Nixpkgs security tracker

Permalink CVE-2026-34607

7.2 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): High (H)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): High (H)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

Emlog: Path Traversal in emUnZip() allows arbitrary file write leading to RCE

Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip() function (include/lib/common.php:793). When extracting ZIP archives (plugin/template uploads, backup imports), the function calls $zip->extractTo($path) without sanitizing ZIP entry names. An authenticated admin can upload a crafted ZIP containing entries with ../ sequences to write arbitrary files to the server filesystem, including PHP webshells, achieving Remote Code Execution (RCE). At time of publication, there are no publicly available patches.

References

https://github.com/emlog/emlog/security/advisories/GHSA-2jg8-rmhm-xv9m x_refsource_CONFIRM

Affected products

emlog

==<= 2.6.2

Matching in nixpkgs

pkgs.libsForQt5.ksystemlog

System log viewer

pkgs.kdePackages.ksystemlog

KDE SystemLog Application

nixos-unstable 25.12.3
- nixpkgs-unstable 25.12.3
- nixos-unstable-small 25.12.3
nixos-25.11 25.08.3
- nixos-25.11-small 25.08.3
- nixpkgs-25.11-darwin 25.08.3

pkgs.plasma5Packages.ksystemlog

System log viewer

Package maintainers

@FRidh Frederik Rietdijk <fridh@fridh.nl>
@K900 Ilya K. <me@0upti.me>
@peterhoeg Peter Hoeg <peter@hoeg.com>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@nyanloutre Paul Trehiou <paul@nyanlout.re>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@NickCao Nick Cao <nickcao@nichi.co>
@SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@bkchr Bastian Köcher <nixos@kchr.de>

Permalink CVE-2026-34788

6.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): High (H)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): High (H)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): None (N)

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

Emlog: SQL Injection in tag_model::updateTagName() via unsanitized parameters

Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tag_model.php at line 168. The updateTagName() function directly interpolates user input into the SQL query string without using parameterized queries or proper escaping ($this->db->escape_string()), making it vulnerable to SQL injection attacks. At time of publication, there are no publicly available patches.

References

https://github.com/emlog/emlog/security/advisories/GHSA-32mg-33qq-p3gf x_refsource_CONFIRM

Affected products

emlog

==<= 2.6.2

Matching in nixpkgs

pkgs.libsForQt5.ksystemlog

System log viewer

pkgs.kdePackages.ksystemlog

KDE SystemLog Application

nixos-unstable 25.12.3
- nixpkgs-unstable 25.12.3
- nixos-unstable-small 25.12.3
nixos-25.11 25.08.3
- nixos-25.11-small 25.08.3
- nixpkgs-25.11-darwin 25.08.3

pkgs.plasma5Packages.ksystemlog

System log viewer

Package maintainers

@FRidh Frederik Rietdijk <fridh@fridh.nl>
@K900 Ilya K. <me@0upti.me>
@peterhoeg Peter Hoeg <peter@hoeg.com>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@nyanloutre Paul Trehiou <paul@nyanlout.re>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@NickCao Nick Cao <nickcao@nichi.co>
@SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@bkchr Bastian Köcher <nixos@kchr.de>

Permalink CVE-2026-34229

6.1 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Changed (C)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): Low (L)
Modified Availability (MA): None (N)

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

Emlog: Stored XSS in Comment Module via URI Scheme Validation Bypass

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting (XSS) vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8.

References

https://github.com/emlog/emlog/security/advisories/GHSA-74gp-xh6w-hqw6 x_refsource_CONFIRM
https://github.com/emlog/emlog/commit/a12ab1b1a273fe634abab32fd28274c18bd57f07 x_refsource_MISC

Affected products

emlog

==< 2.6.8

Matching in nixpkgs

pkgs.libsForQt5.ksystemlog

System log viewer

pkgs.kdePackages.ksystemlog

KDE SystemLog Application

nixos-unstable 25.12.3
- nixpkgs-unstable 25.12.3
- nixos-unstable-small 25.12.3
nixos-25.11 25.08.3
- nixos-25.11-small 25.08.3
- nixpkgs-25.11-darwin 25.08.3

pkgs.plasma5Packages.ksystemlog

System log viewer

Package maintainers

@FRidh Frederik Rietdijk <fridh@fridh.nl>
@K900 Ilya K. <me@0upti.me>
@peterhoeg Peter Hoeg <peter@hoeg.com>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@nyanloutre Paul Trehiou <paul@nyanlout.re>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@NickCao Nick Cao <nickcao@nichi.co>
@SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@bkchr Bastian Köcher <nixos@kchr.de>

