CVE-2026-4370
published 2026-04-01CVE-2026-4370: A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to…
PriorityP276critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.38%
29.9th percentile
A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client certificates when a new node attempts to join the cluster. An unauthenticated attacker with network reachability to the Juju controller's Dqlite port can exploit this flaw to join the database cluster. Once joined, the attacker gains full read and write access to the underlying database, allowing for total data compromise.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | juju | >= 3.2.0 < 3.6.20 | 3.6.20 |
| canonical | juju | >= 4.0 < 4.0.4 | 4.0.4 |
| canonical | juju | >= 4.0 < 4.0.5 | 4.0.5 |
| github.com | juju_juju | 0 – 0.0.0-20260401092550-1c1ac1922b57 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster
ghsa·2026-04-02
CVE-2026-4370 [CRITICAL] CWE-287 Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster
Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster
### Impact
Any Juju controller since 3.2.0.
An attacker with only route-ability to the target juju controller Dqlite cluster endpoint
may join the Dqlite cluster, read and modify all information, including escalating privileges,
open firewall ports etc.
This is due to not checking the client certificate, additionally, the client does not
check the server's certificate (MITM attack possible), so anything goes.
https://github.com/juju/juju/blob/001318f51ac456602aef20b123684f1eeeae9a77/internal/database/node.go#L312-L324
#### PoC
Using the tool referenced below.
Bootstrap a controller and show the users:
```
$ juju bootstrap lxd a
Creating Juju controller "a" on lxd/localhost
Looking for
OSV
Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster
osv·2026-04-02
CVE-2026-4370 [CRITICAL] Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster
Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster
### Impact
Any Juju controller since 3.2.0.
An attacker with only route-ability to the target juju controller Dqlite cluster endpoint
may join the Dqlite cluster, read and modify all information, including escalating privileges,
open firewall ports etc.
This is due to not checking the client certificate, additionally, the client does not
check the server's certificate (MITM attack possible), so anything goes.
https://github.com/juju/juju/blob/001318f51ac456602aef20b123684f1eeeae9a77/internal/database/node.go#L312-L324
#### PoC
Using the tool referenced below.
Bootstrap a controller and show the users:
```
$ juju bootstrap lxd a
Creating Juju controller "a" on lxd/localhost
Looking for
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-23948 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-23948 [MEDIUM] CVE-2026-23948 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23948 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2() allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability is fixed in 3.22.0.
Source : NVD
## 6.9
Score
Published February 9, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Alma Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libwinpr-devel
libuwac0-0
Sources
NVD
AlmaLinux 9 Severi
Wiz
CVE-2026-2946 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-2946 [MEDIUM] CVE-2026-2946 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2946 :
NixOS vulnerability analysis and mitigation
A security vulnerability has been detected in rymcu forest up to 0.0.5. Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java of the component Article Content/Comments/Portfolio. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Source : NVD
## 5.1
Score
Published February 22, 2026
Severity MEDIUM
CNA Score 5.1
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability
Wiz
CVE-2026-4705 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4705 [HIGH] CVE-2026-4705 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4705 :
NixOS vulnerability analysis and mitigation
Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 9.8
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mozilla:firefox_esr
MozillaFirefox-translations-common
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix Added a
Wiz
CVE-2025-69651 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-69651 [MEDIUM] CVE-2025-69651 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69651 :
NixOS vulnerability analysis and mitigation
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged
Wiz
CVE-2025-33212 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.3
CVE-2025-33212 [HIGH] CVE-2025-33212 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-33212 :
NixOS vulnerability analysis and mitigation
NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.
Source : NVD
## 7.8
Score
Published December 16, 2025
Severity HIGH
CNA Score 7.3
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 32.2
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
nemo
Sources
NVD
Nix Severity HIGH Has Fix Added at: Jan 12, 2026
## Get a CV
Wiz
CVE-2025-69199 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.3
CVE-2025-69199 [HIGH] CVE-2025-69199 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69199 :
NixOS vulnerability analysis and mitigation
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these sockets, causing an excessive volume of data over the network and overloading the host system memory and cpu. Additionally, there is not a limit applied to the total size of messages being sent or received, allowing a malicious user to open thousands of websocket connections and then send massive volumes of information over the socket, overloading the host network, and causing increased CPU and memory load within Wings. Version 1.12.0
Wiz
CVE-2026-0891 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2026-0891 [HIGH] CVE-2026-0891 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0891 :
NixOS vulnerability analysis and mitigation
Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
Source : NVD
## 8.1
Score
Published January 13, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaFiref
Wiz
CVE-2026-24680 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-24680 [HIGH] CVE-2026-24680 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24680 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_Pointer_Free and frees it again, triggering ASan UAF. This vulnerability is fixed in 3.22.0.
Source : NVD
## 8.7
Score
Published February 9, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
freerdp-debugsource
freerdp-libs
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22 Severity HIGH Ha
Wiz
CVE-2025-68932 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.9
CVE-2025-68932 [LOW] CVE-2025-68932 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68932 :
NixOS vulnerability analysis and mitigation
FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators (mt_rand() and uniqid()) to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to account takeover through persistent session hijacking. The remember-me tokens provide permanent authentication and are the sole credential for "keep me logged in" functionality. This issue has been patched in version 1.28.0.
Source : NVD
## 2.9
Score
Published December 27, 2025
Severity LOW
CNA Score 2.9
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV
Wiz
CVE-2026-25121 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-25121 [HIGH] CVE-2026-25121 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25121 :
NixOS vulnerability analysis and mitigation
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package (e.g., via a compromised or typosquatted repository) could create directories or symlinks outside the intended installation root. The MkdirAll, Mkdir, and Symlink methods in pkg/apk/fs/rwosfs.go use filepath.Join() without validating that the resulting path stays within the base directory. This issue has been patched in version 1.1.1.
Source : NVD
## 7.5
Score
Published February 4, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
AWS Systems Manage
Wiz
CVE-2026-2787 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2787 [CRITICAL] CVE-2026-2787 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2787 :
NixOS vulnerability analysis and mitigation
Use-after-free in the DOM: Window and Location component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
firefox-esr
firefox-x11
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13, 14 Severity CRITICA
Wiz
CVE-2025-14929 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-14929 [HIGH] CVE-2025-14929 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14929 :
NixOS vulnerability analysis and mitigation
Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of checkpoints. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28308.
Source : NVD
## 7.8
Score
Published
Wiz
CVE-2026-31970 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2026-31970 [HIGH] CVE-2026-31970 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31970 :
NixOS vulnerability analysis and mitigation
bgzf_index_load_hfile()
.gzi
bgzip -r
Source : NVD
## 7.1
Score
Published March 18, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
htslib
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Mar 19, 2026
Echo Severity HIGH No Fix Added at: Mar 19, 2026
Homebrew Severity HIGH Has Fix Added at: Mar 20, 2026
Nix Severity HIGH Has Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's e
Wiz
CVE-2026-20990 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2026-20990 [HIGH] CVE-2026-20990 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20990 :
NixOS vulnerability analysis and mitigation
Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege.
Source : NVD
## 8.4
Score
Published March 16, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 22, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## R
Wiz
CVE-2026-22851 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-22851 [MEDIUM] CVE-2026-22851 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22851 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl->primary (SDL_Surface) is accessed after it has been freed during RDPGFX ResetGraphics handling. This vulnerability is fixed in 3.20.1.
Source : NVD
## 6.9
Score
Published January 14, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
free
Wiz
CVE-2025-66215 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.8
CVE-2025-66215 [LOW] CVE-2025-66215 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66215 :
NixOS vulnerability analysis and mitigation
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.
Source : NVD
## 6.8
Score
Published March 30, 2026
Severity MEDIUM
CNA Score 3.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.8
Exploitation Probability (EPSS) N/A
Affecte
Wiz
CVE-2026-2869 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-2869 [MEDIUM] CVE-2026-2869 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2869 :
NixOS vulnerability analysis and mitigation
A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. The manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. Upgrading to version 1.41.0 addresses this issue. The identifier of the patch is 2fabc80151a2b8834ee59cda8a70453f848b40e5. The affected component should be upgraded.
Source : NVD
## 4.8
Score
Published February 21, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KE
Wiz
CVE-2025-68151 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-68151 [HIGH] CVE-2025-68151 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68151 :
NixOS vulnerability analysis and mitigation
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limits, or message size constraints. Version 1.14.0 contains a patch.
Source : NVD
## 6.6
Score
Published January 8, 2026
Severity MEDIUM
CNA Score 6.6
Affected Technologies
NixOS
CBL Mariner
Has Public Exploit No
Has CISA KEV Ex
Wiz
CVE-2025-65784 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-65784 [MEDIUM] CVE-2025-65784 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-65784 :
NixOS vulnerability analysis and mitigation
Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request.
Source : NVD
## 6.5
Score
Published January 13, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
hub
Sources
NVD
Homebrew Severity MEDIUM No Fix Added at: Feb 15, 2026
Nix Severity MEDIUM No Fix Added at: Feb 15, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs i
Wiz
CVE-2026-27588 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2026-27588 [HIGH] CVE-2026-27588 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27588 :
NixOS vulnerability analysis and mitigation
host
Host
Source : NVD
## 7.7
Score
Published February 24, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
github.com/caddyserver/caddy/v2
github.com/caddyserver/caddy/v2/modules/caddyhttp
Sources
NVD
Alpine 3.23, edge Severity CRITICAL Has Fix Added at: Mar 02, 2026
Chainguard Has Fix Added at: Feb 24, 2026
Debian 12, 13 Severity CRITICAL No Fix Added at: Feb 24, 2026
Echo Severity CRITICAL No Fix Added at: Feb 24, 2026
GoLang Severity HIGH Has Fix Added at: Feb 25, 2026
Wiz
CVE-2026-4690 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4690 [HIGH] CVE-2026-4690 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4690 :
NixOS vulnerability analysis and mitigation
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 8.6
Score
Published March 24, 2026
Severity HIGH
CNA Score 9.6
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaFirefox
MozillaFirefox-devel
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Wiz
CVE-2026-27586 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-27586 [HIGH] CVE-2026-27586 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27586 :
NixOS vulnerability analysis and mitigation
ClientAuthentication.provision()
trusted_ca_cert_file
trusted_ca_certs_pem_files
Source : NVD
## 8.8
Score
Published February 24, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 31
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
github.com/caddyserver/caddy
caddy
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23, edge Severity CRITICAL Has Fix Added at: Mar 02, 2026
Chainguard Has Fix Added at: Feb 24, 2026
Debian 12, 13 Severity CRITICAL No Fix Added at: Feb 24, 2026
Echo
Wiz
CVE-2026-33724 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
CVE-2026-33724 [MEDIUM] CVE-2026-33724 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33724 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server could intercept the connection and present a fraudulent host key, potentially injecting malicious content into workflows or intercepting repository data. This issue only affects instances where the Source Control feature has been explicitly enabled and configured to use SSH (non-default). The issue has been fixed in n8n version 2.5.0. Users should upgrade to this version or later to remediate the vulnerability. If upgrading is not i
Wiz
CVE-2026-3285 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-3285 [MEDIUM] CVE-2026-3285 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3285 :
NixOS vulnerability analysis and mitigation
A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the function scan_string of the file src/be_lexer.c. This manipulation causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name: 7149c59a39ba44feca261b12f06089f265fec176. Applying a patch is the recommended action to fix this issue.
