Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: lomiri.lomiri-download-manager

Found 4 matching suggestions

View:
Compact
Detailed
Dismissed
(not in Nixpkgs)
Permalink CVE-2026-39676
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 2 weeks ago
  • @LeSuisse dismissed (not in Nixpkgs) 1 month, 2 weeks ago
WordPress Download Manager plugin <= 3.3.52 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through <= 3.3.52.

Affected products

download-manager
  • =<3.3.52

Matching in nixpkgs

Package maintainers

Dismissed
(not in Nixpkgs)
Permalink CVE-2026-39615
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 2 weeks ago
  • @LeSuisse dismissed (not in Nixpkgs) 1 month, 2 weeks ago
WordPress Download Manager plugin <= 3.3.53 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Download Manager download-manager allows Stored XSS.This issue affects Download Manager: from n/a through <= 3.3.53.

Affected products

download-manager
  • =<3.3.53

Matching in nixpkgs

Package maintainers

Dismissed
Permalink CVE-2025-60093
4.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
updated 5 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 6 months ago
  • @LeSuisse dismissed 5 months, 3 weeks ago
WordPress Download Manager Plugin <= 3.3.24 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Shahjada Download Manager allows Cross Site Request Forgery. This issue affects Download Manager: from n/a through 3.3.24.

Affected products

download-manager
  • =<3.3.24

Matching in nixpkgs

Package maintainers

Dismissed
Permalink CVE-2025-60092
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
updated 5 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 6 months ago
  • @LeSuisse dismissed 5 months, 3 weeks ago
WordPress Download Manager Plugin <= 3.3.24 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager allows Retrieve Embedded Sensitive Data. This issue affects Download Manager: from n/a through 3.3.24.

Affected products

download-manager
  • =<3.3.24

Matching in nixpkgs

Package maintainers