⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-3642
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 weeks, 5 days ago
Moodle: authenticated remote code execution risk in the moodle lms equella repository

A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled.

moodle
<4.3.12
<4.4.8
<4.5.4
<4.1.18

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.texlivePackages.moodle

Generating Moodle quizzes via LaTeX
CVE-2025-46420
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 3 weeks, 6 days ago
Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c

A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.

libsoup

pkgs.libsoup_2_4

HTTP client/server library for GNOME

pkgs.gnome.libsoup

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4
CVE-2025-46483
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 weeks, 6 days ago
WordPress Peadig’s Google +1 Button <= 0.1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Moss Peadig’s Google +1 Button allows DOM-Based XSS. This issue affects Peadig’s Google +1 Button: from n/a through 0.1.2.

google-1
=<0.1.2

pkgs.python311Packages.cirq-google

Framework for creating, editing, and invoking Noisy Intermediate Scale Quantum (NISQ) circuits

pkgs.python312Packages.cirq-google

Framework for creating, editing, and invoking Noisy Intermediate Scale Quantum (NISQ) circuits
CVE-2024-25982
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 3 weeks, 6 days ago
Msa-24-0005: csrf risk in language import utility

The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.

moodle
<4.1.9
<4.2.6
<4.3.3

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.texlivePackages.moodle

Generating Moodle quizzes via LaTeX
CVE-2024-6387
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 3 weeks, 6 days ago
Openssh: regresshion - race condition in ssh allows rce/dos

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

rhcos
*
OpenSSH
=<9.7p1
openssh
*
rhceph-6-rhel9

pkgs.openssh_hpnWithKerberos

Implementation of the SSH protocol with high performance networking patches

pkgs.perl536Packages.NetOpenSSH

Perl SSH client package implemented on top of OpenSSH

pkgs.perl538Packages.NetOpenSSH

Perl SSH client package implemented on top of OpenSSH

pkgs.perl540Packages.NetOpenSSH

Perl SSH client package implemented on top of OpenSSH
CVE-2025-46443
4.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 3 weeks, 6 days ago
WordPress Animate <= 0.5 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Adam Pery Animate allows Server Side Request Forgery. This issue affects Animate: from n/a through 0.5.

animate
=<0.5

pkgs.texlivePackages.animate

Create PDF and SVG animations from graphics files and inline graphics
CVE-2025-46505
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 3 weeks, 6 days ago
WordPress Peekaboo <= 1.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in farinspace Peekaboo allows Stored XSS. This issue affects Peekaboo: from n/a through 1.1.

peekaboo
=<1.1
CVE-2025-46421
6.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 3 weeks, 6 days ago
Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server

A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.

libsoup

pkgs.libsoup_2_4

HTTP client/server library for GNOME

pkgs.gnome.libsoup

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4
CVE-2025-46399
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 4 weeks ago
fig2dev segmentation fault in genge_itp_spline

Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via genge_itp_spline function.

fig2dev
==3.2.9a
CVE-2025-46400
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 4 weeks ago
fig2dev segmentation fault in read_arcobject

Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via read_arcobject function.

fig2dev
==3.2.9a