Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-32865

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 month ago Activity log

Created suggestion 1 month ago

OPEXUS eComplaint and eCase insecure password reset

OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing security questions are not asked during the process.

References

url
url

Affected products

eCASE

==10.1.0.0
<10.1.0.0

eComplaint

==10.1.0.0
<10.1.0.0

Matching in nixpkgs

pkgs.haskellPackages.titlecase

Convert English Words to Title Case

nixos-unstable 1.0.1
- nixpkgs-unstable 1.0.1
- nixos-unstable-small 1.0.1
nixos-25.11 1.0.1
- nixos-25.11-small 1.0.1
- nixpkgs-25.11-darwin 1.0.1

pkgs.python312Packages.titlecase

Python library to capitalize strings as specified by the New York Times

nixos-25.11 2.4
- nixos-25.11-small 2.4
- nixpkgs-25.11-darwin 2.4

pkgs.python313Packages.titlecase

Python library to capitalize strings as specified by the New York Times

nixos-unstable 2.4.1
- nixpkgs-unstable 2.4.1
- nixos-unstable-small 2.4.1
nixos-25.11 2.4
- nixos-25.11-small 2.4
- nixpkgs-25.11-darwin 2.4

pkgs.python314Packages.titlecase

Python library to capitalize strings as specified by the New York Times

nixos-unstable 2.4.1
- nixpkgs-unstable 2.4.1
- nixos-unstable-small 2.4.1

Package maintainers

@peti Peter Simons <simons@cryp.to>