Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2023-23672
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress GiveWP plugin <= 2.25.1 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1.

give
=<2.25.1

pkgs.filegive

Easy p2p file sending program
CVE-2024-7260
4.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
Keycloak-core: open redirect on account page

An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks. Once a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.

keycloak
<24.0.7
keycloak-core
rhbk/keycloak-rhel9
*
rhbk/keycloak-rhel9-operator
*
rhbk/keycloak-operator-bundle
*

pkgs.keycloak

Identity and access management for modern applications and services

pkgs.terraform-providers.keycloak

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API
Package maintainers: 4
CVE-2024-37931
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
WordPress Point theme <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Creativthemes Point allows Cross Site Request Forgery.This issue affects Point: from n/a through 1.1.

point
=<1.1

pkgs.pinpoint

Tool for making hackers do excellent presentations

pkgs.git-point

Set arbitrary refs without shooting yourself in the foot, a procelain `git update-ref`

pkgs.ratpoints

Program to find rational points on hyperelliptic curves

pkgs.mountpoint-s3

Simple, high-throughput file client for mounting an Amazon S3 bucket as a local file system

pkgs.breakpointHook

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.libpointmatcher

"Iterative Closest Point" library for 2-D/3-D mapping in robotic

pkgs.xpointerbarrier

Create X11 pointer barriers around your working area

pkgs.highlight-pointer

Highlight mouse pointer/cursor using a dot

pkgs.breakpointHookCntr

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.quake3pointrelease

Quake 3 Arena point release

pkgs.haskellPackages.pointed

Pointed and copointed data

pkgs.haskellPackages.fixpoint

Data types as fixpoints

pkgs.haskellPackages.pointfree

Tool for refactoring expressions into pointfree form

pkgs.python312Packages.pypoint

Python module for communicating with Minut Point

pkgs.python313Packages.pypoint

Python module for communicating with Minut Point

pkgs.haskellPackages.breakpoint

Set breakpoints using a GHC plugin

pkgs.haskellPackages.mountpoints

list mount points

pkgs.haskellPackages.pointedlist

A zipper-like comonad which works as a list, tracking a position

pkgs.python312Packages.datapoint

Python interface to the Met Office's Datapoint API

pkgs.python313Packages.datapoint

Python interface to the Met Office's Datapoint API

pkgs.haskellPackages.pointless-fun

Some common point-free combinators

pkgs.python312Packages.entrypoint2

Easy to use command-line interface for python modules

pkgs.python312Packages.entrypoints

Discover and load entry points from installed packages

pkgs.python312Packages.jsonpointer

Resolve JSON Pointers in Python

pkgs.python313Packages.entrypoint2

Easy to use command-line interface for python modules

pkgs.python313Packages.entrypoints

Discover and load entry points from installed packages

pkgs.python313Packages.jsonpointer

Resolve JSON Pointers in Python

pkgs.gnomeExtensions.pointer-tracker

Highlight the mouse cursor to make it visible on screencasts

pkgs.rubyPackages.indieweb-endpoints

pkgs.haskellPackages.amazonka-pinpoint

Amazon Pinpoint SDK

pkgs.python312Packages.fastentrypoints

Makes entry_points specified in setup.py load more quickly

pkgs.python313Packages.fastentrypoints

Makes entry_points specified in setup.py load more quickly

pkgs.typstPackages.stack-pointer_0_1_0

A library for visualizing the execution of (imperative) computer programs

pkgs.python312Packages.entry-points-txt

Read & write entry_points.txt files

pkgs.python312Packages.orbax-checkpoint

Orbax provides common utility libraries for JAX users

pkgs.python313Packages.entry-points-txt

Read & write entry_points.txt files

pkgs.python313Packages.orbax-checkpoint

Orbax provides common utility libraries for JAX users

pkgs.typstPackages.pointless-size_0_1_0

中文字号的号数制及字体度量单位 Chinese size system (hào-system) and type-related measurements units

pkgs.typstPackages.pointless-size_0_1_1

中文字号的号数制及字体度量单位 Chinese size system (hào-system) and type-related measurements units