Permalink CVE-2026-34228

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

Emlog: CSRF in Backend Upgrade Interface Leading to Arbitrary Remote SQL Execution and Arbitrary File Write

Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and ZIP URLs via GET parameters. The server first downloads and executes the SQL file, then downloads the ZIP file and extracts it directly into the web root directory. This process does not validate a CSRF token. Therefore, an attacker only needs to trick an authenticated administrator into visiting a malicious link to achieve arbitrary SQL execution and arbitrary file write. This issue has been patched in version 2.6.8.

References

https://github.com/emlog/emlog/security/advisories/GHSA-2rcc-jg83-34vp x_refsource_CONFIRM
https://github.com/emlog/emlog/commit/4c3b8f3486e2c9caafee38a5eedb3cd16f8c8d6f x_refsource_MISC

Affected products

emlog

==< 2.6.8

Matching in nixpkgs

pkgs.libsForQt5.ksystemlog

System log viewer

pkgs.kdePackages.ksystemlog

KDE SystemLog Application

nixos-unstable 25.12.3
- nixpkgs-unstable 25.12.3
- nixos-unstable-small 25.12.3
nixos-25.11 25.08.3
- nixos-25.11-small 25.08.3
- nixpkgs-25.11-darwin 25.08.3

pkgs.plasma5Packages.ksystemlog

System log viewer

Package maintainers

@FRidh Frederik Rietdijk <fridh@fridh.nl>
@K900 Ilya K. <me@0upti.me>
@peterhoeg Peter Hoeg <peter@hoeg.com>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@nyanloutre Paul Trehiou <paul@nyanlout.re>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@NickCao Nick Cao <nickcao@nichi.co>
@SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@bkchr Bastian Köcher <nixos@kchr.de>

Permalink CVE-2026-31954

0.0 NONE

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

Emlog asynchronous media file deletion missing CSRF protection

Emlog is an open source website building system. In 2.6.6 and earlier, the delete_async action (asynchronous delete) lacks a call to LoginAuth::checkToken(), enabling CSRF attacks.

References

https://github.com/emlog/emlog/security/advisories/GHSA-xc26-93qj-rcrw x_refsource_CONFIRM

Affected products

emlog

==<= 2.6.6

Matching in nixpkgs

pkgs.libsForQt5.ksystemlog

System log viewer

pkgs.kdePackages.ksystemlog

KDE SystemLog Application

nixos-unstable 25.12.3
- nixpkgs-unstable 25.12.3
- nixos-unstable-small 25.12.3
nixos-25.11 25.08.3
- nixos-25.11-small 25.08.3
- nixpkgs-25.11-darwin 25.08.3

pkgs.plasma5Packages.ksystemlog

System log viewer

Package maintainers

@FRidh Frederik Rietdijk <fridh@fridh.nl>
@K900 Ilya K. <me@0upti.me>
@peterhoeg Peter Hoeg <peter@hoeg.com>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@nyanloutre Paul Trehiou <paul@nyanlout.re>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@NickCao Nick Cao <nickcao@nichi.co>
@SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@bkchr Bastian Köcher <nixos@kchr.de>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.libsForQt5.ksystemlog

pkgs.kdePackages.ksystemlog

pkgs.plasma5Packages.ksystemlog

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.libsForQt5.ksystemlog

pkgs.kdePackages.ksystemlog

pkgs.plasma5Packages.ksystemlog

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.libsForQt5.ksystemlog

pkgs.kdePackages.ksystemlog

pkgs.plasma5Packages.ksystemlog

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.libsForQt5.ksystemlog

pkgs.kdePackages.ksystemlog

pkgs.plasma5Packages.ksystemlog

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.libsForQt5.ksystemlog

pkgs.kdePackages.ksystemlog

pkgs.plasma5Packages.ksystemlog

Package maintainers