Source : NVD
## 1.9
Score
Published February 27, 2026
Severity LOW
CNA Score 1.9
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
b
Wiz
CVE-2026-26012 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-26012 [MEDIUM] CVE-2026-26012 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26012 :
NixOS vulnerability analysis and mitigation
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to 1.35.3, a regular organization member can retrieve all ciphers within an organization, regardless of collection permissions. The endpoint /ciphers/organization-details is accessible to any organization member and internally uses Cipher::find_by_org to retrieve all ciphers. These ciphers are returned with CipherSyncType::Organization without enforcing collection-level access control. This vulnerability is fixed in 1.35.3.
Source : NVD
## 6.5
Score
Published February 11, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Linux Alpine
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV
Wiz
CVE-2026-1169 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-1169 [MEDIUM] CVE-2026-1169 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1169 :
NixOS vulnerability analysis and mitigation
A security vulnerability has been detected in birkir prime up to 0.4.0.beta.0. This vulnerability affects unknown code. Such manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Source : NVD
## 5.3
Score
Published January 19, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
prime
Sources
NVD
Nix Seve
Wiz
CVE-2026-2802 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.2
CVE-2026-2802 [MEDIUM] CVE-2026-2802 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2802 :
NixOS vulnerability analysis and mitigation
Race condition in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
Source : NVD
## 4.2
Score
Published February 24, 2026
Severity MEDIUM
CNA Score 4.2
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mozilla:thunderbird
thunderbird
Sources
Homebrew Severity MEDIUM Has Fix Added at: Mar 03, 2026
Nix Severity MEDIUM Has Fix Added at: Mar 03, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added at: Mar 02, 2026
Linux Severity MEDIUM Has Fix Added at: Feb 2
Wiz
CVE-2026-2793 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2793 [CRITICAL] CVE-2026-2793 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2793 :
NixOS vulnerability analysis and mitigation
Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.6
Exploitation Probability (EPSS) 0.
Wiz
CVE-2026-30789 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-30789 [CRITICAL] CVE-2026-30789 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30789 :
NixOS vulnerability analysis and mitigation
Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Reusing Session IDs (aka Session Replay). This vulnerability is associated with program files src/client.Rs and program routines hash_password(), login proof construction.
This issue affects RustDesk Client: through 1.4.5.
Source : NVD
## 9.3
Score
Published March 5, 2026
Severity CRITICAL
CNA Score 9.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability
Wiz
CVE-2026-0997 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-0997 [MEDIUM] CVE-2026-0997 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0997 :
NixOS vulnerability analysis and mitigation
Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 and Mattermost Plugin Zoom versions <=1.11.0 fail to validate the authenticated user when processing {{/plugins/zoom/api/v1/channel-preference}}, which allows any logged-in user to change Zoom meeting restrictions for arbitrary channels via crafted API requests.. Mattermost Advisory ID: MMSA-2025-00558
Source : NVD
## 4.3
Score
Published February 16, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
zoom
Wiz
CVE-2026-25115 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.4
CVE-2026-25115 [CRITICAL] CVE-2026-25115 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25115 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8.
Source : NVD
## 9.4
Score
Published February 4, 2026
Severity CRITICAL
CNA Score 9.4
Affected Technologies
NixOS
n8n
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
n8n
Sources
NVD
npm Severity CRITICAL Has Fix Added at: Feb 08, 2026
Nix Severity CRITICAL
Wiz
CVE-2026-3192 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
CVE-2026-3192 [MEDIUM] CVE-2026-3192 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3192 :
NixOS vulnerability analysis and mitigation
A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function _authenticate of the file rpc_server_base.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".
Source : NVD
## 6.3
Score
Published February 25, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
NixOS
Has P
Wiz
CVE-2026-31805 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-31805 [MEDIUM] CVE-2026-31805 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31805 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass in the poll plugin allowed authenticated users to vote on, remove votes from, or toggle the open/closed status of polls they did not have access to. By passing post_id as an array (e.g. post_id[]=&post_id[]=), the authorization check resolves to the accessible post while the poll lookup resolves to a different post's poll. This affects the vote, remove_vote, and toggle_status endpoints in DiscoursePoll::PollsController. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch.
Source : NVD
## 8.2
Score
Published March 20, 2026
Severity HIGH
CNA Score 5.3
Affected Technologie
Wiz
CVE-2026-30976 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2026-30976 [HIGH] CVE-2026-30976 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30976 :
NixOS vulnerability analysis and mitigation
Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files (containing API keys and database credentials), Windows system files, and any user-accessible files on the same drive This issue only impacts Windows systems; macOS and Linux are unaffected. Files returned from the API were not limited to the directory on disk they were intended to be served from. This problem has been patched in 4.0.17.2950 in the nightly/develop branch or 4.0.17.2952 for stable/main releases. It's possible to work around the issue by only hosting Sonarr on a secure i
Wiz
CVE-2025-68941 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.9
CVE-2025-68941 [MEDIUM] CVE-2025-68941 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68941 :
NixOS vulnerability analysis and mitigation
Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.
Source : NVD
## 5.3
Score
Published December 26, 2025
Severity MEDIUM
CNA Score 4.9
Affected Technologies
NixOS
Gitea
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gitea
cpe:2.3:a:gitea:gitea
Sources
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20 Severity MEDIUM No Fix Added at: Jan 03, 2026
Chainguard Has Fix Added at: Dec 28, 2025
GoLang Severity MEDIUM Has Fix Added at: Dec 28, 2025
Homebr
Wiz
CVE-2025-61612 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-61612 [HIGH] CVE-2025-61612 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61612 :
NixOS vulnerability analysis and mitigation
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Source : NVD
## 7.5
Score
Published March 9, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 10, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Ni
Wiz
CVE-2026-33982 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33982 [MEDIUM] CVE-2026-33982 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33982 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-buffer-overflow READ vulnerability at 24 bytes before the allocation, in winpr_aligned_offset_recalloc(). This issue has been patched in version 3.24.2.
Source : NVD
## 8.1
Score
Published March 30, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
freerdp-libs-debuginfo
freerdp-server
Sources
NVD
Alpine 3.23, edge Severity HIGH Has Fix Added at: Mar 29, 2026
Chainguard Has F
Wiz
CVE-2025-68432 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2025-68432 [HIGH] CVE-2025-68432 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68432 :
NixOS vulnerability analysis and mitigation
settings.json
.zed
./zed/settings.json
./zed/settings.json
Source : NVD
## 7.3
Score
Published December 17, 2025
Severity HIGH
CNA Score 7.7
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
zed
Sources
NVD
Chainguard Has Fix Added at: Feb 20, 2026
Homebrew Severity HIGH Has Fix Added at: Feb 20, 2026
Nix Severity HIGH Has Fix Added at: Feb 20, 2026
Wolfi Has Fix Added at: Feb 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not jus
Wiz
CVE-2026-5123 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-5123 [MEDIUM] CVE-2026-5123 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5123 :
NixOS vulnerability analysis and mitigation
A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the argument data[1] can lead to off-by-one. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is said to be difficult. This patch is called 67c059413470df64bc20801c46f64058e88f800f. A patch should be applied to remediate this issue.
Source : NVD
## 6.3
Score
Published March 30, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 25.8
Exploita
Wiz
CVE-2025-48582 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2025-48582 [HIGH] CVE-2025-48582 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48582 :
NixOS vulnerability analysis and mitigation
In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 8.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioriti
Wiz
CVE-2026-23553 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.9
CVE-2026-23553 [LOW] CVE-2026-23553 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23553 :
NixOS vulnerability analysis and mitigation
In the context switch logic Xen attempts to skip an IBPB in the case of
a vCPU returning to a CPU on which it was the previous vCPU to run.
While safe for Xen's isolation between vCPUs, this prevents the guest
kernel correctly isolating between tasks. Consider:
vCPU runs on CPU A, running task 1.
vCPU moves to CPU B, idle gets scheduled on A. Xen skips IBPB.
On CPU B, guest kernel switches from task 1 to 2, issuing IBPB.
vCPU moves back to CPU A. Xen skips IBPB again.
Now, task 2 is running on CPU A with task 1's training still in the BTB.
Source : NVD
## 2.9
Score
Published January 28, 2026
Severity LOW
CNA Score 2.9
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CIS
Wiz
CVE-2026-20982 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2026-20982 [MEDIUM] CVE-2026-20982 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20982 :
NixOS vulnerability analysis and mitigation
Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allows privileged local attacker to create file with system privilege.
Source : NVD
## 6.8
Score
Published February 4, 2026
Severity MEDIUM
CNA Score 6.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Feb 08, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Wiz
CVE-2025-68938 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2025-68938 [MEDIUM] CVE-2025-68938 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68938 :
NixOS vulnerability analysis and mitigation
Gitea before 1.25.2 mishandles authorization for deletion of releases.
Source : NVD
## 5.3
Score
Published December 26, 2025
Severity MEDIUM
CNA Score 4.3
Affected Technologies
NixOS
Gitea
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gitea
code.gitea.io/gitea
Sources
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, edge Severity MEDIUM No Fix Added at: Jan 03, 2026
Alpine 3.22, 3.23 Severity MEDIUM No Fix Added at: Jan 28, 2026
Chainguard Has Fix Added at: Dec 28, 2025
GoLang Severity MEDIUM Has Fix Added at:
Wiz
CVE-2026-31897 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-31897 [HIGH] CVE-2026-31897 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31897 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences *srcp (which points to pSrcData) without first verifying that SrcSize >= 1. When SrcSize is 0 and pSrcData is non-NULL, this reads one byte past the end of the source buffer. This vulnerability is fixed in 3.24.0.
Source : NVD
## 9.1
Score
Published March 13, 2026
Severity CRITICAL
CNA Score N/A
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10
Exploitation Probability (EPSS) N/A
Affected packa
Wiz
CVE-2025-15280 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-15280 [HIGH] CVE-2025-15280 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15280 :
NixOS vulnerability analysis and mitigation
FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SFD files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28525.
Source : NVD
## 8.8
Score
Published December 31, 2025
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Wiz
CVE-2025-68973 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-68973 [HIGH] CVE-2025-68973 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68973 :
NixOS vulnerability analysis and mitigation
In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
Source : NVD
## 7
Score
Published December 28, 2025
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
GNU Privacy Guard
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gnupg2-verify-debuginfo
gnupg2
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Jan 18, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Jan 18, 2026
Wiz
CVE-2026-25994 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2026-25994 [HIGH] CVE-2026-25994 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25994 :
NixOS vulnerability analysis and mitigation
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames.
