CVE-2025-62399 7.5 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): NONE Availability impact (A): HIGH created 2 weeks, 2 days ago Moodle: password brute force risk when mobile/web services enabled Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks. Affected products moodle <4.5.7 <4.1.21 <4.4.11 <5.0.3 Matching in nixpkgs pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 ??? nixos-25.05-small 5.0 nixos-unstable 4.4.3 nixos-unstable-small 5.0.1 nixpkgs-unstable 5.0.1 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 ??? nixos-25.05-small 2.3.13 nixos-unstable 2.3.12 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 ??? nixos-25.05-small 5.0 nixos-unstable 4.4.3 nixos-unstable-small 5.0.1 nixpkgs-unstable 5.0.1
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 ??? nixos-25.05-small 2.3.13 nixos-unstable 2.3.12 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13
CVE-2025-62401 5.4 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): LOW Availability impact (A): LOW created 2 weeks, 2 days ago Moodle: possible to bypass timer in timed assignments An issue in Moodle’s timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment. Affected products moodle <4.5.7 <4.1.21 <4.4.11 <5.0.3 Matching in nixpkgs pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 ??? nixos-25.05-small 5.0 nixos-unstable 4.4.3 nixos-unstable-small 5.0.1 nixpkgs-unstable 5.0.1 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 ??? nixos-25.05-small 2.3.13 nixos-unstable 2.3.12 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 ??? nixos-25.05-small 5.0 nixos-unstable 4.4.3 nixos-unstable-small 5.0.1 nixpkgs-unstable 5.0.1
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 ??? nixos-25.05-small 2.3.13 nixos-unstable 2.3.12 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13
CVE-2025-62397 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 2 weeks, 2 days ago Moodle: router produces json instead of 404 error for invalid course id The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance. Affected products moodle <5.0.3 Matching in nixpkgs pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 ??? nixos-25.05-small 5.0 nixos-unstable 4.4.3 nixos-unstable-small 5.0.1 nixpkgs-unstable 5.0.1 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 ??? nixos-25.05-small 2.3.13 nixos-unstable 2.3.12 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 ??? nixos-25.05-small 5.0 nixos-unstable 4.4.3 nixos-unstable-small 5.0.1 nixpkgs-unstable 5.0.1
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 ??? nixos-25.05-small 2.3.13 nixos-unstable 2.3.12 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13
CVE-2025-62398 5.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 2 weeks, 2 days ago Moodle: possible to bypass mfa A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts. Affected products moodle <4.5.7 <4.4.11 <5.0.3 Matching in nixpkgs pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 ??? nixos-25.05-small 5.0 nixos-unstable 4.4.3 nixos-unstable-small 5.0.1 nixpkgs-unstable 5.0.1 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 ??? nixos-25.05-small 2.3.13 nixos-unstable 2.3.12 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 ??? nixos-25.05-small 5.0 nixos-unstable 4.4.3 nixos-unstable-small 5.0.1 nixpkgs-unstable 5.0.1
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 ??? nixos-25.05-small 2.3.13 nixos-unstable 2.3.12 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13
CVE-2025-62400 4.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 2 weeks, 2 days ago Moodle: hidden group names visible to event creators Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information. Affected products moodle <4.5.7 <4.1.21 <4.4.11 <5.0.3 Matching in nixpkgs pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 ??? nixos-25.05-small 5.0 nixos-unstable 4.4.3 nixos-unstable-small 5.0.1 nixpkgs-unstable 5.0.1 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 ??? nixos-25.05-small 2.3.13 nixos-unstable 2.3.12 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-25.05 ??? nixos-25.05-small 5.0 nixos-unstable 4.4.3 nixos-unstable-small 5.0.1 nixpkgs-unstable 5.0.1
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-25.05 ??? nixos-25.05-small 2.3.13 nixos-unstable 2.3.12 nixos-unstable-small 2.3.13 nixpkgs-unstable 2.3.13
CVE-2025-62068 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 2 weeks, 2 days ago WordPress e2pdf plugin <= 1.28.09 - Cross Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.28.09. Affected products e2pdf =<<= 1.28.09 Matching in nixpkgs pkgs.haskellPackages.line2pdf Simple command-line utility to convert text into PDF nixos-25.05 ??? nixos-25.05-small 0.0.7 nixos-unstable 0.0.7 nixos-unstable-small 0.0.7 nixpkgs-unstable 0.0.7 pkgs.haskellPackages.line2pdf.x86_64-linux Simple command-line utility to convert text into PDF nixos-unstable ??? nixpkgs-unstable 0.0.7 pkgs.haskellPackages.line2pdf.aarch64-linux Simple command-line utility to convert text into PDF nixos-unstable ??? nixpkgs-unstable 0.0.7 pkgs.haskellPackages.line2pdf.x86_64-darwin Simple command-line utility to convert text into PDF nixos-unstable ??? nixpkgs-unstable 0.0.7 pkgs.haskellPackages.line2pdf.aarch64-darwin Simple command-line utility to convert text into PDF nixos-unstable ??? nixpkgs-unstable 0.0.7
pkgs.haskellPackages.line2pdf Simple command-line utility to convert text into PDF nixos-25.05 ??? nixos-25.05-small 0.0.7 nixos-unstable 0.0.7 nixos-unstable-small 0.0.7 nixpkgs-unstable 0.0.7
