Nixpkgs security tracker

Permalink CVE-2026-32499

created 3 weeks, 2 days ago

WordPress ChatBot plugin <= 7.7.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through <= 7.7.9.

References

https://patchstack.com/database/Wordpress/Plugin/chatbot/vulnerability/wordpres… vdb-entry

Affected products

chatbot

=<<= 7.7.9

Matching in nixpkgs

pkgs.gnomeExtensions.penguin-ai-chatbot

A GNOME Shell extension that provides a chatbot interface using various LLM providers, including Anthropic, OpenAI, Gemini, and OpenRouter. Features include multiple provider support, customizable models, chat history, customizable appearance, a keyboard shortcut, and copy-to-clipboard functionality.

nixos-unstable 25
- nixpkgs-unstable 25
- nixos-unstable-small 25
nixos-25.11 22
- nixos-25.11-small 22
- nixpkgs-25.11-darwin 22

Package maintainers

@honnip Jung seungwoo <me@honnip.page>

Permalink CVE-2025-64277

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): NONE

created 4 months, 2 weeks ago

WordPress ChatBot plugin <= 7.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.9.

References

Affected products

chatbot

=<<= 7.3.9

Matching in nixpkgs

pkgs.gnomeExtensions.penguin-ai-chatbot

A GNOME Shell extension that uses openrouter.ai services - a platform/marketplace that offers APIs to talk to LLMs. Some of these APIs are free to use, including the one used by default in the extension: Llama 3.1 8B.

nixos-unstable 22
- nixpkgs-unstable 22
- nixos-unstable-small 22

Package maintainers

@honnip Jung seungwoo <me@honnip.page>

Permalink CVE-2025-62952

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 4 months, 2 weeks ago

WordPress ChatBot plugin <= 7.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.0.

References

Affected products

chatbot

=<<= 7.3.0

Matching in nixpkgs

pkgs.gnomeExtensions.penguin-ai-chatbot

A GNOME Shell extension that uses openrouter.ai services - a platform/marketplace that offers APIs to talk to LLMs. Some of these APIs are free to use, including the one used by default in the extension: Llama 3.1 8B.

nixos-unstable 22
- nixpkgs-unstable 22
- nixos-unstable-small 22

Package maintainers

@honnip Jung seungwoo <me@honnip.page>

Permalink CVE-2025-53200

4.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): NONE

created 9 months, 3 weeks ago

WordPress ChatBot plugin <= 6.7.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in QuantumCloud ChatBot allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ChatBot: from n/a through 6.7.3.

References

https://patchstack.com/database/wordpress/plugin/chatbot/vulnerability/wordpres… vdb-entry

Affected products

chatbot

=<6.7.3

Matching in nixpkgs

pkgs.gnomeExtensions.penguin-ai-chatbot

A GNOME Shell extension that uses openrouter.ai services - a platform/marketplace that offers APIs to talk to LLMs. Some of these APIs are free to use, including the one used by default in the extension: Llama 3.1 8B.

nixos-unstable 22
- nixpkgs-unstable 22
- nixos-unstable-small 22

Package maintainers

@honnip Jung seungwoo <me@honnip.page>

Permalink CVE-2024-22309

8.7 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

created 10 months, 3 weeks ago

WordPress ChatBot Plugin <= 5.1.0 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0.

References

https://patchstack.com/database/vulnerability/chatbot/wordpress-ai-chatbot-plug… x_transferredvdb-entry

Affected products

chatbot

=<5.1.0

Matching in nixpkgs

pkgs.gnomeExtensions.penguin-ai-chatbot

A GNOME Shell extension that uses openrouter.ai services - a platform/marketplace that offers APIs to talk to LLMs. Some of these APIs are free to use, including the one used by default in the extension: Llama 3.1 8B.

nixos-unstable 11
- nixpkgs-unstable 11
- nixos-unstable-small 11

Package maintainers

@honnip Jung seungwoo <me@honnip.page>

Permalink CVE-2025-26932

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 year, 1 month ago

WordPress WPBot plugin <= 6.3.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QuantumCloud ChatBot allows PHP Local File Inclusion. This issue affects ChatBot: from n/a through 6.3.5.

References

https://patchstack.com/database/wordpress/plugin/chatbot/vulnerability/wordpres… vdb-entry

Affected products

chatbot

=<6.3.5

Matching in nixpkgs

pkgs.gnomeExtensions.penguin-ai-chatbot

A GNOME Shell extension that uses openrouter.ai services - a platform/marketplace that offers APIs to talk to LLMs. Some of these APIs are free to use, including the one used by default in the extension: Llama 3.1 8B.

nixos-unstable 11
- nixpkgs-unstable 11
- nixos-unstable-small 11

Package maintainers

@honnip Jung seungwoo <me@honnip.page>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.gnomeExtensions.penguin-ai-chatbot

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.gnomeExtensions.penguin-ai-chatbot

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.gnomeExtensions.penguin-ai-chatbot

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.gnomeExtensions.penguin-ai-chatbot

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.gnomeExtensions.penguin-ai-chatbot

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.gnomeExtensions.penguin-ai-chatbot

Package maintainers