Source : NVD
## 8.1
Score
Published February 11, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
NixOS
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
pjproject
pjsip
Sources
NVD
Nix Severity CRITICAL No Fix Added at: Feb 20, 2026
Ubuntu 16.04, 18.04 Severity HIGH Has Fix Added at: Mar 20, 2026
## Get a
Wiz
CVE-2025-15326 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2025-15326 [MEDIUM] CVE-2025-15326 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15326 :
NixOS vulnerability analysis and mitigation
Tanium addressed an improper access controls vulnerability in Patch.
Source : NVD
## 4.3
Score
Published February 5, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
patch
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Feb 11, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Ha
Wiz
CVE-2026-28407 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-28407 [MEDIUM] CVE-2026-28407 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28407 :
NixOS vulnerability analysis and mitigation
malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archives so that malcontent can attempt a best-effort scan of the archive bytes. Version 1.21.0 fixes the issue.
Source : NVD
## 6.9
Score
Published February 27, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10
Exploitation Probability (EPSS) N/A
Affected packag
Wiz
CVE-2026-30829 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-30829 [MEDIUM] CVE-2026-30829 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30829 :
NixOS vulnerability analysis and mitigation
Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. Prior to version 3.4.0, an unauthenticated information disclosure vulnerability exists in the GET /api/v1/status-page/:url endpoint. The endpoint does not enforce authentication or verify whether a status page is published before returning full status page details. As a result, unpublished status pages and their associated internal data are accessible to any unauthenticated user via direct API requests. This issue has been patched in version 3.4.0.
Source : NVD
## 5.3
Score
Published March 7, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technolo
Wiz
CVE-2026-20444 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2026-20444 [MEDIUM] CVE-2026-20444 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20444 :
NixOS vulnerability analysis and mitigation
In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436995; Issue ID: MSV-5721.
Source : NVD
## 6.7
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a
Wiz
CVE-2026-1001 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-1001 [MEDIUM] CVE-2026-1001 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1001 :
NixOS vulnerability analysis and mitigation
Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or HTML markup. Attackers can inject malicious code that is stored and rendered without proper output encoding, causing script execution in the browsers of users viewing the affected page and enabling unauthorized actions within their session context.
Source : NVD
## 4.8
Score
Published March 25, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Linux Fedora
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
Wiz
CVE-2025-14956 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2025-14956 [MEDIUM] CVE-2025-14956 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14956 :
NixOS vulnerability analysis and mitigation
A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue.
Source : NVD
## 4.8
Score
Published December 19, 2025
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.8
Explo
Wiz
CVE-2026-33393 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33393 [MEDIUM] CVE-2026-33393 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33393 :
NixOS vulnerability analysis and mitigation
allowed_spam_host_domains
String#end_with?
attacker-example.com
example.com
.
newuser_spam_host_threshold
Source : NVD
## 4.3
Score
Published March 19, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discourse
Sources
Nix Severity MEDIUM No Fix Added at: Mar 26, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 20, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 26, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in
Wiz
CVE-2026-0849 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.8
CVE-2026-0849 [LOW] CVE-2026-0849 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0849 :
NixOS vulnerability analysis and mitigation
Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution.
Source : NVD
## 6.8
Score
Published March 16, 2026
Severity MEDIUM
CNA Score 3.8
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
zephyr
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Apr 05, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on wha
Wiz
CVE-2025-65409 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-65409 [HIGH] CVE-2025-65409 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-65409 :
NixOS vulnerability analysis and mitigation
A divide-by-zero in the encryption/decryption routines of GNU Recutils v1.9 allows attackers to cause a Denial of Service (DoS) via inputting an empty value as a password.
Source : NVD
## 7.5
Score
Published December 30, 2025
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
recutils
Sources
NVD
Alpine 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, edge Severity HIGH No Fix Added at: Jan 11, 2026
Alpine 3.22, 3.23 Severity HIGH No Fix Added at: Jan 28, 2026
Debian 11, 12, 14 Severity LOW No
Wiz
CVE-2026-1438 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-1438 [MEDIUM] CVE-2026-1438 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1438 :
NixOS vulnerability analysis and mitigation
Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the '/system/nodes/' endpoint.
Source : NVD
## 5.3
Score
Published February 18, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Has Public Exploit No
Has CISA
Wiz
CVE-2026-4704 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4704 [HIGH] CVE-2026-4704 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4704 :
NixOS vulnerability analysis and mitigation
Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 7.5
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firefox
cpe:2.3:a:mozilla:firefox
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix Added at: Mar 29, 2026
Debian 11, 12, 13,
Wiz
CVE-2026-28282 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.3
CVE-2026-28282 [LOW] CVE-2026-28282 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28282 :
NixOS vulnerability analysis and mitigation
add-users-to-group
policy_enabled
Source : NVD
## 2.3
Score
Published March 19, 2026
Severity LOW
CNA Score 2.3
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discourse
Sources
Nix Severity MEDIUM No Fix Added at: Mar 24, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 20, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
##
Wiz
CVE-2026-2786 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2786 [CRITICAL] CVE-2026-2786 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2786 :
NixOS vulnerability analysis and mitigation
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaFirefox-devel
MozillaFirefox-translations-common
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13, 14 Severity CRITIC
Wiz
CVE-2026-2775 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2775 [CRITICAL] CVE-2026-2775 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2775 :
NixOS vulnerability analysis and mitigation
Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
rhel10::firefox-flatpak
cpe:2.3:a:mozilla:thunderbird
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12,
Wiz
CVE-2025-61637 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2025-61637 [MEDIUM] CVE-2025-61637 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61637 :
NixOS vulnerability analysis and mitigation
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian
Wiz
CVE-2026-22246 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-22246 [MEDIUM] CVE-2026-22246 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22246 :
NixOS vulnerability analysis and mitigation
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon 4.3 added notifications of severed relationships, allowing end-users to inspect the relationships they lost as the result of a moderation action. The code allowing users to download lists of severed relationships for a particular event fails to check the owner of the list before returning the lost relationships. Any registered local user can access the list of lost followers and followed users caused by any severance event, and go through all severance events this way. The leaked information does not include the name of the account which has lost follows and followers. This has been fixed in Mastodon v4.3.17, v4.4.11 and v4.5.4.
Source : NV
Wiz
CVE-2026-2801 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-2801 [HIGH] CVE-2026-2801 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2801 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
Source : NVD
## 7.5
Score
Published February 24, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
firefox
thunderbird
Sources
Homebrew Severity HIGH Has Fix Added at: Mar 03, 2026
Nix Severity HIGH Has Fix Added at: Mar 03, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added at: Mar 02, 2026
Linux Severity HIGH Has Fix Added at: Feb 24, 20
Wiz
CVE-2026-20991 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2026-20991 [MEDIUM] CVE-2026-20991 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20991 :
NixOS vulnerability analysis and mitigation
Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents.
Source : NVD
## 6.7
Score
Published March 16, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 22, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Wiz
CVE-2026-4715 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4715 [HIGH] CVE-2026-4715 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4715 :
NixOS vulnerability analysis and mitigation
Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 9.1
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firefox
thunderbird
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix Added at: Mar 29, 2026
Debian 11, 12, 13, 14 Sever
Wiz
CVE-2026-1144 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-1144 [MEDIUM] CVE-2026-1144 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1144 :
NixOS vulnerability analysis and mitigation
A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is identified as ea3e9d77454e8fc9cb3ef3c504e9c16af5a80141. Applying a patch is advised to resolve this issue.
Source : NVD
## 5.3
Score
Published January 19, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 36.7
Exploitation Probability (EPSS) 0.2
Affected packages
Wiz
CVE-2026-1678 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.4
CVE-2026-1678 [CRITICAL] CVE-2026-1678 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1678 :
NixOS vulnerability analysis and mitigation
dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a malicious DNS response can trigger an out-of-bounds write when CONFIG_DNS_RESOLVER is enabled.
Source : NVD
## 9.8
Score
Published March 5, 2026
Severity CRITICAL
CNA Score 9.4
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.2
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
zephyr
Sources
NVD
Nix Severity CRITICAL No Fix Ad
Wiz
CVE-2026-26965 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-26965 [HIGH] CVE-2026-26965 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26965 :
NixOS vulnerability analysis and mitigation
planar_decompress_plane_rle()
pDstData
((nYDst+y) * nDstStep) + (4*nXDst) + nChannel
(nYDst+nSrcHeight)
(nXDst+nSrcWidth)
TempFormat != DstFormat
pDstData
planar->pTempData
nYDst
is_within_surface()
NSC_CONTEXT
decode
nsc->decode = 0xFF414141FF414141
Source : NVD
## 8.8
Score
Published February 25, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Alma Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
freerdp-debuginfo
freerdp-libs-debuginfo
Sources
NVD
AlmaLinux 8 Severity HIGH Has Fix Added at: Apr 05, 2026
AlmaLin
Wiz
CVE-2026-32692 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32692 [MEDIUM] CVE-2026-32692 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32692 :
NixOS vulnerability analysis and mitigation
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.
Source : NVD
## 6.5
Score
Published March 18, 2026
Severity MEDIUM
CNA Score 7.6
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
juju
github.com/juju/juju
Sources
NVD
GoLang S
Wiz
CVE-2025-20795 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-20795 [HIGH] CVE-2025-20795 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20795 :
NixOS vulnerability analysis and mitigation
In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10276761; Issue ID: MSV-5141.
Source : NVD
## 7.8
Score
Published January 6, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get
Wiz
CVE-2026-33696 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33696 [MEDIUM] CVE-2026-33696 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33696 :
NixOS vulnerability analysis and mitigation
Object.prototype
n8n-nodes-base.xml
NODES_EXCLUDE
Source : NVD
## 9.4
Score
Published March 25, 2026
Severity CRITICAL
CNA Score 9.4
Affected Technologies
NixOS
n8n
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 55.8
Exploitation Probability (EPSS) 0.3
Affected packages and libraries
n8n
Sources
NVD
npm Severity CRITICAL Has Fix Added at: Mar 29, 2026
Nix Severity HIGH Has Fix Added at: Mar 29, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologie
Wiz
CVE-2026-23489 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2026-23489 [CRITICAL] CVE-2026-23489 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23489 :
NixOS vulnerability analysis and mitigation
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3.
Source : NVD
## 9.1
Score
Published March 16, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 31.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
fields
Sources
NVD
Nix Severity CRITICAL Has Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in you
Wiz
CVE-2026-2763 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2763 [CRITICAL] CVE-2026-2763 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2763 :
NixOS vulnerability analysis and mitigation
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
thunderbird
firefox-x11
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13, 14 Severity CRITICAL Has Fi
Wiz
CVE-2026-29195 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-29195 [MEDIUM] CVE-2026-29195 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-29195 :
NixOS vulnerability analysis and mitigation
Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler (PUT /api/users/{username}) lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to another user, it does not include an equivalent check for the super-admin role. This issue has been patched in version 1.5.0.
