⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2024-4028
3.8 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 7 months, 1 week ago
Keycloak-core: stored xss in keycloak when creating a items in admin console

A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.

keycloak
<18.0.8
keycloak-core
rh-sso7-keycloak

pkgs.keycloak

Identity and access management for modern applications and services

pkgs.terraform-providers.keycloak

pkgs.python311Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.x86_64-linux

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.aarch64-linux

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.x86_64-darwin

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.aarch64-darwin

Provides access to the Keycloak API
Package maintainers: 3
CVE-2025-2157
3.3 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 7 months, 1 week ago
Foreman: disclosure of executed commands and outputs in foreman / red hat satellite

A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited effectively.

foreman
==6.17
==6.16

pkgs.foreman

Process manager for applications with multiple components
Package maintainers: 1
CVE-2023-20579
4.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 7 months, 1 week ago
Improper Access Control in the AMD SPI protection feature may …

Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.

PI
==Various
==various
==various

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

pkgs.perl538Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl540Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

pkgs.haskellPackages.hsPID

PID control loop

pkgs.spirv-llvm-translator

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.spoofdpi.x86_64-linux

Simple and fast anti-censorship tool written in Go

pkgs.perl538Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.perl540Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

pkgs.spoofdpi.aarch64-linux

Simple and fast anti-censorship tool written in Go

pkgs.spoofdpi.x86_64-darwin

Simple and fast anti-censorship tool written in Go

pkgs.spoofdpi.aarch64-darwin

Simple and fast anti-censorship tool written in Go

pkgs.haskellPackages.EdisonAPI

A library of efficient, purely-functional data structures (API)

pkgs.perl538Packages.PPIxUtils

Utility functions for PPI

pkgs.perl540Packages.PPIxUtils

Utility functions for PPI

pkgs.perl538Packages.PPIxRegexp

Parse regular expressions

pkgs.perl540Packages.PPIxRegexp

Parse regular expressions

pkgs.perl538Packages.ProcPIDFile

Manage process id files

pkgs.perl540Packages.ProcPIDFile

Manage process id files

pkgs.perl538Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

pkgs.perl538Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl538Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.OpenAPIClient

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPI.x86_64-linux

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl540Packages.PPI.aarch64-linux

Parse, Analyze and Manipulate Perl (without perl)

pkgs.perl540Packages.PPI.x86_64-darwin

Parse, Analyze and Manipulate Perl (without perl)

pkgs.haskellPackages.hsPID.x86_64-linux

PID control loop

pkgs.perl540Packages.PPI.aarch64-darwin

Parse, Analyze and Manipulate Perl (without perl)

pkgs.spirv-llvm-translator.x86_64-linux

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.haskellPackages.hsPID.aarch64-linux

PID control loop

pkgs.haskellPackages.hsPID.x86_64-darwin

PID control loop

pkgs.spirv-llvm-translator.aarch64-linux

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.spirv-llvm-translator.x86_64-darwin

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.haskellPackages.hsPID.aarch64-darwin

PID control loop

pkgs.perl540Packages.PDFAPI2.x86_64-linux

Create, modify, and examine PDF files

pkgs.spirv-llvm-translator.aarch64-darwin

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

pkgs.perl540Packages.PDFAPI2.aarch64-linux

Create, modify, and examine PDF files

pkgs.perl540Packages.PDFAPI2.x86_64-darwin

Create, modify, and examine PDF files

pkgs.perl540Packages.PDFAPI2.aarch64-darwin

Create, modify, and examine PDF files

pkgs.perl540Packages.PPIxUtils.x86_64-linux

Utility functions for PPI

pkgs.perl540Packages.PPIxRegexp.x86_64-linux

Parse regular expressions

pkgs.perl540Packages.PPIxUtils.aarch64-linux

Utility functions for PPI

pkgs.perl540Packages.PPIxUtils.x86_64-darwin

Utility functions for PPI

pkgs.perl538Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.PPIxRegexp.aarch64-linux

