtojnar@gmail.com>
pkgs.libxslt C library and tools to do XSL transformations nixos-unstable 1.1.43 nixpkgs-unstable 1.1.43 nixos-unstable-small 1.1.43 nixos-25.05 1.1.43 nixos-25.05-small 1.1.43 nixpkgs-25.05-darwin 1.1.43
pkgs.python312Packages.libxslt C library and tools to do XSL transformations nixos-unstable 1.1.43 nixpkgs-unstable 1.1.43 nixos-unstable-small 1.1.43 nixos-25.05 1.1.43 nixos-25.05-small 1.1.43 nixpkgs-25.05-darwin 1.1.43
pkgs.python313Packages.libxslt C library and tools to do XSL transformations nixos-unstable 1.1.43 nixpkgs-unstable 1.1.43 nixos-unstable-small 1.1.43 nixos-25.05 1.1.43 nixos-25.05-small 1.1.43 nixpkgs-25.05-darwin 1.1.43
CVE-2025-10283 9.6 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 1 month, 3 weeks ago Improper .git Sanitization in gitdumper Enables RCE BBOT's gitdumper module could be abused to execute commands through a malicious git repository. Affected products bbot =<2.6.1 Matching in nixpkgs pkgs.hebbot Matrix bot which can generate "This Week in X" like blog posts nixos-unstable 2.1-unstable-2024-09-20 nixpkgs-unstable 2.1-unstable-2024-09-20 nixos-unstable-small 2.1-unstable-2024-09-20 nixos-25.05 2.1-unstable-2024-09-20 nixos-25.05-small 2.1-unstable-2024-09-20 nixpkgs-25.05-darwin 2.1-unstable-2024-09-20 Package maintainers: 1 @a-kenji Alexander Kenji Berthold <aks.kenji@protonmail.com>
pkgs.hebbot Matrix bot which can generate "This Week in X" like blog posts nixos-unstable 2.1-unstable-2024-09-20 nixpkgs-unstable 2.1-unstable-2024-09-20 nixos-unstable-small 2.1-unstable-2024-09-20 nixos-25.05 2.1-unstable-2024-09-20 nixos-25.05-small 2.1-unstable-2024-09-20 nixpkgs-25.05-darwin 2.1-unstable-2024-09-20
CVE-2025-10284 9.6 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 1 month, 3 weeks ago Improper Archive Extraction in unarchive Enables RCE BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution. Affected products bbot =<2.6.1 Matching in nixpkgs pkgs.hebbot Matrix bot which can generate "This Week in X" like blog posts nixos-unstable 2.1-unstable-2024-09-20 nixpkgs-unstable 2.1-unstable-2024-09-20 nixos-unstable-small 2.1-unstable-2024-09-20 nixos-25.05 2.1-unstable-2024-09-20 nixos-25.05-small 2.1-unstable-2024-09-20 nixpkgs-25.05-darwin 2.1-unstable-2024-09-20 Package maintainers: 1 @a-kenji Alexander Kenji Berthold <aks.kenji@protonmail.com>
pkgs.hebbot Matrix bot which can generate "This Week in X" like blog posts nixos-unstable 2.1-unstable-2024-09-20 nixpkgs-unstable 2.1-unstable-2024-09-20 nixos-unstable-small 2.1-unstable-2024-09-20 nixos-25.05 2.1-unstable-2024-09-20 nixos-25.05-small 2.1-unstable-2024-09-20 nixpkgs-25.05-darwin 2.1-unstable-2024-09-20
CVE-2025-10282 4.7 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 1 month, 3 weeks ago GitLab Domain Confusion in gitlab Leaks API Key BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL. Affected products bbot =<2.6.1 Matching in nixpkgs pkgs.hebbot Matrix bot which can generate "This Week in X" like blog posts nixos-unstable 2.1-unstable-2024-09-20 nixpkgs-unstable 2.1-unstable-2024-09-20 nixos-unstable-small 2.1-unstable-2024-09-20 nixos-25.05 2.1-unstable-2024-09-20 nixos-25.05-small 2.1-unstable-2024-09-20 nixpkgs-25.05-darwin 2.1-unstable-2024-09-20 Package maintainers: 1 @a-kenji Alexander Kenji Berthold <aks.kenji@protonmail.com>
pkgs.hebbot Matrix bot which can generate "This Week in X" like blog posts nixos-unstable 2.1-unstable-2024-09-20 nixpkgs-unstable 2.1-unstable-2024-09-20 nixos-unstable-small 2.1-unstable-2024-09-20 nixos-25.05 2.1-unstable-2024-09-20 nixos-25.05-small 2.1-unstable-2024-09-20 nixpkgs-25.05-darwin 2.1-unstable-2024-09-20
CVE-2025-11561 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 1 month, 3 weeks ago Sssd: sssd default kerberos configuration allows privilege escalation on ad-joined linux systems A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, SSSD does not enable the Kerberos local authentication plugin (sssd_krb5_localauth_plugin), allowing an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users. This can result in unauthorized access or privilege escalation on domain-joined Linux hosts. Affected products sssd =<2.11.1 * rhcos * rhceph/rhceph-7-rhel9 * rhceph/rhceph-8-rhel9 * Matching in nixpkgs pkgs.sssd System Security Services Daemon nixos-unstable 2.9.7 nixpkgs-unstable 2.9.7 nixos-unstable-small 2.11.1 nixos-25.05 2.9.5 nixos-25.05-small 2.9.5 nixpkgs-25.05-darwin 2.9.5 Package maintainers: 1 @illustris Harikrishnan R <me@illustris.tech>
pkgs.sssd System Security Services Daemon nixos-unstable 2.9.7 nixpkgs-unstable 2.9.7 nixos-unstable-small 2.11.1 nixos-25.05 2.9.5 nixos-25.05-small 2.9.5 nixpkgs-25.05-darwin 2.9.5
CVE-2025-10281 4.7 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 1 month, 3 weeks ago Insecure URL Handling in git_clone Leading to Leaked API Key BBOT's git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL. Affected products bbot =<2.6.1 Matching in nixpkgs pkgs.hebbot Matrix bot which can generate "This Week in X" like blog posts nixos-unstable 2.1-unstable-2024-09-20 nixpkgs-unstable 2.1-unstable-2024-09-20 nixos-unstable-small 2.1-unstable-2024-09-20 nixos-25.05 2.1-unstable-2024-09-20 nixos-25.05-small 2.1-unstable-2024-09-20 nixpkgs-25.05-darwin 2.1-unstable-2024-09-20 Package maintainers: 1 @a-kenji Alexander Kenji Berthold <aks.kenji@protonmail.com>
pkgs.hebbot Matrix bot which can generate "This Week in X" like blog posts nixos-unstable 2.1-unstable-2024-09-20 nixpkgs-unstable 2.1-unstable-2024-09-20 nixos-unstable-small 2.1-unstable-2024-09-20 nixos-25.05 2.1-unstable-2024-09-20 nixos-25.05-small 2.1-unstable-2024-09-20 nixpkgs-25.05-darwin 2.1-unstable-2024-09-20