Source : NVD
## 6.9
Score
Published March 7, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.5
Exploitation Probability (EPSS) N/A
Affected
Wiz
CVE-2026-27477 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.6
CVE-2026-27477 [MEDIUM] CVE-2026-27477 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27477 :
NixOS vulnerability analysis and mitigation
base_url
EXPERIMENTAL_FEATURES
fasp
fasp
Source : NVD
## 4.6
Score
Published February 24, 2026
Severity MEDIUM
CNA Score 4.6
Affected Technologies
NixOS
Mastodon
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.1
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:joinmastodon:mastodon
mastodon
Sources
Nix Severity MEDIUM Has Fix Added at: Mar 03, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 02, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 03, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just wh
Wiz
CVE-2026-0863 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.5
CVE-2026-0863 [HIGH] CVE-2026-0863 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0863 :
NixOS vulnerability analysis and mitigation
Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system.
The vulnerability can be exploited via the Code block by an authenticated user with basic permissions and can lead to a full n8n instance takeover on instances operating under "Internal" execution mode.
If the instance is operating under the "External" execution mode (ex. n8n's official Docker image) - arbitrary code execution occurs inside a Sidecar container and not the main node, which significantly reduces the vulnerability impact.
Source : NVD
## 9.9
Score
Published January 18, 2026
Severity CRITICAL
CNA Score 8.5
A
Wiz
CVE-2025-67084 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2025-67084 [CRITICAL] CVE-2025-67084 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67084 :
NixOS vulnerability analysis and mitigation
File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution (RCE).
Source : NVD
## 9.9
Score
Published January 15, 2026
Severity CRITICAL
CNA Score 9.9
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
invoiceplane
Sources
NVD
Nix Severity CRITICAL Has Fix Added at: Jan 23, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on
Wiz
CVE-2026-24682 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-24682 [HIGH] CVE-2026-24682 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24682 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audio_formats_free. This vulnerability is fixed in 3.22.0.
Source : NVD
## 8.7
Score
Published February 9, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
freerdp2-proxy
freerdp2
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3
Wiz
CVE-2025-15413 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2025-15413 [MEDIUM] CVE-2025-15413 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15413 :
NixOS vulnerability analysis and mitigation
A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function op_SetSlot_i32/op_CallIndirect of the file m3_exec.h. Performing a manipulation results in memory corruption. The attack needs to be approached locally. The exploit is now public and may be used. Unfortunately, the project has no active maintainer at the moment.
Source : NVD
## 4.8
Score
Published January 1, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
wasm3
Sources
NVD
Homebrew Severity HIGH No
Wiz
CVE-2025-58173 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.4
CVE-2025-58173 [HIGH] CVE-2025-58173 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-58173 :
NixOS vulnerability analysis and mitigation
language
install.php
curl_params
feed
Source : NVD
## 7.4
Score
Published December 16, 2025
Severity HIGH
CNA Score 7.4
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 36.8
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
freshrss
Sources
NVD
Nix Severity HIGH Has Fix Added at: Jan 11, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published date
CVE
Wiz
CVE-2026-2037 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-2037 [HIGH] CVE-2026-2037 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2037 :
NixOS vulnerability analysis and mitigation
GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the configuration of the MArc.Core.Remoting.exe process, which listens on port 8017. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-27935.
Source : NVD
## 8.8
Score
Published February 20
Wiz
CVE-2024-31328 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2024-31328 [HIGH] CVE-2024-31328 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2024-31328 :
NixOS vulnerability analysis and mitigation
In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 8.8
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 25.1
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added a
Wiz
CVE-2026-27470 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-27470 [HIGH] CVE-2026-27470 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27470 :
NixOS vulnerability analysis and mitigation
ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents() function. Event field values (specifically Name and Cause) are stored safely via parameterized queries but are later retrieved and concatenated directly into SQL WHERE clauses without escaping. An authenticated user with Events edit and view permissions can exploit this to execute arbitrary SQL queries.
Source : NVD
## 8.8
Score
Published February 21, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploi
Wiz
CVE-2026-4725 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-4725 [MEDIUM] CVE-2026-4725 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4725 :
NixOS vulnerability analysis and mitigation
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
Source : NVD
## 10
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.3
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mozilla:firefox
firefox
Sources
Chainguard Has Fix Added at: Mar 29, 2026
Homebrew Severity CRITICAL Has Fix Added at: Mar 26, 2026
Nix Severity CRITICAL Has Fix Added at: Mar 26, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added
Wiz
CVE-2026-30791 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-30791 [HIGH] CVE-2026-30791 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30791 :
NixOS vulnerability analysis and mitigation
Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Config import, URI scheme handler, CLI --config modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files flutter/lib/common.Dart, hbb_common/src/config.Rs and program routines parseRustdeskUri(), importConfig().
This issue affects RustDesk Client: through 1.4.5.
Source : NVD
## 8.7
Score
Published March 5, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentil
Wiz
CVE-2026-33394 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33394 [MEDIUM] CVE-2026-33394 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33394 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the Post Edits admin report (/admin/reports/post_edits) leaked the first 40 characters of raw post content from private messages and secure categories to moderators who shouldn't have access. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.
Source : NVD
## 2.7
Score
Published March 19, 2026
Severity LOW
CNA Score 2.7
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.4
Exploitation Probability (EPSS) N/A
Affected packages
Wiz
CVE-2026-21444 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-21444 [MEDIUM] CVE-2026-21444 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21444 :
NixOS vulnerability analysis and mitigation
libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality. Version 0.10.2 fixes the issue. No known workarounds are available.
Source : NVD
## 5.5
Score
Published January 2, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
H
Wiz
CVE-2026-25949 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-25949 [HIGH] CVE-2026-25949 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25949 :
NixOS vulnerability analysis and mitigation
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest (STARTTLS) prelude and then stalling, causing connections to remain open indefinitely, leading to a denial of service. This vulnerability is fixed in 3.6.8.
Source : NVD
## 7.5
Score
Published February 12, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.7
Exploitation Probability (EPSS)
Wiz
CVE-2026-27135 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-27135 [HIGH] CVE-2026-27135 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27135 :
NixOS vulnerability analysis and mitigation
nghttp2_session_terminate_session
nghttp2_session_terminate_session2
Source : NVD
## 7.5
Score
Published March 18, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Node.js
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
nodejs24-libs
nodejs-libs
Sources
NVD
Alpine edge Severity HIGH Has Fix Added at: Apr 05, 2026
CBL-Mariner 2.0, 3.0 Severity HIGH Has Fix Added at: Mar 29, 2026
Chainguard Has Fix Added at: Mar 19, 2026
Container-Optimized OS Severity HIGH Has Fix Added at: Apr 05, 2026
Debian 11, 12, 13 Severity HIGH No Fix Added
Wiz
CVE-2026-2922 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-2922 [HIGH] CVE-2026-2922 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2922 :
NixOS vulnerability analysis and mitigation
GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the processing of video packets. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28845.
Source : NVD
## 7.8
Score
Published March 16, 2026
Severity HIGH
CNA Score
Wiz
CVE-2026-27585 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-27585 [MEDIUM] CVE-2026-27585 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27585 :
NixOS vulnerability analysis and mitigation
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations. Version 2.11.1 fixes the issue.
Source : NVD
## 6.9
Score
Published February 24, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 34.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
github.com/caddyserver/caddy
github.com/caddyserver/cadd
Wiz
CVE-2026-2796 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2796 [CRITICAL] CVE-2026-2796 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2796 :
NixOS vulnerability analysis and mitigation
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 24.9
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
firefox
thunderbird
Sources
Homebrew Severity CRITICAL Has Fix Added at: Mar 03, 2026
Nix Severity CRITICAL Has Fix Added at: Mar 03, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added at: Mar 02, 2026
Linux Severity CRITICAL Has Fix Added at: Feb 2
Wiz
CVE-2026-20981 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2026-20981 [MEDIUM] CVE-2026-20981 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20981 :
NixOS vulnerability analysis and mitigation
Improper input validation in FacAtFunction prior to SMR Feb-2026 Release 1 allows privileged physical attacker to execute arbitrary command with system privilege.
Source : NVD
## 5.4
Score
Published February 4, 2026
Severity MEDIUM
CNA Score 5.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Feb 08, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS
Wiz
CVE-2026-31961 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-31961 [MEDIUM] CVE-2026-31961 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31961 :
NixOS vulnerability analysis and mitigation
Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in environments such as CI/CD pipelines, shared signing services, or any workflow where externally-submitted binaries are accepted for signing. When parsing a Mach-O binary, Quill reads several size and count fields from the LC_CODE_SIGNATURE load command and embedded code signing structures (SuperBlob, BlobIndex) and uses them to allocate memory buffers without validating that the values are reasonable or consistent with the actual file siz
Wiz
CVE-2026-0884 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-0884 [CRITICAL] CVE-2026-0884 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0884 :
NixOS vulnerability analysis and mitigation
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
Source : NVD
## 9.8
Score
Published January 13, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
rhel10::firefox-flatpak.src
rhel10::thunderbird-flatpak
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Feb 11, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Jan 20, 2026
Debian 11, 12, 13, 14 Severity CRITIC
Wiz
CVE-2026-28218 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-28218 [MEDIUM] CVE-2026-28218 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28218 :
NixOS vulnerability analysis and mitigation
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, fail-open access control in Data Explorer plugin allows any authenticated user to execute SQL queries that have no explicit group assignments, including built-in system queries. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. As a workaround, either explicitly set group permissions on each Data Explorer query that doesn't have permissions, or disable discourse-data-explorer plugin.
Source : NVD
## 5.3
Score
Published February 26, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exp
Wiz
CVE-2026-4718 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4718 [HIGH] CVE-2026-4718 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4718 :
NixOS vulnerability analysis and mitigation
Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 8.1
Score
Published March 24, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaFirefox-devel
firefox-esr
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix Added at: Mar 29, 2026
Debian 11, 12, 13,
Wiz
CVE-2025-48605 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2025-48605 [HIGH] CVE-2025-48605 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48605 :
NixOS vulnerability analysis and mitigation
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 8.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of C
Wiz
CVE-2025-61614 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-61614 [HIGH] CVE-2025-61614 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61614 :
NixOS vulnerability analysis and mitigation
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Source : NVD
## 7.5
Score
Published March 9, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 10, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Ni
Wiz
CVE-2026-2768 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 10.0
CVE-2026-2768 [CRITICAL] CVE-2026-2768 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2768 :
NixOS vulnerability analysis and mitigation
Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 10
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 10.0
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 26.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
MozillaFirefox-translations-other
thunderbird-flatpak
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13, 14 Severity CRITI
Wiz
CVE-2026-0925 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.7
CVE-2026-0925 [LOW] CVE-2026-0925 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0925 :
NixOS vulnerability analysis and mitigation
Tanium addressed an improper input validation vulnerability in Discover.