Parse regular expressions

pkgs.perl540Packages.PPIxRegexp.x86_64-darwin

Parse regular expressions

pkgs.perl540Packages.PPIxUtils.aarch64-darwin

Utility functions for PPI

pkgs.perl540Packages.ProcPIDFile.x86_64-linux

Manage process id files

pkgs.perl540Packages.PPIxRegexp.aarch64-darwin

Parse regular expressions

pkgs.perl540Packages.ProcPIDFile.aarch64-linux

Manage process id files

pkgs.perl540Packages.ProcPIDFile.x86_64-darwin

Manage process id files

pkgs.perl540Packages.WWWTwilioAPI.x86_64-linux

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.OpenAPIClient.x86_64-linux

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike.x86_64-linux

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxUtilities.x86_64-linux

Extensions to PPI|PPI

pkgs.perl540Packages.ProcPIDFile.aarch64-darwin

Manage process id files

pkgs.perl540Packages.WWWTwilioAPI.aarch64-linux

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.WWWTwilioAPI.x86_64-darwin

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.OpenAPIClient.aarch64-linux

Client for talking to an Open API powered server

pkgs.perl540Packages.OpenAPIClient.x86_64-darwin

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike.aarch64-linux

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxQuoteLike.x86_64-darwin

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxUtilities.aarch64-linux

Extensions to PPI|PPI

pkgs.perl540Packages.PPIxUtilities.x86_64-darwin

Extensions to PPI|PPI

pkgs.perl540Packages.WWWTwilioAPI.aarch64-darwin

Accessing Twilio's REST API with Perl

pkgs.perl540Packages.OpenAPIClient.aarch64-darwin

Client for talking to an Open API powered server

pkgs.perl540Packages.PPIxQuoteLike.aarch64-darwin

Parse Perl string literals and string-literal-like things

pkgs.perl540Packages.PPIxUtilities.aarch64-darwin

Extensions to PPI|PPI

pkgs.perl540Packages.MojoliciousPluginOpenAPI.x86_64-linux

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI.aarch64-linux

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI.x86_64-darwin

OpenAPI / Swagger plugin for Mojolicious

pkgs.perl540Packages.MojoliciousPluginOpenAPI.aarch64-darwin

OpenAPI / Swagger plugin for Mojolicious
Package maintainers: 5
CVE-2023-6787
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 7 months, 1 week ago
Keycloak: session hijacking via re-authentication

A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter "prompt=login," prompting the user to re-enter their credentials. If the user cancels this re-authentication by selecting "Restart login," an account takeover may occur, as the new session, with a different SUB, will possess the same SID as the previous session.

keycloak
<24.0.3
<22.0.10
keycloak-core
rh-sso7-keycloak
rhbk/keycloak-rhel9
*
rhbk/keycloak-rhel9-operator
*
rhbk/keycloak-operator-bundle
*

pkgs.keycloak

Identity and access management for modern applications and services

pkgs.terraform-providers.keycloak

pkgs.python311Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.x86_64-linux

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.aarch64-linux

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.x86_64-darwin

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.aarch64-darwin

Provides access to the Keycloak API
Package maintainers: 3
CVE-2024-8176
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 7 months, 1 week ago
Libexpat: expat: improper restriction of xml entity expansion depth in libexpat

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

expat
*
rhcos
firefox
libexpat
<2.7.0
xmlrpc-c
*
lua-expat
mingw-expat
thunderbird
compat-expat1
firefox:flatpak/firefox
thunderbird:flatpak/thunderbird
registry.redhat.io/discovery/discovery-ui-rhel9
*
registry.redhat.io/discovery/discovery-server-rhel9
*
registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9
*

pkgs.expat

Stream-oriented XML parser library written in C

pkgs.xmlrpc_c

Lightweight RPC library based on XML and HTTP

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-unwrapped

Web browser built from Firefox source tree

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

pkgs.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

pkgs.haskellPackages.hexpat

XML parser/formatter based on expat

pkgs.lua52Packages.luaexpat

XML Expat parsing

pkgs.haskellPackages.hxt-expat

Expat parser for HXT

pkgs.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

pkgs.haskellPackages.hexpat-pickle

XML picklers based on hexpat, source-code-similar to those of the HXT package

pkgs.haskellPackages.hexpat-tagsoup

Parse (possibly malformed) HTML to hexpat tree

pkgs.gnomeExtensions.firefox-profiles

This GNOME extension makes it easy to launch Firefox with a specific profile from the indicator menu.
  • nixos-unstable 1
    • nixos-unstable-small 2
    • nixpkgs-unstable 1

