Nixpkgs security tracker

Untriaged

Permalink CVE-2026-3969

7.3 HIGH

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month ago

FeMiner wms Basic Organizational Structure depart_add_bg.php sql injection

A vulnerability was detected in FeMiner wms up to 1.0. This impacts an unknown function of the file /wms-master/src/basic/depart/depart_add_bg.php of the component Basic Organizational Structure Module. Performing a manipulation of the argument Name results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

VDB-350404 | FeMiner wms Basic Organizational Structure depart_add_bg.php sql injection vdb-entrytechnical-description
VDB-350404 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #768977 | https://github.com/FeMiner/wms Enterprise Warehouse Management System V1.0 SQL Injection third-party-advisory
https://github.com/yuan384/cve/issues/3 issue-trackingexploit

Affected products

wms

==1.0

Matching in nixpkgs

pkgs.dockapps.wmsm-app

System monitor for Windowmaker

nixos-unstable 2023-10-11
- nixpkgs-unstable 2023-10-11
- nixos-unstable-small 2023-10-11
nixos-25.11 2023-10-11
- nixos-25.11-small 2023-10-11
- nixpkgs-25.11-darwin 2023-10-11

pkgs.dockapps.wmsystemtray

System tray for Windowmaker

nixos-unstable 1.4
- nixpkgs-unstable 1.4
- nixos-unstable-small 1.4
nixos-25.11 1.4
- nixos-25.11-small 1.4
- nixpkgs-25.11-darwin 1.4

pkgs.python312Packages.pywmspro

Python library for WMS WebControl pro API

nixos-25.11 0.3.2
- nixos-25.11-small 0.3.2
- nixpkgs-25.11-darwin 0.3.2

pkgs.python313Packages.pywmspro

Python library for WMS WebControl pro API

nixos-unstable 0.3.3
- nixpkgs-unstable 0.3.3
- nixos-unstable-small 0.3.3
nixos-25.11 0.3.2
- nixos-25.11-small 0.3.2
- nixpkgs-25.11-darwin 0.3.2

pkgs.python314Packages.pywmspro

Python library for WMS WebControl pro API

nixos-unstable 0.3.3
- nixpkgs-unstable 0.3.3
- nixos-unstable-small 0.3.3

pkgs.home-assistant-component-tests.wmspro

Open source home automation that puts local control and privacy first

nixos-25.11 2025.11.3
- nixos-25.11-small 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

pkgs.tests.home-assistant-component-tests.wmspro

Open source home automation that puts local control and privacy first

nixos-unstable 2026.2.3
- nixpkgs-unstable 2026.2.3
- nixos-unstable-small 2026.2.3

Package maintainers

@JamieMagee Jamie Magee <jamie.magee@gmail.com>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>

Untriaged

Permalink CVE-2026-1059

7.3 HIGH

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 3 months ago

FeMiner wms chkuser.php sql injection

A security vulnerability has been detected in FeMiner wms up to 9cad1f1b179a98b9547fd003c23b07c7594775fa. Affected by this vulnerability is an unknown functionality of the file /src/chkuser.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.

References

VDB-341628 | FeMiner wms chkuser.php sql injection vdb-entrytechnical-description
VDB-341628 | CTI Indicators (IOB, IOC, TTP, IOA) signaturepermissions-required
Submit #731236 | GitHub WMS (Warehouse Management System) V1.0 SQL Injection third-party-advisory
https://github.com/wangchaoxing/CVE/issues/1 exploitissue-tracking

Affected products

wms

==9cad1f1b179a98b9547fd003c23b07c7594775fa

Matching in nixpkgs

pkgs.dockapps.wmsm-app

System monitor for Windowmaker

nixos-25.11 2023-10-11
- nixpkgs-25.11-darwin 2023-10-11

pkgs.dockapps.wmsystemtray

System tray for Windowmaker

nixos-25.11 1.4
- nixpkgs-25.11-darwin 1.4

pkgs.python312Packages.pywmspro

Python library for WMS WebControl pro API

nixos-unstable -
- nixos-unstable-small 0.3.2
nixos-25.11 0.3.2
- nixpkgs-25.11-darwin 0.3.2

pkgs.python313Packages.pywmspro

Python library for WMS WebControl pro API

nixos-unstable -
- nixos-unstable-small 0.3.2
nixos-25.11 0.3.2
- nixpkgs-25.11-darwin 0.3.2

pkgs.home-assistant-component-tests.wmspro

Open source home automation that puts local control and privacy first

nixos-unstable -
- nixos-unstable-small 2025.8.0
nixos-25.11 2025.11.3
- nixpkgs-25.11-darwin 2025.11.3

Package maintainers

@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@JamieMagee Jamie Magee <jamie.magee@gmail.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.dockapps.wmsm-app

pkgs.dockapps.wmsystemtray

pkgs.python312Packages.pywmspro

pkgs.python313Packages.pywmspro

pkgs.python314Packages.pywmspro

pkgs.home-assistant-component-tests.wmspro

pkgs.tests.home-assistant-component-tests.wmspro

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.dockapps.wmsm-app

pkgs.dockapps.wmsystemtray

pkgs.python312Packages.pywmspro

pkgs.python313Packages.pywmspro

pkgs.home-assistant-component-tests.wmspro

Package maintainers