Source : NVD
## 4.9
Score
Published January 26, 2026
Severity MEDIUM
CNA Score 2.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
discover
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Mar 10, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Wiz
CVE-2026-1173 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-1173 [MEDIUM] CVE-2026-1173 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1173 :
NixOS vulnerability analysis and mitigation
A vulnerability was found in birkir prime up to 0.4.0.beta.0. The impacted element is an unknown function of the file /graphql of the component GraphQL Array Based Query Batch Handler. The manipulation results in denial of service. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Source : NVD
## 5.5
Score
Published January 19, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 33.4
Exploitation Probability (EPSS) 0.1
Affected p
Wiz
CVE-2026-25053 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.4
CVE-2026-25053 [CRITICAL] CVE-2026-25053 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25053 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been patched in versions 1.123.10 and 2.5.0.
Source : NVD
## 9.4
Score
Published February 4, 2026
Severity CRITICAL
CNA Score 9.4
Affected Technologies
NixOS
n8n
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
n8n
Sources
NVD
npm Severity CRITICAL Has Fix Added
Wiz
CVE-2026-0821 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-0821 [MEDIUM] CVE-2026-0821 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0821 :
NixOS vulnerability analysis and mitigation
A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called c5d80831e51e48a83eab16ea867be87f091783c5. A patch should be applied to remediate this issue.
Source : NVD
## 6.9
Score
Published January 10, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 33
Exploitation Probabilit
Wiz
CVE-2025-14328 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-14328 [HIGH] CVE-2025-14328 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14328 :
NixOS vulnerability analysis and mitigation
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
Source : NVD
## 8.8
Score
Published December 9, 2025
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
MozillaFirefox-translations-common
MozillaFirefox-translations-other
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Dec 12, 2025
AlmaLinux 9 Severity HIGH Has Fix Added at: Dec 12, 2025
Debian 11, 12, 13, 14 Sever
Wiz
CVE-2025-15277 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-15277 [HIGH] CVE-2025-15277 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15277 :
NixOS vulnerability analysis and mitigation
FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of scanlines within SGI files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27920.
Source : NVD
## 7.8
Score
Published December 31, 2025
Severit
Wiz
CVE-2025-13476 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-13476 [CRITICAL] CVE-2025-13476 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-13476 :
NixOS vulnerability analysis and mitigation
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (DPI) systems to trivially identify and block proxy traffic, undermining censorship circumvention. (CWE-327)
Source : NVD
## 9.8
Score
Published March 5, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Viber
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:rakuten:viber:*:*:*:*:*:windows:*:*
viber
Sources
Homebrew Severity CRIT
Wiz
CVE-2026-20413 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2026-20413 [MEDIUM] CVE-2026-20413 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20413 :
NixOS vulnerability analysis and mitigation
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362725; Issue ID: MSV-5694.
Source : NVD
## 6.7
Score
Published February 2, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Feb 04, 2026
## Get a CVE risk assessment
Ge
Wiz
CVE-2025-61613 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-61613 [HIGH] CVE-2025-61613 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61613 :
NixOS vulnerability analysis and mitigation
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Source : NVD
## 7.5
Score
Published March 9, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 10, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Ni
Wiz
CVE-2026-0883 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-0883 [MEDIUM] CVE-2026-0883 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0883 :
NixOS vulnerability analysis and mitigation
Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
Source : NVD
## 5.3
Score
Published January 13, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaFirefox-devel
rhel10::thunderbird-flatpak.src
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Feb 11, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Jan 20, 2026
Debian 11, 12, 13, 14 Severity MEDIUM Has
Wiz
CVE-2025-68939 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2025-68939 [HIGH] CVE-2025-68939 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68939 :
NixOS vulnerability analysis and mitigation
Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.
Source : NVD
## 5.3
Score
Published December 26, 2025
Severity MEDIUM
CNA Score 8.2
Affected Technologies
NixOS
Gitea
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gitea
cpe:2.3:a:gitea:gitea
Sources
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21 Severity MEDIUM No Fix Added at: Jan 03, 2026
Chainguard Has Fix Added at: Dec 28, 2025
GoLang Severity HIGH Has Fix Added at: De
Wiz
CVE-2025-68944 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.0
CVE-2025-68944 [MEDIUM] CVE-2025-68944 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68944 :
NixOS vulnerability analysis and mitigation
Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.
Source : NVD
## 5.3
Score
Published December 26, 2025
Severity MEDIUM
CNA Score 5.0
Affected Technologies
NixOS
Gitea
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gitea
code.gitea.io/gitea
Sources
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20 Severity MEDIUM No Fix Added at: Jan 01, 2026
Chainguard Has Fix Added at: Dec 28, 2025
GoLang Severity MEDIUM Has Fix Added at: Dec 28, 2025
H
Wiz
CVE-2025-48645 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-48645 [HIGH] CVE-2025-48645 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48645 :
NixOS vulnerability analysis and mitigation
In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 7.8
Score
Published March 2, 2026
Severity HIGH
CNA Score 9.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in
Wiz
CVE-2020-36941 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2020-36941 [MEDIUM] CVE-2020-36941 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2020-36941 :
NixOS vulnerability analysis and mitigation
Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet applications.
Source : NVD
## 5.3
Score
Published January 27, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 22
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
knockpy
Sources
NVD
Nix Severity CRITICAL No Fix Added at: Mar 26, 2026
## Get a CVE
Wiz
CVE-2026-33550 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33550 [MEDIUM] CVE-2026-33550 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33550 :
NixOS vulnerability analysis and mitigation
SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended).
Source : NVD
## 2.6
Score
Published March 22, 2026
Severity LOW
CNA Score 2.0
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
sogo
Sources
NVD
Debian 11, 12, 13 Severity LOW No Fix Added at: Mar 22, 2026
Debian 14 Severity LOW Has Fix Added at: Mar 22, 2026
Echo Severity LOW No Fix Added at: Mar 22, 2026
Nix Severity LOW Has Fix Added at: Mar 24, 2026
##
Wiz
CVE-2026-0889 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-0889 [HIGH] CVE-2026-0889 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0889 :
NixOS vulnerability analysis and mitigation
Denial-of-service in the DOM: Service Workers component. This vulnerability affects Firefox < 147 and Thunderbird < 147.
Source : NVD
## 7.5
Score
Published January 13, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firefox
thunderbird
Sources
Homebrew Severity HIGH Has Fix Added at: Jan 23, 2026
Nix Severity HIGH Has Fix Added at: Jan 23, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added at: Jan 15, 2026
Linux Severity HIGH Has Fix Added at: Jan 14, 2026
Windows Seve
Wiz
CVE-2026-23491 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-23491 [CRITICAL] CVE-2026-23491 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23491 :
NixOS vulnerability analysis and mitigation
get_file
Guest
Get
Source : NVD
## 9.3
Score
Published February 18, 2026
Severity CRITICAL
CNA Score 9.3
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 28
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
invoiceplane
Sources
NVD
Nix Severity HIGH Has Fix Added at: Feb 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published date
CVE-2026-4370
CR
Wiz
CVE-2026-26932 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.7
CVE-2026-26932 [MEDIUM] CVE-2026-26932 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26932 :
NixOS vulnerability analysis and mitigation
Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requires the pgsql protocol to be explicitly enabled and configured to monitor traffic on the targeted port.
Source : NVD
## 7.5
Score
Published February 26, 2026
Severity HIGH
CNA Score 5.7
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.6
Exploitation Probability (EPSS) N/A
Affected package
Wiz
CVE-2026-25952 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-25952 [MEDIUM] CVE-2026-25952 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25952 :
NixOS vulnerability analysis and mitigation
xf_SetWindowMinMaxInfo
xfAppWindow
xf_rail_get_window
xf_rail_server_min_max_info
railWindows
Source : NVD
## 5.5
Score
Published February 25, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 30.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
freerdp-libs-debuginfo
freerdp-server-debuginfo
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23, edge Severity CRITICAL Has Fix Added at: Mar 02, 2026
Chainguard Has Fix Added at: Mar 02, 2026
Debian 11, 13 Severity CRITICAL No
Wiz
CVE-2025-33241 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-33241 [HIGH] CVE-2025-33241 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-33241 :
NixOS vulnerability analysis and mitigation
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Source : NVD
## 7.8
Score
Published February 18, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 37.7
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
nemo
Sources
NVD
Nix Severity HIGH Has Fix Added at: Feb 24, 2026
## Get a CVE risk assessment
Get a priorit
Wiz
CVE-2026-2797 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2797 [CRITICAL] CVE-2026-2797 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2797 :
NixOS vulnerability analysis and mitigation
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
thunderbird
cpe:2.3:a:mozilla:firefox
Sources
Homebrew Severity CRITICAL Has Fix Added at: Mar 03, 2026
Nix Severity CRITICAL Has Fix Added at: Mar 03, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added at: Mar 02, 2026
Linux Severity CRITICAL Has Fix Added at:
Wiz
CVE-2025-61642 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2025-61642 [MEDIUM] CVE-2025-61642 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61642 :
NixOS vulnerability analysis and mitigation
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/CodexHTMLForm.Php, includes/htmlform/fields/HTMLButtonField.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 13, 14 Severity MEDIUM
Wiz
CVE-2026-2770 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2770 [CRITICAL] CVE-2026-2770 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2770 :
NixOS vulnerability analysis and mitigation
Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
firefox
rhel10::thunderbird-flatpak
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13, 14 Severi
Wiz
CVE-2026-23532 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2026-23532 [HIGH] CVE-2026-23532 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23532 :
NixOS vulnerability analysis and mitigation
gdi_SurfaceToSurface
Source : NVD
## 7.7
Score
Published January 19, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 33.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
libwinpr-devel
freerdp-wayland
Sources
NVD
AlmaLinux 8 Severity HIGH Has Fix Added at: Feb 08, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Feb 11, 2026
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23 Severity CRITICAL Has Fix Added at: Jan 29, 2026
Alpine edge Severity CRITICAL Has Fix Added at: Jan 26, 202
Wiz
CVE-2026-26207 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2026-26207 [MEDIUM] CVE-2026-26207 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26207 :
NixOS vulnerability analysis and mitigation
discourse-policy
PolicyController
guardian.can_see?(@post)
set_post
policy_enabled = false
Source : NVD
## 5.4
Score
Published February 26, 2026
Severity MEDIUM
CNA Score 5.4
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discourse
Sources
Nix Severity MEDIUM No Fix Added at: Mar 03, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 02, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 03, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so
Wiz
CVE-2025-20785 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2025-20785 [MEDIUM] CVE-2025-20785 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20785 :
NixOS vulnerability analysis and mitigation
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4677.