pkgs.luaPackages.luaexpat.x86_64-linux

XML Expat parsing

pkgs.luaPackages.luaexpat.aarch64-linux

XML Expat parsing

pkgs.luaPackages.luaexpat.x86_64-darwin

XML Expat parsing

pkgs.chickenPackages_5.chickenEggs.expat

An interface to James Clark's Expat XML parser

pkgs.haskellPackages.hexpat.x86_64-linux

XML parser/formatter based on expat

pkgs.lua51Packages.luaexpat.x86_64-linux

XML Expat parsing

pkgs.lua53Packages.luaexpat.x86_64-linux

XML Expat parsing

pkgs.lua54Packages.luaexpat.x86_64-linux

XML Expat parsing

pkgs.luaPackages.luaexpat.aarch64-darwin

XML Expat parsing

pkgs.haskellPackages.hexpat.aarch64-linux

XML parser/formatter based on expat

pkgs.haskellPackages.hexpat.x86_64-darwin

XML parser/formatter based on expat

pkgs.lua51Packages.luaexpat.aarch64-linux

XML Expat parsing

pkgs.lua51Packages.luaexpat.x86_64-darwin

XML Expat parsing

pkgs.lua53Packages.luaexpat.aarch64-linux

XML Expat parsing

pkgs.lua53Packages.luaexpat.x86_64-darwin

XML Expat parsing

pkgs.lua54Packages.luaexpat.aarch64-linux

XML Expat parsing

pkgs.lua54Packages.luaexpat.x86_64-darwin

XML Expat parsing

pkgs.emacsPackages.firefox-javascript-repl

pkgs.haskellPackages.hexpat.aarch64-darwin

XML parser/formatter based on expat

pkgs.lua51Packages.luaexpat.aarch64-darwin

XML Expat parsing

pkgs.lua53Packages.luaexpat.aarch64-darwin

XML Expat parsing

pkgs.lua54Packages.luaexpat.aarch64-darwin

XML Expat parsing

pkgs.haskellPackages.hxt-expat.x86_64-linux

Expat parser for HXT

pkgs.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

pkgs.haskellPackages.hxt-expat.aarch64-linux

Expat parser for HXT

pkgs.haskellPackages.hxt-expat.x86_64-darwin

Expat parser for HXT

pkgs.haskellPackages.hxt-expat.aarch64-darwin

Expat parser for HXT

pkgs.gnomeExtensions.firefox-pip-always-on-top

Ensure that Firefox Picture-in-Picture window are always on top
  • nixos-unstable 8
    • nixos-unstable-small 8
    • nixpkgs-unstable 8

pkgs.haskellPackages.hexpat-pickle.x86_64-linux

XML picklers based on hexpat, source-code-similar to those of the HXT package

pkgs.haskellPackages.hexpat-pickle.aarch64-linux

XML picklers based on hexpat, source-code-similar to those of the HXT package

pkgs.haskellPackages.hexpat-pickle.x86_64-darwin

XML picklers based on hexpat, source-code-similar to those of the HXT package

pkgs.haskellPackages.hexpat-tagsoup.x86_64-linux

Parse (possibly malformed) HTML to hexpat tree

pkgs.haskellPackages.hexpat-pickle.aarch64-darwin

XML picklers based on hexpat, source-code-similar to those of the HXT package

pkgs.haskellPackages.hexpat-tagsoup.aarch64-linux

Parse (possibly malformed) HTML to hexpat tree

pkgs.haskellPackages.hexpat-tagsoup.x86_64-darwin

Parse (possibly malformed) HTML to hexpat tree

pkgs.haskellPackages.hexpat-tagsoup.aarch64-darwin

Parse (possibly malformed) HTML to hexpat tree

pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug

Visual Studio Code extension for debugging web applications and browser extensions in Firefox

pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug.x86_64-linux

Visual Studio Code extension for debugging web applications and browser extensions in Firefox

pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug.aarch64-linux

Visual Studio Code extension for debugging web applications and browser extensions in Firefox

pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug.x86_64-darwin

Visual Studio Code extension for debugging web applications and browser extensions in Firefox

pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug.aarch64-darwin

Visual Studio Code extension for debugging web applications and browser extensions in Firefox
Package maintainers: 17
CVE-2022-28652
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 7 months, 1 week ago
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack

~/.config/apport/settings parsing is vulnerable to "billion laughs" attack

apport
<2.21.0

pkgs.haskellPackages.apportionment

Round a set of numbers while maintaining its sum
Package maintainers: 1
CVE-2025-0650
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 7 months, 1 week ago
Ovn: egress acls may be bypassed via specially crafted udp packet