pkgs.haskellPackages.line2pdf.x86_64-linux Simple command-line utility to convert text into PDF nixos-unstable ??? nixpkgs-unstable 0.0.7
pkgs.haskellPackages.line2pdf.aarch64-linux Simple command-line utility to convert text into PDF nixos-unstable ??? nixpkgs-unstable 0.0.7
pkgs.haskellPackages.line2pdf.x86_64-darwin Simple command-line utility to convert text into PDF nixos-unstable ??? nixpkgs-unstable 0.0.7
pkgs.haskellPackages.line2pdf.aarch64-darwin Simple command-line utility to convert text into PDF nixos-unstable ??? nixpkgs-unstable 0.0.7
CVE-2025-11683 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): ADJACENT_NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE created 2 weeks, 2 days ago YAML::Syck versions before 1.36 for Perl has missing Null-Terminators which causes Out-of-Bounds Read and potential Information Disclosure YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex YAML files with a hash of all keys and empty values. There is no indication that the issue leads to accessing memory outside that allocated to the module. Affected products YAML-Syck <1.36 Matching in nixpkgs pkgs.perlPackages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-unstable 1.34 nixos-unstable-small 1.34 nixpkgs-unstable 1.34 pkgs.perl538Packages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 ??? nixos-25.05-small 1.34 nixos-unstable 1.34 nixos-unstable-small 1.34 nixpkgs-unstable 1.34 pkgs.perl540Packages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 ??? nixos-25.05-small 1.34 nixos-unstable 1.34 nixos-unstable-small 1.34 nixpkgs-unstable 1.34 pkgs.perl540Packages.YAMLSyck.x86_64-linux Fast, lightweight YAML loader and dumper nixos-unstable ??? nixpkgs-unstable 1.34 pkgs.perl540Packages.YAMLSyck.aarch64-linux Fast, lightweight YAML loader and dumper nixos-unstable ??? nixpkgs-unstable 1.34 pkgs.perl540Packages.YAMLSyck.x86_64-darwin Fast, lightweight YAML loader and dumper nixos-unstable ??? nixpkgs-unstable 1.34 pkgs.perl540Packages.YAMLSyck.aarch64-darwin Fast, lightweight YAML loader and dumper nixos-unstable ??? nixpkgs-unstable 1.34
pkgs.perlPackages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-unstable 1.34 nixos-unstable-small 1.34 nixpkgs-unstable 1.34
pkgs.perl538Packages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 ??? nixos-25.05-small 1.34 nixos-unstable 1.34 nixos-unstable-small 1.34 nixpkgs-unstable 1.34
pkgs.perl540Packages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 ??? nixos-25.05-small 1.34 nixos-unstable 1.34 nixos-unstable-small 1.34 nixpkgs-unstable 1.34
pkgs.perl540Packages.YAMLSyck.x86_64-linux Fast, lightweight YAML loader and dumper nixos-unstable ??? nixpkgs-unstable 1.34
pkgs.perl540Packages.YAMLSyck.aarch64-linux Fast, lightweight YAML loader and dumper nixos-unstable ??? nixpkgs-unstable 1.34
pkgs.perl540Packages.YAMLSyck.x86_64-darwin Fast, lightweight YAML loader and dumper nixos-unstable ??? nixpkgs-unstable 1.34
pkgs.perl540Packages.YAMLSyck.aarch64-darwin Fast, lightweight YAML loader and dumper nixos-unstable ??? nixpkgs-unstable 1.34
CVE-2025-11568 4.4 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): HIGH User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): HIGH Availability impact (A): NONE created 2 weeks, 2 days ago Luksmeta: data corruption when handling luks1 partitions with luksmeta A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue. Affected products rhcos luksmeta * Matching in nixpkgs pkgs.luksmeta Simple library for storing metadata in the LUKSv1 header nixos-25.05 ??? nixos-25.05-small 9 nixos-unstable 9 nixos-unstable-small 9 nixpkgs-unstable 9 Package maintainers: 1 @fpletz Franz Pletz <fpletz@fnordicwalking.de>
pkgs.luksmeta Simple library for storing metadata in the LUKSv1 header nixos-25.05 ??? nixos-25.05-small 9 nixos-unstable 9 nixos-unstable-small 9 nixpkgs-unstable 9
CVE-2024-0914 5.9 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE created 2 weeks, 2 days ago Opencryptoki: timing side-channel in handling of rsa pkcs#1 v1.5 padded ciphertexts (marvin) A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. Affected products openCryptoki opencryptoki * <3.23.0 Matching in nixpkgs pkgs.opencryptoki PKCS#11 implementation for Linux nixos-25.05 ??? nixos-25.05-small 3.23.0 nixos-unstable 3.25.0 nixos-unstable-small 3.24.0 nixpkgs-unstable 3.25.0
pkgs.opencryptoki PKCS#11 implementation for Linux nixos-25.05 ??? nixos-25.05-small 3.23.0 nixos-unstable 3.25.0 nixos-unstable-small 3.24.0 nixpkgs-unstable 3.25.0
CVE-2025-10284 9.6 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): CHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 2 weeks, 2 days ago Improper Archive Extraction in unarchive Enables RCE BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution. Affected products bbot =<2.6.1 Matching in nixpkgs pkgs.hebbot Matrix bot which can generate "This Week in X" like blog posts nixos-25.05 ??? nixos-25.05-small 2.1-unstable-2024-09-20 nixos-unstable 2.1-unstable-2024-09-20 nixos-unstable-small 2.1-unstable-2024-09-20 nixpkgs-unstable 2.1-unstable-2024-09-20 Package maintainers: 1 @a-kenji Alexander Kenji Berthold <aks.kenji@protonmail.com>
pkgs.hebbot Matrix bot which can generate "This Week in X" like blog posts nixos-25.05 ??? nixos-25.05-small 2.1-unstable-2024-09-20 nixos-unstable 2.1-unstable-2024-09-20 nixos-unstable-small 2.1-unstable-2024-09-20 nixpkgs-unstable 2.1-unstable-2024-09-20