Source : NVD
## 6.7
Score
Published January 6, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a priori
Wiz
CVE-2026-2798 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-2798 [HIGH] CVE-2026-2798 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2798 :
NixOS vulnerability analysis and mitigation
Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
Source : NVD
## 8.8
Score
Published February 24, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mozilla:firefox
cpe:2.3:a:mozilla:thunderbird
Sources
Homebrew Severity HIGH Has Fix Added at: Mar 03, 2026
Nix Severity HIGH Has Fix Added at: Mar 03, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added at: Mar 02, 2026
Linux Severity HIGH Has Fix Added
Wiz
CVE-2026-25160 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2026-25160 [CRITICAL] CVE-2026-25160 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25160 :
NixOS vulnerability analysis and mitigation
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle (MitM) attacks. This enables the complete decryption, theft, and manipulation of all data transmitted during storage operations, severely compromising the confidentiality and integrity of user data. This issue has been patched in version 3.57.0.
Source : NVD
## 7.4
Score
Published February 4, 2026
Severity HIGH
CNA Score 9.1
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due D
Wiz
CVE-2026-23534 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2026-23534 [HIGH] CVE-2026-23534 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23534 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
Source : NVD
## 7.7
Score
Published January 19, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due D
Wiz
CVE-2025-15571 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2025-15571 [MEDIUM] CVE-2025-15571 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15571 :
NixOS vulnerability analysis and mitigation
A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Source : NVD
## 4.8
Score
Published February 10, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.2
Exploitation Probability (EPSS) N/A
Aff
Wiz
CVE-2026-2183 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-2183 [MEDIUM] CVE-2026-2183 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2183 :
NixOS vulnerability analysis and mitigation
A security vulnerability has been detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This affects an unknown part of the file /restructured/csv.php. The manipulation leads to unrestricted upload. Remote exploitation of the attack is possible. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The code repository of the project has not been active for many years.
Source : NVD
## 5.3
Score
Published February 8, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
E
Wiz
CVE-2026-27151 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.3
CVE-2026-27151 [LOW] CVE-2026-27151 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27151 :
NixOS vulnerability analysis and mitigation
move_posts
can_move_posts?
Source : NVD
## 1.3
Score
Published February 26, 2026
Severity LOW
CNA Score 1.3
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discourse
Sources
Nix Severity LOW No Fix Added at: Mar 03, 2026
Linux Severity LOW Has Fix Added at: Mar 02, 2026
Linux Severity LOW Has Fix Added at: Mar 03, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixO
Wiz
CVE-2026-26200 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-26200 [HIGH] CVE-2026-26200 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26200 :
NixOS vulnerability analysis and mitigation
h5
Source : NVD
## 7.8
Score
Published February 19, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
hdf5
cpe:2.3:a:hdfgroup:hdf5
Sources
Alpine 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19 Severity HIGH No Fix Added at: Feb 21, 2026
Echo Severity HIGH Has Fix Added at: Feb 20, 2026
Homebrew Severity HIGH Has Fix Added at: Feb 24, 2026
Nix Severity HIGH Has Fix Added at: Feb 24, 2026
Windows Severity HIGH Has Fix Added at: Feb 20, 2026
Windows Severity HIGH Has Fix Add
Wiz
CVE-2026-32305 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32305 [MEDIUM] CVE-2026-32305 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32305 :
NixOS vulnerability analysis and mitigation
Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records, Traefik's SNI extraction may fail with an EOF and return an empty SNI. The TCP router then falls back to the default TLS configuration, which does not require client certificates by default. This allows an attacker to bypass route-level mTLS enforcement and access services that should require mutual TLS authentication. This issue is patched in versions 2.11.41, 3.6.11 and 3.7.0-ea.2.
Source : NVD
## 7.8
Score
Published March 20
Wiz
CVE-2025-48585 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.2
CVE-2025-48585 [MEDIUM] CVE-2025-48585 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48585 :
NixOS vulnerability analysis and mitigation
In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 6.2
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 6.2
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view
Wiz
CVE-2026-33469 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33469 [MEDIUM] CVE-2026-33469 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33469 :
NixOS vulnerability analysis and mitigation
/api/config/raw
/api/config
config.yml
/api/config/raw_paths
/api/config/raw
Source : NVD
## 6.5
Score
Published March 26, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
frigate
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Apr 05, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KE
Wiz
CVE-2026-26998 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.4
CVE-2026-26998 [MEDIUM] CVE-2026-26998 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26998 :
NixOS vulnerability analysis and mitigation
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When Traefik is configured to use the ForwardAuth middleware, the response body from the authentication server is read entirely into memory without any size limit. There is no maxResponseBodySize configuration to restrict the amount of data read from the authentication server response. If the authentication server returns an unexpectedly large or unbounded response body, Traefik will allocate unlimited memory, potentially causing an out-of-memory (OOM) condition that crashes the process. This results in a denial of service for all routes served b
Wiz
CVE-2026-2258 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-2258 [MEDIUM] CVE-2026-2258 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2258 :
NixOS vulnerability analysis and mitigation
A flaw has been found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCollapse in the library dev/src/lobster/wfc.h. Executing a manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been published and may be used. This patch is called c2047a33e1ac2c42ab7e8704b33f7ea518a11ffd. It is advisable to implement a patch to correct this issue.
Source : NVD
## 4.8
Score
Published February 10, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.8
Exploitation Probability (EPSS) N/
Wiz
CVE-2026-27149 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.9
CVE-2026-27149 [MEDIUM] CVE-2026-27149 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27149 :
NixOS vulnerability analysis and mitigation
list_private_messages_tag
Source : NVD
## 4.9
Score
Published February 26, 2026
Severity MEDIUM
CNA Score 4.9
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discourse
Sources
Nix Severity MEDIUM No Fix Added at: Mar 03, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 02, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 03, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Rela
Wiz
CVE-2025-14512 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-14512 [MEDIUM] CVE-2025-14512 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14512 :
NixOS vulnerability analysis and mitigation
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
Source : NVD
## 6.5
Score
Published December 11, 2025
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
CBL Mariner
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.7
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
glib2-lang
libgobject-2_0-0
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.2
Wiz
CVE-2026-0014 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.2
CVE-2026-0014 [MEDIUM] CVE-2026-0014 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0014 :
NixOS vulnerability analysis and mitigation
In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 6.2
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 6.2
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view
Wiz
CVE-2026-1998 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-1998 [MEDIUM] CVE-2026-1998 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1998 :
NixOS vulnerability analysis and mitigation
A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be launched locally. The exploit has been published and may be used. Patch name: 570744d06c5ba9dba59b4c3f432ca4f0abd396b6. It is suggested to install a patch to address this issue.
Source : NVD
## 4.8
Score
Published February 6, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
micropytho
Wiz
CVE-2026-24868 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-24868 [MEDIUM] CVE-2026-24868 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24868 :
NixOS vulnerability analysis and mitigation
Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 147.0.2.
Source : NVD
## 6.5
Score
Published January 27, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
firefox
cpe:2.3:a:mozilla:firefox
Sources
Alpine 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23 Severity MEDIUM No Fix Added at: Jan 30, 2026
Alpine edge Severity HIGH No Fix Added at: Jan 30, 2026
Homebrew Severity MEDIUM Has Fix Added at: Feb
Wiz
CVE-2026-4726 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-4726 [MEDIUM] CVE-2026-4726 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4726 :
NixOS vulnerability analysis and mitigation
Denial-of-service in the XML component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
Source : NVD
## 7.5
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mozilla:firefox
cpe:2.3:a:mozilla:thunderbird
Sources
Chainguard Has Fix Added at: Mar 29, 2026
Homebrew Severity HIGH Has Fix Added at: Mar 29, 2026
Nix Severity HIGH Has Fix Added at: Mar 29, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added at: Mar 29, 2026
Linux S
Wiz
CVE-2026-27631 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.7
CVE-2026-27631 [LOW] CVE-2026-27631 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27631 :
NixOS vulnerability analysis and mitigation
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8.
Source : NVD
## 2.7
Score
Published March 2, 2026
Severity LOW
CNA Score 2.7
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exp
Wiz
CVE-2026-32136 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32136 [MEDIUM] CVE-2026-32136 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32136 :
NixOS vulnerability analysis and mitigation
AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext (h2c). Once the upgrade is accepted, the resulting HTTP/2 connection is handled by the inner mux, which has no authentication middleware attached. All subsequent HTTP/2 requests on that connection are processed as fully authenticated, regardless of whether any credentials were provided. This vulnerability is fixed in 0.107.73.
Source : NVD
## 9.8
Score
Published March 11, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV
Wiz
CVE-2025-68433 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2025-68433 [HIGH] CVE-2025-68433 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68433 :
NixOS vulnerability analysis and mitigation
settings.json
.zed
./zed/settings.json
Source : NVD
## 7.3
Score
Published December 17, 2025
Severity HIGH
CNA Score 7.7
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
zed
Sources
NVD
Chainguard Has Fix Added at: Feb 20, 2026
Homebrew Severity HIGH Has Fix Added at: Feb 20, 2026
Nix Severity HIGH Has Fix Added at: Feb 20, 2026
Wolfi Has Fix Added at: Feb 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
##
Wiz
CVE-2025-14861 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-14861 [HIGH] CVE-2025-14861 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14861 :
NixOS vulnerability analysis and mitigation
Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146.0.1.
Source : NVD
## 8.8
Score
Published December 18, 2025
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:mozilla:firefox
firefox
Sources
Alpine 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, edge Severity HIGH N
Wiz
CVE-2026-31964 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-31964 [MEDIUM] CVE-2026-31964 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31964 :
NixOS vulnerability analysis and mitigation
CONST
XPACK
XRLE
Source : NVD
## 6.9
Score
Published March 18, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
samtools
samtools-debuginfo
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Mar 19, 2026
Echo Severity HIGH No Fix Added at: Mar 19, 2026
Homebrew Severity HIGH Has Fix Added at: Mar 20, 2026
Nix Severity HIGH Has Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what'
Wiz
CVE-2026-0026 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-0026 [HIGH] CVE-2026-0026 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0026 :
NixOS vulnerability analysis and mitigation
In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Source : NVD
## 7.8
Score
Published March 2, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a
Wiz
CVE-2026-2783 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-2783 [HIGH] CVE-2026-2783 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2783 :
NixOS vulnerability analysis and mitigation
Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 7.5
Score
Published February 24, 2026
Severity HIGH
CNA Score 6.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firefox-debugsource
rhel10::firefox-flatpak
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 1
Wiz
CVE-2025-9572 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.0
CVE-2025-9572 [MEDIUM] CVE-2025-9572 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-9572 :
NixOS vulnerability analysis and mitigation
n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.