A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.

ovn
==24.09.2
==22.03.8
==24.03.5
ovn2.11
ovn2.12
ovn2.13
ovn-2021
ovn22.03
*
ovn22.06
*
ovn22.09
*
ovn22.12
*
ovn23.03
*
ovn23.06
*
ovn23.09
*
ovn24.03
*
ovn24.09
*

pkgs.novnc

VNC client web application

pkgs.turbovnc

High-speed version of VNC derived from TightVNC

pkgs.nanovna-saver

A tool for reading, displaying and saving data from the NanoVNA

pkgs.python311Packages.slovnet

Deep-learning based NLP modeling for Russian language
Package maintainers: 6
CVE-2024-2313
2.8 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 7 months, 1 week ago
If kernel headers need to be extracted, bpftrace will attempt …

If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

bpftrace
<v0.20.2

pkgs.bpftrace

High-level tracing language for Linux eBPF

pkgs.linuxPackages_zen.bpftrace

High-level tracing language for Linux eBPF

pkgs.linuxKernel.packages.linux_6_1.bpftrace

High-level tracing language for Linux eBPF

pkgs.linuxPackages_zen.bpftrace.x86_64-linux

High-level tracing language for Linux eBPF

pkgs.linuxKernel.packages.linux_5_10.bpftrace

High-level tracing language for Linux eBPF

pkgs.linuxPackages_zen.bpftrace.aarch64-linux

High-level tracing language for Linux eBPF

pkgs.linuxKernel.packages.linux_libre.bpftrace

High-level tracing language for Linux eBPF

pkgs.linuxKernel.packages.linux_latest_libre.bpftrace

High-level tracing language for Linux eBPF

pkgs.linuxKernel.packages.linux_5_10.bpftrace.x86_64-linux

High-level tracing language for Linux eBPF

pkgs.linuxKernel.packages.linux_5_10.bpftrace.aarch64-linux

High-level tracing language for Linux eBPF

pkgs.linuxKernel.packages.linux_latest_libre.bpftrace.x86_64-linux

High-level tracing language for Linux eBPF

pkgs.linuxKernel.packages.linux_latest_libre.bpftrace.aarch64-linux

High-level tracing language for Linux eBPF
Package maintainers: 4
CVE-2024-43437
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 7 months, 1 week ago
Moodle: xss risk when restoring malicious course backup file

A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files.

moodle
<4.3.6
<4.1.12
<4.4.2
<4.2.9

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle
Package maintainers: 2
CVE-2023-26020
5.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 7 months, 1 week ago
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Crafter Studio

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26.

Studio
=<3.1.26
=<4.0.1

pkgs.rstudio.x86_64-linux

Set of integrated tools for the R language

pkgs.rstudio-server.x86_64-linux

Set of integrated tools for the R language

pkgs.vscode-extensions.visualstudioexptteam.vscodeintellicode

AI-assisted development

pkgs.vscode-extensions.visualstudioexptteam.intellicode-api-usage-examples

See relevant code examples from GitHub for over 100K different APIs right in your editor

pkgs.vscode-extensions.visualstudioexptteam.vscodeintellicode.x86_64-linux

AI-assisted development

pkgs.vscode-extensions.visualstudioexptteam.vscodeintellicode.aarch64-linux

AI-assisted development

pkgs.vscode-extensions.visualstudioexptteam.vscodeintellicode.x86_64-darwin

AI-assisted development

pkgs.vscode-extensions.visualstudioexptteam.vscodeintellicode.aarch64-darwin

AI-assisted development

pkgs.vscode-extensions.visualstudioexptteam.intellicode-api-usage-examples.x86_64-linux

See relevant code examples from GitHub for over 100K different APIs right in your editor

pkgs.vscode-extensions.visualstudioexptteam.intellicode-api-usage-examples.aarch64-linux

See relevant code examples from GitHub for over 100K different APIs right in your editor

pkgs.vscode-extensions.visualstudioexptteam.intellicode-api-usage-examples.x86_64-darwin

See relevant code examples from GitHub for over 100K different APIs right in your editor

pkgs.vscode-extensions.visualstudioexptteam.intellicode-api-usage-examples.aarch64-darwin

See relevant code examples from GitHub for over 100K different APIs right in your editor
Package maintainers: 3