Nixpkgs security tracker

Permalink CVE-2026-1061

6.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 3 months ago

xiweicheng TMS FileController.java upload unrestricted upload

A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. The exploit is now public and may be used.

References

VDB-341629 | xiweicheng TMS FileController.java upload unrestricted upload vdb-entrytechnical-description
VDB-341629 | CTI Indicators (IOB, IOC, TTP, IOA) signaturepermissions-required
Submit #731240 | https://gitee.com/xiweicheng/tms/ Merchant Mall - Mall Development/TMS 1.0 Unrestricted Upload third-party-advisory
https://github.com/bkglfpp/CVE-md/blob/main/%E5%95%86%E6%88%B7%E5%95%86%E5%9F%8… exploit

Affected products

TMS

==2.26
==2.27
==2.8
==2.16
==2.1
==2.7
==2.9
==2.21
==2.15
==2.13
==2.12
==2.11
==2.3
==2.0
==2.2
==2.10
==2.4
==2.23
==2.17
==2.6
==2.18
==2.19
==2.14
==2.20
==2.25
==2.22
==2.24
==2.5
==2.28.0

Matching in nixpkgs

pkgs.tmsu

Tool for tagging your files using a virtual filesystem

nixos-unstable 0.7.5-unstable-2024-06-08
- nixpkgs-unstable 0.7.5-unstable-2024-06-08
- nixos-unstable-small 0.7.5-unstable-2024-06-08
nixos-25.11 0.7.5-unstable-2024-06-08
- nixpkgs-25.11-darwin 0.7.5-unstable-2024-06-08

pkgs.commitmsgfmt

Formats commit messages better than fmt(1) and Vim

nixos-unstable 1.6.0
- nixpkgs-unstable 1.6.0
- nixos-unstable-small 1.6.0
nixos-25.11 1.7.0
- nixpkgs-25.11-darwin 1.7.0

Package maintainers

@mmlb Manuel Mendez <i@m.mmlb.dev>
@luftmensch-luftmensch Valentino Bocchetti <valentinobocchetti59@gmail.com>
@pSub Pascal Wittmann <mail@pascal-wittmann.de>

Permalink CVE-2026-1062

6.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 3 months ago

xiweicheng TMS HtmlUtil.java summary server-side request forgery

A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been published and may be used.

References

VDB-341630 | xiweicheng TMS HtmlUtil.java summary server-side request forgery vdb-entrytechnical-description
VDB-341630 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #731241 | https://gitee.com/xiweicheng/tms/ Merchant Mall - Mall Development/TMS 1.0 Server-Side Request Forgery third-party-advisory
Submit #731242 | https://gitee.com/xiweicheng/tms/ Merchant Mall - Mall Development/TMS 1.0 Server-Side Request Forgery (Duplicate) third-party-advisory
https://github.com/bkglfpp/CVE-md/blob/main/%E5%95%86%E6%88%B7%E5%95%86%E5%9F%8… related
https://github.com/bkglfpp/CVE-md/blob/main/%E5%95%86%E6%88%B7%E5%95%86%E5%9F%8… exploit

Affected products

TMS

==2.26
==2.27
==2.8
==2.16
==2.1
==2.7
==2.9
==2.21
==2.15
==2.13
==2.12
==2.11
==2.3
==2.0
==2.2
==2.10
==2.4
==2.23
==2.17
==2.6
==2.18
==2.19
==2.14
==2.20
==2.25
==2.22
==2.24
==2.5
==2.28.0

Matching in nixpkgs

pkgs.tmsu

Tool for tagging your files using a virtual filesystem

nixos-unstable 0.7.5-unstable-2024-06-08
- nixpkgs-unstable 0.7.5-unstable-2024-06-08
- nixos-unstable-small 0.7.5-unstable-2024-06-08
nixos-25.11 0.7.5-unstable-2024-06-08
- nixpkgs-25.11-darwin 0.7.5-unstable-2024-06-08

pkgs.commitmsgfmt

Formats commit messages better than fmt(1) and Vim

nixos-unstable 1.6.0
- nixpkgs-unstable 1.6.0
- nixos-unstable-small 1.6.0
nixos-25.11 1.7.0
- nixpkgs-25.11-darwin 1.7.0

Package maintainers

@mmlb Manuel Mendez <i@m.mmlb.dev>
@luftmensch-luftmensch Valentino Bocchetti <valentinobocchetti59@gmail.com>
@pSub Pascal Wittmann <mail@pascal-wittmann.de>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.tmsu

pkgs.commitmsgfmt

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.tmsu

pkgs.commitmsgfmt

Package maintainers