Source : NVD
## 6.5
Score
Published February 27, 2026
Severity MEDIUM
CNA Score 5.0
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
foreman
Sources
NVD
Homebrew Severity MEDIUM Has Fix Added at: Mar 19, 2026
Nix Severity MEDIUM Has F
Wiz
CVE-2026-2239 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.8
CVE-2026-2239 [LOW] CVE-2026-2239 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2239 :
NixOS vulnerability analysis and mitigation
A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read when strlen() is subsequently called. Successfully exploiting this vulnerability can cause the application to crash, resulting in an application level Denial of Service.
Source : NVD
## 6.5
Score
Published March 26, 2026
Severity MEDIUM
CNA Score 2.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (E
Wiz
CVE-2026-2781 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2781 [CRITICAL] CVE-2026-2781 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2781 :
NixOS vulnerability analysis and mitigation
Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
libfreebl3
libsoftokn3
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13, 14 Severity CRITICAL Has Fix Added at: Feb 24, 2
Wiz
CVE-2026-22856 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2026-22856 [MEDIUM] CVE-2026-22856 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22856 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial->IrpThreads while another reads it. This vulnerability is fixed in 3.20.1.
Source : NVD
## 6.8
Score
Published January 14, 2026
Severity MEDIUM
CNA Score 6.8
Affected Technologies
NixOS
Alma Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
freerdp-debugsource
freerdp2-server
Sources
NVD
AlmaLinux 9 Severity HIGH Has Fix Added at: Apr 02
Wiz
CVE-2025-15324 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.6
CVE-2025-15324 [MEDIUM] CVE-2025-15324 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15324 :
NixOS vulnerability analysis and mitigation
Tanium addressed a documentation issue in Engage.
Source : NVD
## 6.6
Score
Published February 5, 2026
Severity MEDIUM
CNA Score 6.6
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
engage
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Feb 11, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published d
Wiz
CVE-2026-31967 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-31967 [MEDIUM] CVE-2026-31967 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31967 :
NixOS vulnerability analysis and mitigation
cram_decode_slice()
Source : NVD
## 6.9
Score
Published March 18, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
htslib
Sources
NVD
Debian 11, 12, 13, 14 Severity CRITICAL No Fix Added at: Mar 19, 2026
Echo Severity CRITICAL No Fix Added at: Mar 19, 2026
Homebrew Severity CRITICAL Has Fix Added at: Mar 20, 2026
Nix Severity CRITICAL Has Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's expl
Wiz
CVE-2026-31854 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-31854 [HIGH] CVE-2026-31854 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31854 :
NixOS vulnerability analysis and mitigation
Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them in order to “assist” the user. When combined with a bypass of the command whitelist mechanism, such indirect prompt injections could result in commands being executed automatically, without the user’s explicit intent, thereby posing a significant security risk. This vulnerability is fixed in 2.0.
Source : NVD
## 8.7
Score
Published March 11, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPS
Wiz
CVE-2025-68615 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-68615 [CRITICAL] CVE-2025-68615 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68615 :
NixOS vulnerability analysis and mitigation
net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2.
Source : NVD
## 9.8
Score
Published December 23, 2025
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 45.5
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
net-snmp-libs
net-snmp-devel-32bit
Sources
NVD
AlmaLinux 8 Severity HIGH Has Fix Added at: Jan 21, 2026
Wiz
CVE-2026-4719 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4719 [HIGH] CVE-2026-4719 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4719 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 7.5
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
thunderbird
firefox
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix Added at: Mar 29, 2026
Debian 11, 12, 13, 14 Se
Wiz
CVE-2026-33422 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33422 [MEDIUM] CVE-2026-33422 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33422 :
NixOS vulnerability analysis and mitigation
ip_address
Source : NVD
## 4.3
Score
Published March 20, 2026
Severity MEDIUM
CNA Score 3.5
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
discourse
cpe:2.3:a:discourse:discourse
Sources
Nix Severity MEDIUM No Fix Added at: Mar 26, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 21, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 26, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulner
Wiz
CVE-2025-15271 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-15271 [HIGH] CVE-2025-15271 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15271 :
NixOS vulnerability analysis and mitigation
FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SFD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated array. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28562.
Source : NVD
## 8.8
Score
Published December 31, 2025
Severity HIGH
CNA
Wiz
CVE-2025-50343 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-50343 [CRITICAL] CVE-2025-50343 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-50343 :
NixOS vulnerability analysis and mitigation
An issue was discovered in matio 1.5.28. A heap-based memory corruption can occur in Mat_VarCreateStruct() when the nfields value does not match the actual number of strings in the fields array. This leads to out-of-bounds reads and invalid memory frees during cleanup, potentially causing a segmentation fault or heap corruption.
Source : NVD
## 9.8
Score
Published December 30, 2025
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 22.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
matio
libmatio
Sources
NVD
Debian 11, 14 S
Wiz
CVE-2025-20784 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2025-20784 [MEDIUM] CVE-2025-20784 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20784 :
NixOS vulnerability analysis and mitigation
In display, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4683.
Source : NVD
## 6.7
Score
Published January 6, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a pr
Wiz
CVE-2025-68934 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-68934 [MEDIUM] CVE-2025-68934 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68934 :
NixOS vulnerability analysis and mitigation
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause O(n^2) processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as the shared worker pool becomes exhausted. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. Lowering the max_draft_length site setting reduces attack surface but does not fully mitigate the issue, as payloads under the limit can still trigger the slow code path.
Source : NVD
## 6.5
Score
Published January 28, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Discourse
Has Public Ex
Wiz
CVE-2025-69645 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-69645 [MEDIUM] CVE-2025-69645 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69645 :
NixOS vulnerability analysis and mitigation
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.
Source : NVD
## 5.5
Score
Published March 6, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.2
Exploitation Probability (EPSS) N/A
A
Wiz
CVE-2025-14957 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2025-14957 [MEDIUM] CVE-2025-14957 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14957 :
NixOS vulnerability analysis and mitigation
A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer dereference. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is 6fb2b917a79578ab44cf3b900a6da4c27251e0d4. Applying a patch is advised to resolve this issue.
Source : NVD
## 4.8
Score
Published December 19, 2025
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N
Wiz
CVE-2026-25578 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.1
CVE-2026-25578 [MEDIUM] CVE-2026-25578 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25578 :
NixOS vulnerability analysis and mitigation
Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, a cross-site scripting vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. This issue has been patched in version 0.60.0.
Source : NVD
## 6.1
Score
Published February 4, 2026
Severity MEDIUM
CNA Score 6.1
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
navidrome
github.com/navidrome/navidrome
Sources
NVD
Alpine 3.19,
Wiz
CVE-2026-27494 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2026-27494 [HIGH] CVE-2026-27494 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27494 :
NixOS vulnerability analysis and mitigation
N8N_RUNNERS_ENABLED=true
n8n-nodes-base.code
NODES_EXCLUDE
Source : NVD
## 7.1
Score
Published February 25, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
NixOS
n8n
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 23.1
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
n8n
Sources
NVD
npm Severity HIGH Has Fix Added at: Mar 02, 2026
Nix Severity CRITICAL Has Fix Added at: Mar 09, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Tec
Wiz
CVE-2025-48579 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2025-48579 [HIGH] CVE-2025-48579 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48579 :
NixOS vulnerability analysis and mitigation
In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 8.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized v
Wiz
CVE-2025-40894 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.1
CVE-2025-40894 [LOW] CVE-2025-40894 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40894 :
NixOS vulnerability analysis and mitigation
A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter.
A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alerted Nodes Dashboard, and alerts are reported for the affected node, then the injected HTML may render in the browser of a victim user interacting with it, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
Source : NVD
## 2.1
Score
Published March 4, 2026
Severity LOW
CNA Score 2
Wiz
CVE-2025-70304 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-70304 [HIGH] CVE-2025-70304 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-70304 :
NixOS vulnerability analysis and mitigation
A buffer overflow in the vobsub_get_subpic_duration() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.
Source : NVD
## 7.5
Score
Published January 15, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gpac
Sources
NVD
Debian 11 Severity HIGH No Fix Added at: Jan 18, 2026
Homebrew Severity HIGH No Fix Added at: Jan 26, 2026
Nix Severity HIGH No Fix Added at: Jan 26, 2026
## Get a CVE risk assessment
Get a prioritized view of
Wiz
CVE-2026-0885 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-0885 [MEDIUM] CVE-2026-0885 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0885 :
NixOS vulnerability analysis and mitigation
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
Source : NVD
## 6.5
Score
Published January 13, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaThunderbird-openpgp-librnp
rhel10::firefox-flatpak.src
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Feb 11, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Jan 20, 2026
Debian 11, 12, 13, 14 Severity MEDIU
Wiz
CVE-2026-26281 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.4
CVE-2026-26281 [MEDIUM] CVE-2026-26281 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26281 :
NixOS vulnerability analysis and mitigation
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A stored cross-site scripting (XSS) vulnerability in the Sumex invoice view allows an authenticated user with client and invoice management privileges to execute arbitrary JavaScript in the browser of any user viewing the invoice. This can lead to session hijacking, data theft, or other malicious actions on behalf of the victim user. Version 1.7.1 patches the issue.
Source : NVD
## 4.4
Score
Published February 18, 2026
Severity MEDIUM
CNA Score 4.4
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS)
Wiz
CVE-2025-67125 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.4
CVE-2025-67125 [MEDIUM] CVE-2025-67125 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67125 :
NixOS vulnerability analysis and mitigation
A signed integer overflow in docopt.cpp v0.6.2 (LeafPattern::match in docopt_private.h) when merging occurrence counters (e.g., default LONG_MAX + first user "-v/--verbose") can cause counter wrap (negative/unbounded semantics) and lead to logic/policy bypass in applications that rely on occurrence-based limits, rate-gating, or safety toggles. In hardened builds (e.g., UBSan or -ftrapv), the overflow may also result in process abort (DoS).
Source : NVD
## 4.4
Score
Published January 23, 2026
Severity MEDIUM
CNA Score 4.4
Affected Technologies
NixOS
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.7
Exploit
Wiz
CVE-2025-61144 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.3
CVE-2025-61144 [HIGH] CVE-2025-61144 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61144 :
NixOS vulnerability analysis and mitigation
libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function.
Source : NVD
## 7.3
Score
Published February 23, 2026
Severity HIGH
CNA Score 9.8
Affected Technologies
NixOS
Alma Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mingw32-libtiff
mingw32-libtiff-static
Sources
NVD
CBL-Mariner 2.0, 3.0 Severity CRITICAL Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13 Severity LOW No Fix Added at: Feb 24, 2026
Debian 14 Severity LOW Has Fix Added at: Feb 24, 2026
Echo Severity HIGH Has Fix Add
Wiz
CVE-2026-29776 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.1
CVE-2026-29776 [LOW] CVE-2026-29776 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-29776 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in update_read_cache_bitmap_order Function of FreeRDP's Core Library This vulnerability is fixed in 3.24.0.
