Nixpkgs security tracker

Untriaged

Permalink CVE-2026-22514

created 3 weeks, 3 days ago

WordPress Unica theme <= 1.4.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Unica unica allows PHP Local File Inclusion.This issue affects Unica: from n/a through <= 1.4.1.

References

https://patchstack.com/database/Wordpress/Theme/unica/vulnerability/wordpress-u… vdb-entry

Affected products

unica

=<<= 1.4.1

Matching in nixpkgs

pkgs.unicap

Universal video capture API

pkgs.libsForQt5.communicator

Contacts and dialer application

pkgs.plasma5Packages.communicator

Contacts and dialer application

pkgs.octavePackages.communications

Digital Communications, Error Correcting Codes (Channel Code), Source Code functions, Modulation and Galois Fields

nixos-unstable 11.1.0-communications-1.2.7
- nixpkgs-unstable 11.1.0-communications-1.2.7
- nixos-unstable-small 11.1.0-communications-1.2.7
nixos-25.11 10.3.0-communications-1.2.7
- nixos-25.11-small 10.3.0-communications-1.2.7
- nixpkgs-25.11-darwin 10.3.0-communications-1.2.7

pkgs.gnomeExtensions.server-communicator

Send API requests to servers or mount them at a click of a button. Copies and shows response in a dialog.

nixos-unstable 6
- nixpkgs-unstable 6
- nixos-unstable-small 6
nixos-25.11 6
- nixos-25.11-small 6
- nixpkgs-25.11-darwin 6

pkgs.haskellPackages.belgian-structured-communication

parsing, rendering and manipulating the structured communication of Belgian financial transactions

nixos-unstable 0.2.0.0
- nixpkgs-unstable 0.2.0.0
- nixos-unstable-small 0.2.0.0
nixos-25.11 0.2.0.0
- nixos-25.11-small 0.2.0.0
- nixpkgs-25.11-darwin 0.2.0.0

Package maintainers

@onny Jonas Heinrich <onny@project-insanity.org>
@ravenjoad Raven Hallsby <raven@hallsby.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@honnip Jung seungwoo <me@honnip.page>

Untriaged

Permalink CVE-2025-62319

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 month ago

Boolean-Based SQL Injection in Multiple Unica Components

Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently depending on whether the injected condition evaluates to true or false. This allows an attacker to inject arbitrary SQL into backend configuration queries executed within the application.

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410

Affected products

Unica

==Version 25.1.1 and below

Matching in nixpkgs

pkgs.unicap

Universal video capture API

pkgs.libsForQt5.communicator

Contacts and dialer application

pkgs.plasma5Packages.communicator

Contacts and dialer application

pkgs.octavePackages.communications

Digital Communications, Error Correcting Codes (Channel Code), Source Code functions, Modulation and Galois Fields

nixos-unstable 11.1.0-communications-1.2.7
- nixpkgs-unstable 11.1.0-communications-1.2.7
- nixos-unstable-small 11.1.0-communications-1.2.7
nixos-25.11 10.3.0-communications-1.2.7
- nixos-25.11-small 10.3.0-communications-1.2.7
- nixpkgs-25.11-darwin 10.3.0-communications-1.2.7

pkgs.gnomeExtensions.server-communicator

Send API requests to servers or mount them at a click of a button. Copies and shows response in a dialog.

nixos-unstable 6
- nixpkgs-unstable 6
- nixos-unstable-small 6
nixos-25.11 6
- nixos-25.11-small 6
- nixpkgs-25.11-darwin 6

pkgs.haskellPackages.belgian-structured-communication

parsing, rendering and manipulating the structured communication of Belgian financial transactions

nixos-unstable 0.2.0.0
- nixpkgs-unstable 0.2.0.0
- nixos-unstable-small 0.2.0.0
nixos-25.11 0.2.0.0
- nixos-25.11-small 0.2.0.0
- nixpkgs-25.11-darwin 0.2.0.0

Package maintainers

@onny Jonas Heinrich <onny@project-insanity.org>
@ravenjoad Raven Hallsby <raven@hallsby.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@honnip Jung seungwoo <me@honnip.page>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.unicap

pkgs.libsForQt5.communicator

pkgs.plasma5Packages.communicator

pkgs.octavePackages.communications

pkgs.gnomeExtensions.server-communicator

pkgs.haskellPackages.belgian-structured-communication

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.unicap

pkgs.libsForQt5.communicator

pkgs.plasma5Packages.communicator

pkgs.octavePackages.communications

pkgs.gnomeExtensions.server-communicator

pkgs.haskellPackages.belgian-structured-communication

Package maintainers