Suggestions search

Untriaged

Filter by:

With package: typstPackages.metropolis-polylux

Found 3 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-33506

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): LOW
Availability impact (A): LOW

created 3 weeks, 2 days ago

DOM-Based XSS in Ory Polis Login Page

Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting (XSS) vulnerability in Ory Polis's login functionality. The application improperly trusts a URL parameter (`callbackUrl`), which is passed to `router.push`. An attacker can craft a malicious link that, when opened by an authenticated user (or an unauthenticated user that later logs in), performs a client-side redirect and executes arbitrary JavaScript in the context of their browser. This could lead to credential theft, internal network pivoting, and unauthorized actions performed on behalf of the victim. Version 26.2.0 contains a patch for the issue.

References

https://github.com/ory/polis/security/advisories/GHSA-3wjr-6gw8-9j22 x_refsource_CONFIRM
https://github.com/ory/polis/releases/tag/v26.2.0 x_refsource_MISC

Affected products

polis

==< 26.2.0

Matching in nixpkgs

pkgs.persepolis

Download manager GUI written in Python

nixos-unstable 5.2.0
- nixpkgs-unstable 5.2.0
- nixos-unstable-small 5.2.0
nixos-25.11 5.2.0
- nixos-25.11-small 5.2.0
- nixpkgs-25.11-darwin 5.2.0

pkgs.typstPackages.metropolis-polylux

Metropolis style template for Polylux

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 0.1.0
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.haskellPackages.mighty-metropolis

The Metropolis algorithm

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0
nixos-25.11 2.0.0
- nixos-25.11-small 2.0.0
- nixpkgs-25.11-darwin 2.0.0

pkgs.typstPackages.modern-innopolis-thesis

Thesis template for Innopolis University

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1

pkgs.typstPackages.metropolis-polylux_0_1_0

Metropolis style template for Polylux

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 0.1.0
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.typstPackages.modern-innopolis-thesis_0_1_0

Thesis template for Innopolis University

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0

pkgs.typstPackages.modern-innopolis-thesis_0_1_1

Thesis template for Innopolis University

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1

Package maintainers

@iFreilicht Felix Uhl <nixpkgs@mail.felix-uhl.de>
@cherrypiejam Gongqi Huang
@RossSmyth Ross Smyth

Permalink CVE-2026-27383

created 1 month, 1 week ago

WordPress Metro theme <= 2.13 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Metro metro allows PHP Local File Inclusion.This issue affects Metro: from n/a through <= 2.13.

References

https://patchstack.com/database/Wordpress/Theme/metro/vulnerability/wordpress-m… vdb-entry

Affected products

metro

=<<= 2.13

Matching in nixpkgs

pkgs.metronome

Keep the tempo

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.11 1.3.0
- nixos-25.11-small 1.3.0
- nixpkgs-25.11-darwin 1.3.0

pkgs.gmetronome

Free software metronome and tempo measurement tool

nixos-unstable 0.4.2
- nixpkgs-unstable 0.4.2
- nixos-unstable-small 0.4.2
nixos-25.11 0.4.2
- nixos-25.11-small 0.4.2
- nixpkgs-25.11-darwin 0.4.2

pkgs.kmetronome

ALSA MIDI metronome with Qt interface

nixos-unstable 1.4.1
- nixpkgs-unstable 1.4.1
- nixos-unstable-small 1.4.1
nixos-25.11 1.4.1
- nixos-25.11-small 1.4.1
- nixpkgs-25.11-darwin 1.4.1

pkgs.typstPackages.metro

Typset units and numbers with options

nixos-unstable 0.3.0
- nixpkgs-unstable 0.3.0
- nixos-unstable-small 0.3.0
nixos-25.11 0.3.0
- nixos-25.11-small 0.3.0
- nixpkgs-25.11-darwin 0.3.0

pkgs.haskellPackages.metro

A simple tcp and udp socket server framework

pkgs.typstPackages.metronic

A clean, colorful, and modern CV template

nixos-unstable 1.1.0
- nixpkgs-unstable 1.1.0
- nixos-unstable-small 1.1.0
nixos-25.11 1.1.0
- nixos-25.11-small 1.1.0
- nixpkgs-25.11-darwin 1.1.0

pkgs.typstPackages.metro_0_1_0

Typset units and numbers with options

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 0.1.0
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.typstPackages.metro_0_1_1

Typset units and numbers with options

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.typstPackages.metro_0_2_0

Typset units and numbers with options

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.11 0.2.0
- nixos-25.11-small 0.2.0
- nixpkgs-25.11-darwin 0.2.0

pkgs.typstPackages.metro_0_3_0

Typset units and numbers with options

nixos-unstable 0.3.0
- nixpkgs-unstable 0.3.0
- nixos-unstable-small 0.3.0
nixos-25.11 0.3.0
- nixos-25.11-small 0.3.0
- nixpkgs-25.11-darwin 0.3.0

pkgs.typstPackages.metropolyst

Configurable Metropolis presentation theme for Touying

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0

pkgs.haskellPackages.metro-socket

Socket transport for metro

pkgs.typstPackages.metronic_1_0_0

A clean, colorful, and modern CV template

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-25.11 1.0.0
- nixos-25.11-small 1.0.0
- nixpkgs-25.11-darwin 1.0.0

pkgs.typstPackages.metronic_1_1_0

A clean, colorful, and modern CV template

nixos-unstable 1.1.0
- nixpkgs-unstable 1.1.0
- nixos-unstable-small 1.1.0
nixos-25.11 1.1.0
- nixos-25.11-small 1.1.0
- nixpkgs-25.11-darwin 1.1.0

pkgs.typstPackages.metropolyst_0_1_0

Configurable Metropolis presentation theme for Touying

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0

pkgs.typstPackages.metropolis-polylux

Metropolis style template for Polylux

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 0.1.0
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.haskellPackages.mighty-metropolis

The Metropolis algorithm

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0
nixos-25.11 2.0.0
- nixos-25.11-small 2.0.0
- nixpkgs-25.11-darwin 2.0.0

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 0.1.0
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.haskellPackages.metro-transport-websockets

Websockets transport for metro

Package maintainers

@Aleksanaa Aleksana QwQ <me@aleksana.moe>
@orivej Orivej Desh <orivej@gmx.fr>
@cherrypiejam Gongqi Huang
@RossSmyth Ross Smyth

Permalink CVE-2026-27382

created 1 month, 1 week ago

WordPress Metro theme <= 2.13 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.This issue affects Metro: from n/a through <= 2.13.