Nixpkgs security tracker

Dismissed

(not in Nixpkgs)

Permalink CVE-2019-25572

6.2 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 2 months ago by @mweinelt Activity log

Created suggestion 2 months ago
@mweinelt dismissed (not in Nixpkgs) 2 months ago

NordVPN 6.19.6 Denial of Service via Email Field Buffer Overflow

NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash.

References

ExploitDB-46343 exploit
Official Product Homepage product
Product Reference product
VulnCheck Advisory: NordVPN 6.19.6 Denial of Service via Email Field Buffer Overflow third-party-advisory

Affected products

NordVPN

==6.19.6

Matching in nixpkgs

pkgs.gnomeExtensions.gnordvpn-local

A Gnome extension that shows the NordVPN status in the top bar and provides the ability to configure certain aspects of the connection.

nixos-unstable 31
- nixpkgs-unstable 31
- nixos-unstable-small 31
nixos-25.11 30
- nixos-25.11-small 30
- nixpkgs-25.11-darwin 30

pkgs.gnomeExtensions.nordvpn-quick-toggle

GNOME extension that shows a quick toggle to connect/disconnect NordVPN.

nixos-unstable 13
- nixpkgs-unstable 13
- nixos-unstable-small 13
nixos-25.11 13
- nixos-25.11-small 13
- nixpkgs-25.11-darwin 13

Package maintainers

@honnip Jung seungwoo <me@honnip.page>

Dismissed

(exclusively hosted service)

Permalink CVE-2026-26138

8.6 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Changed (C)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): None (N)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

Microsoft Purview Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

References

Microsoft Purview Elevation of Privilege Vulnerability patchvendor-advisory

Affected products

Microsoft Purview

==-

Dismissed

(exclusively hosted service)

Permalink CVE-2026-26120

6.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): Low (L)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

Microsoft Bing Tampering Vulnerability

Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over a network.

References

Microsoft Bing Tampering Vulnerability patchvendor-advisory

Affected products

Microsoft Bing

==-

Dismissed

(exclusively hosted service)

Permalink CVE-2026-23658

8.6 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Changed (C)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): None (N)
Exploit Code Maturity (E): Unproven (U)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

Azure DevOps: msazure Elevation of Privilege Vulnerability

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.

References

Azure DevOps: msazure Elevation of Privilege Vulnerability patchvendor-advisory

Affected products

Azure DevOps: msazure

==-

Dismissed

(exclusively hosted service)

Permalink CVE-2026-26139

8.6 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Changed (C)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): None (N)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

Microsoft Purview Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

References

Microsoft Purview Elevation of Privilege Vulnerability patchvendor-advisory

Affected products

Microsoft Purview

==-

Dismissed

(exclusively hosted service)

Permalink CVE-2026-26136

6.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): None (N)
Exploit Code Maturity (E): Unproven (U)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

Microsoft Copilot Information Disclosure Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to disclose information over a network.

References

Microsoft Copilot Information Disclosure Vulnerability patchvendor-advisory

Affected products

Microsoft Copilot

==-

Dismissed

(exclusively hosted service)

Permalink CVE-2026-24299

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): None (N)
Exploit Code Maturity (E): Unproven (U)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

M365 Copilot Information Disclosure Vulnerability

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

References

M365 Copilot Information Disclosure Vulnerability patchvendor-advisory

Affected products

Microsoft 365 Copilot

==-

Dismissed

(exclusively hosted service)

Permalink CVE-2026-26137

8.9 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): Required (R)
Scope (S): Changed (C)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): Low (L)
Exploit Code Maturity (E): Unproven (U)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): High (H)
Modified Availability (MA): Low (L)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

Microsoft 365 Copilot BizChat Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allows an authorized attacker to elevate privileges over a network.

References

Microsoft 365 Copilot BizChat Elevation of Privilege Vulnerability patchvendor-advisory

Affected products

Microsoft 365 Copilot's Business Chat

==-

Dismissed

(exclusively hosted service)

Permalink CVE-2026-23659

8.6 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Changed (C)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): None (N)
Exploit Code Maturity (E): Unproven (U)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

Azure Data Factory Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network.

References

Azure Data Factory Information Disclosure Vulnerability patchvendor-advisory

Affected products

Azure Data Factory

==-

Dismissed

(exclusively hosted service)

Permalink CVE-2026-32169

10.0 CRITICAL

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Changed (C)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Exploit Code Maturity (E): Unproven (U)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

Azure Cloud Shell Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network.

References

Azure Cloud Shell Elevation of Privilege Vulnerability patchvendor-advisory

Affected products

Azure Cloud Shell

==-

Dismissed suggestions

References

Affected products

Matching in nixpkgs

pkgs.gnomeExtensions.gnordvpn-local

pkgs.gnomeExtensions.nordvpn-quick-toggle

Package maintainers

References

Affected products

References

Affected products

References

Affected products

References

Affected products

References

Affected products

References

Affected products

References

Affected products

References

Affected products

References

Affected products