pkgs.rubyPackages_3_1.indieweb-endpoints

pkgs.rubyPackages_3_2.indieweb-endpoints

pkgs.rubyPackages_3_3.indieweb-endpoints

pkgs.rubyPackages_3_4.indieweb-endpoints

pkgs.home-assistant-component-tests.point

Open source home automation that puts local control and privacy first

pkgs.haskellPackages.acme-pointful-numbers

Make more than one point in numeric literals

pkgs.python312Packages.checkpoint-schedules

Schedules for incremental checkpointing of adjoint simulations

pkgs.python312Packages.langgraph-checkpoint

Library with base interfaces for LangGraph checkpoint savers

pkgs.python313Packages.checkpoint-schedules

Schedules for incremental checkpointing of adjoint simulations

pkgs.python313Packages.langgraph-checkpoint

Library with base interfaces for LangGraph checkpoint savers

pkgs.haskellPackages.amazonka-pinpoint-email

Amazon Pinpoint Email Service SDK

pkgs.haskellPackages.amazonka-pinpoint-sms-voice

Amazon Pinpoint SMS and Voice Service SDK

pkgs.python312Packages.types-aiobotocore-pinpoint

Type annotations for aiobotocore pinpoint

pkgs.python313Packages.types-aiobotocore-pinpoint

Type annotations for aiobotocore pinpoint

pkgs.python312Packages.langgraph-checkpoint-sqlite

Library with a SQLite implementation of LangGraph checkpoint saver

pkgs.python313Packages.langgraph-checkpoint-sqlite

Library with a SQLite implementation of LangGraph checkpoint saver

pkgs.haskellPackages.amazonka-pinpoint-sms-voice-v2

Amazon Pinpoint SMS Voice V2 SDK

pkgs.python312Packages.langgraph-checkpoint-postgres

Library with a Postgres implementation of LangGraph checkpoint saver

pkgs.python313Packages.langgraph-checkpoint-postgres

Library with a Postgres implementation of LangGraph checkpoint saver

pkgs.python312Packages.types-aiobotocore-pinpoint-email

Type annotations for aiobotocore pinpoint-email

pkgs.python313Packages.types-aiobotocore-pinpoint-email

Type annotations for aiobotocore pinpoint-email

pkgs.python312Packages.backports-entry-points-selectable

Compatibility shim providing selectable entry points for older implementations

pkgs.python313Packages.backports-entry-points-selectable

Compatibility shim providing selectable entry points for older implementations

pkgs.python312Packages.types-aiobotocore-pinpoint-sms-voice

Type annotations for aiobotocore pinpoint-sms-voice

pkgs.python313Packages.types-aiobotocore-pinpoint-sms-voice

Type annotations for aiobotocore pinpoint-sms-voice

pkgs.python312Packages.azure-synapse-managedprivateendpoints

Microsoft Azure Synapse Managed Private Endpoints Client Library

pkgs.python313Packages.azure-synapse-managedprivateendpoints

Microsoft Azure Synapse Managed Private Endpoints Client Library

pkgs.python312Packages.types-aiobotocore-pinpoint-sms-voice-v2

Type annotations for aiobotocore pinpoint-sms-voice-v2

pkgs.python313Packages.types-aiobotocore-pinpoint-sms-voice-v2

Type annotations for aiobotocore pinpoint-sms-voice-v2
Package maintainers: 19
CVE-2024-37490
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
WordPress Bard theme <= 2.210 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Bard allows Cross Site Request Forgery.This issue affects Bard: from n/a through 2.210.

bard
=<2.210

pkgs.bombardier

Fast cross-platform HTTP benchmarking tool written in Go
Package maintainers: 1
CVE-2024-38789
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Telegram Bot & Channel plugin <= 3.8.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Telegram Bot & Channel allows Cross Site Request Forgery.This issue affects Telegram Bot & Channel: from n/a through 3.8.2.

telegram-bot
=<3.8.2

pkgs.telegram-bot-api

Telegram Bot API server

pkgs.haskellPackages.telegram-bot-api

Easy to use library for building Telegram bots. Exports Telegram Bot API.

pkgs.haskellPackages.telegram-bot-simple

Easy to use library for building Telegram bots

pkgs.python312Packages.python-telegram-bot

Python library to interface with the Telegram Bot API

pkgs.python313Packages.python-telegram-bot

Python library to interface with the Telegram Bot API
Package maintainers: 5
CVE-2024-37478
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
WordPress Ashe theme <= 2.233 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Ashe allows Cross Site Request Forgery.This issue affects Ashe: from n/a through 2.233.

ashe
=<2.233

pkgs.ashell

Ready to go Wayland status bar for Hyprland

pkgs.dasher

Information-efficient text-entry interface, driven by natural continuous pointing gestures

pkgs.hashes

Simple hash algorithm identification GUI

pkgs.seashells

Pipe command-line programs to seashells.io

pkgs.gcfflasher

CFFlasher is the tool to program the firmware of dresden elektronik's Zigbee products

pkgs.pixelflasher

Pixel™ phone flashing GUI utility with features

pkgs.haskellPackages.hashes

Hash functions

pkgs.python312Packages.cashews

Cache tools with async power

pkgs.python313Packages.cashews

Cache tools with async power

pkgs.tests.texlive.fixedHashes

  • nixos-unstable ???
    • nixpkgs-unstable

pkgs.python312Packages.universal-silabs-flasher

Flashes Silicon Labs radios running EmberZNet or CPC multi-pan firmware

pkgs.python313Packages.universal-silabs-flasher

Flashes Silicon Labs radios running EmberZNet or CPC multi-pan firmware

pkgs.home-assistant-component-tests.ruckus_unleashed

Open source home automation that puts local control and privacy first
Package maintainers: 9
CVE-2024-38766
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
WordPress Matomo Analytics plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) leading to Notice Dismissal vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Matomo Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from n/a through 5.1.1.

matomo
=<5.1.1

pkgs.matomo_5

Real-time web analytics application
Package maintainers: 10
CVE-2023-47183
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 2 weeks ago
WordPress GiveWP plugin <= 2.33.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in GiveWP GiveWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through 2.33.1.

give
=<2.33.1

pkgs.filegive

Easy p2p file sending program
CVE-2024-56217
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 1 month, 2 weeks ago
WordPress Download Manager plugin <= 3.3.03 - Broken Access Control vulnerability

Missing Authorization vulnerability in W3 Eden, Inc. Download Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through 3.3.03.

download-manager
=<3.3.03

pkgs.lomiri.lomiri-download-manager

Performs uploads and downloads from a centralized location
Package maintainers: 1
CVE-2024-7143 created 1 month, 2 weeks ago
Pulpcore: rbac permissions incorrectly assigned in tasks that create objects

A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn't dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing.

pulp
=<3.56.0
receptor
python-django
python-urllib3
python-pulpcore
python3x-django
python3x-urllib3
python3x-pulpcore
automation-controller
python-pulpcore-client
rubygem-pulpcore_client

pkgs.pulp

A build system for PureScript projects

pkgs.nodePackages.pulp

A build system for PureScript projects

pkgs.python312Packages.pulp

Module to generate MPS or LP files

pkgs.python313Packages.pulp

Module to generate MPS or LP files

pkgs.nodePackages_latest.pulp

A build system for PureScript projects
Package maintainers: 1