Source : NVD
## 3.1
Score
Published March 13, 2026
Severity LOW
CNA Score 3.1
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
freerdp
freerdp-debugsource
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22 Severity LOW Has Fix Added at: Mar 18, 2026
Alpine 3.23,
Wiz
CVE-2026-32595 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32595 [MEDIUM] CVE-2026-32595 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32595 :
NixOS vulnerability analysis and mitigation
Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 comtain BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taking ~166ms. When the username does not exist, the response returns immediately in ~0.6ms. This ~298x timing difference is observable over the network and allows an unauthenticated attacker to reliably distinguish valid from invalid usernames. This issue is patched in versions 2.11.41, 3.6.11 and 3.7.0-ea.2.
Source : NVD
## 6.3
Score
Published March 20, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
NixOS
Wolfi
Ha
Wiz
CVE-2026-2774 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2774 [CRITICAL] CVE-2026-2774 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2774 :
NixOS vulnerability analysis and mitigation
Integer overflow in the Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
MozillaFirefox-branding-upstream
firefox-x11
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13, 14 Severi
Wiz
CVE-2026-0012 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.2
CVE-2026-0012 [MEDIUM] CVE-2026-0012 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0012 :
NixOS vulnerability analysis and mitigation
In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 6.2
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 6.2
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized
Wiz
CVE-2026-3102 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-3102 [MEDIUM] CVE-2026-3102 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3102 :
NixOS vulnerability analysis and mitigation
A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 13.50 is capable of addressing this issue. Patch name: e9609a9bcc0d32bd252a709a562fb822d6dd86f7. Upgrading the affected component is recommended.
Source : NVD
## 5.3
Score
Published February 24, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV R
Wiz
CVE-2026-4701 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4701 [HIGH] CVE-2026-4701 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4701 :
NixOS vulnerability analysis and mitigation
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 9.8
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
rhel10::firefox-flatpak.src
rhel10::thunderbird-flatpak
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix Added at: Mar 29, 2026
Wiz
CVE-2025-33236 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-33236 [HIGH] CVE-2025-33236 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-33236 :
NixOS vulnerability analysis and mitigation
NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Source : NVD
## 7.8
Score
Published February 18, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
nemo
Sources
NVD
Nix Severity HIGH Has Fix Added at: Feb 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in
Wiz
CVE-2026-32275 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32275 [MEDIUM] CVE-2026-32275 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32275 :
NixOS vulnerability analysis and mitigation
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 1.3.10 to before version 2.17.0, an unsanitized JSONP callback parameter allows cross-origin script injection and API key theft. This issue has been patched in version 2.17.0.
Source : NVD
## 7.4
Score
Published March 30, 2026
Severity HIGH
CNA Score 7.4
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
tautulli
Sources
NVD
Nix Severity CRITICAL Has Fix Added at: Apr 05, 2026
## Get a CVE risk assessment
Get a prioritized vi
Wiz
CVE-2026-33428 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33428 [MEDIUM] CVE-2026-33428 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33428 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a non-staff user with elevated group membership could access deleted posts belonging to any user due to an overly broad authorization check on the deleted posts index endpoint. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.
Source : NVD
## 4.9
Score
Published March 21, 2026
Severity MEDIUM
CNA Score 4.9
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.6
Exploitation Probability (EPSS) N/A
Affected packages and librari
Wiz
CVE-2025-66488 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.6
CVE-2025-66488 [MEDIUM] CVE-2025-66488 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66488 :
NixOS vulnerability analysis and mitigation
Discourse is an open source discussion platform. A vulnerability present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 affects anyone who uses S3 for uploads. While scripts may be executed, they will only be run in the context of the S3/CDN domain, with no site credentials. Versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 fix the issue. As a workaround, disallow html or xml files for uploads in authorized_extensions. For existing html xml uploads, site owners can consider deleting them.
Source : NVD
## 6.1
Score
Published January 28, 2026
Severity MEDIUM
CNA Score 4.6
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Da
Wiz
CVE-2025-14322 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.0
CVE-2025-14322 [HIGH] CVE-2025-14322 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14322 :
NixOS vulnerability analysis and mitigation
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
Source : NVD
## 8
Score
Published December 9, 2025
Severity HIGH
CNA Score 8.0
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaFirefox-translations-common
MozillaFirefox-translations-other
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Dec 12, 2025
AlmaLinux 9 Severity HI
Wiz
CVE-2026-20429 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.4
CVE-2026-20429 [MEDIUM] CVE-2026-20429 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20429 :
NixOS vulnerability analysis and mitigation
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5535.
Source : NVD
## 4.4
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 4.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 03, 2026
## Get a CVE risk assessment
Get a
Wiz
CVE-2026-27493 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.5
CVE-2026-27493 [CRITICAL] CVE-2026-27493 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27493 :
NixOS vulnerability analysis and mitigation
=
=
n8n-nodes-base.form
NODES_EXCLUDE
n8n-nodes-base.formTrigger
NODES_EXCLUDE
Source : NVD
## 9.5
Score
Published February 25, 2026
Severity CRITICAL
CNA Score 9.5
Affected Technologies
NixOS
n8n
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 48.8
Exploitation Probability (EPSS) 0.3
Affected packages and libraries
n8n
Sources
NVD
npm Severity CRITICAL Has Fix Added at: Mar 02, 2026
Nix Severity CRITICAL Has Fix Added at: Mar 09, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities
Wiz
CVE-2025-15411 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2025-15411 [MEDIUM] CVE-2025-15411 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15411 :
NixOS vulnerability analysis and mitigation
A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.
Source : NVD
## 4.8
Score
Published January 1, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA
Wiz
CVE-2026-27951 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-27951 [MEDIUM] CVE-2026-27951 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27951 :
NixOS vulnerability analysis and mitigation
Stream_EnsureCapacity
FreeRDP
>= SIZE_MAX
Source : NVD
## 7.5
Score
Published February 25, 2026
Severity HIGH
CNA Score 5.3
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
freerdp3
freerdp-libs
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22 Severity HIGH No Fix Added at: Mar 02, 2026
Chainguard Has Fix Added at: Mar 02, 2026
Debian 11 Severity HIGH No Fix Added at: Mar 02, 2026
Debian 12, 13 Severity MEDIUM No Fix Added at: Mar 02, 2026
Debian 14 Severity
Wiz
CVE-2025-48644 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-48644 [MEDIUM] CVE-2025-48644 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48644 :
NixOS vulnerability analysis and mitigation
In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 5.5
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so
Wiz
CVE-2025-34449 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2025-34449 [MEDIUM] CVE-2025-34449 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-34449 :
NixOS vulnerability analysis and mitigation
Genymobile/scrcpy versions up to and including 3.3.3, prior to commit 3e40b24, contain a buffer overflow vulnerability in the sc_device_msg_deserialize() function. A compromised device can send crafted messages that cause out-of-bounds reads, which may result in memory corruption or a denial-of-service condition. This vulnerability may allow further exploitation on the host system.
Source : NVD
## 6.9
Score
Published December 18, 2025
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20.1
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
Wiz
CVE-2026-4699 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4699 [HIGH] CVE-2026-4699 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4699 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 7.5
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
MozillaFirefox-branding-upstream
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Adde
Wiz
CVE-2026-20970 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2026-20970 [MEDIUM] CVE-2026-20970 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20970 :
NixOS vulnerability analysis and mitigation
Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs.
Source : NVD
## 6.8
Score
Published January 9, 2026
Severity MEDIUM
CNA Score 6.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Jan 19, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Scor
Wiz
CVE-2026-0915 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-0915 [HIGH] CVE-2026-0915 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0915 :
NixOS vulnerability analysis and mitigation
Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.
Source : NVD
## 7.5
Score
Published January 15, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
glibc-langpack-cs
glibc-langpack-raj
Sources
NVD
AlmaLinux 8 Severity MEDIUM Has Fix Added at: Mar 20, 2026
AlmaL
Wiz
CVE-2025-65783 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-65783 [CRITICAL] CVE-2025-65783 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-65783 :
NixOS vulnerability analysis and mitigation
An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.
Source : NVD
## 9.8
Score
Published January 13, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 25.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
hub
Sources
NVD
Homebrew Severity CRITICAL No Fix Added at: Feb 08, 2026
Nix Severity CRITICAL No Fix Added at: Feb 08, 2026
## Get a CVE risk assessment
Get a prioritiz
Wiz
CVE-2026-33215 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33215 [MEDIUM] CVE-2026-33215 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33215 :
NixOS vulnerability analysis and mitigation
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issue. No known workarounds are available.
Source : NVD
## 6.5
Score
Published March 24, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
nats
nats-server-fips
Sources
NVD
Chainguard Has Fix
Wiz
CVE-2026-0047 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2026-0047 [HIGH] CVE-2026-0047 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0047 :
NixOS vulnerability analysis and mitigation
In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 8.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Wiz
CVE-2026-23896 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.2
CVE-2026-23896 [HIGH] CVE-2026-23896 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23896 :
NixOS vulnerability analysis and mitigation
immich is a high performance self-hosted photo and video management solution. Prior to version 2.5.0, API keys can escalate their own permissions by calling the update endpoint, allowing a low-privilege API key to grant itself full administrative access to the system. Version 2.5.0 fixes the issue.
Source : NVD
## 8.8
Score
Published January 29, 2026
Severity HIGH
CNA Score 7.2
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
immich
Sources
NVD
Nix Severity HIGH Has Fix Added at: Mar 10, 2026
## Get a CVE risk asses
Wiz
CVE-2026-33663 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33663 [MEDIUM] CVE-2026-33663 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33663 :
NixOS vulnerability analysis and mitigation
global:member
httpBasicAuth
httpHeaderAuth
httpQueryAuth
slackApi
openAiApi
postgres
httpBasicAuth
httpHeaderAuth
httpQueryAuth
Source : NVD
## 8.5
Score
Published March 25, 2026
Severity HIGH
CNA Score 8.5
Affected Technologies
NixOS
n8n
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
n8n
Sources
NVD
npm Severity HIGH Has Fix Added at: Mar 26, 2026
Nix Severity MEDIUM Has Fix Added at: Apr 05, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's list
Wiz
CVE-2026-31963 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-31963 [HIGH] CVE-2026-31963 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31963 :
NixOS vulnerability analysis and mitigation
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it stores a location in an external reference sequence along with a list of differences to the reference at that location as a sequence of "features". When decoding these features, an out-by-one error in a test for CRAM features that appear beyond the extent of the CRAM record sequence could result in an invalid write of one attacker-controlled byte beyond the end of a heap buffer. Exploiting this bug causes a heap buffer overflow. If a
Wiz
CVE-2025-69194 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-69194 [HIGH] CVE-2025-69194 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69194 :
NixOS vulnerability analysis and mitigation
A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially allow further compromise of the user’s environment.
Source : NVD
## 9.8
Score
Published January 9, 2026
Severity CRITICAL
CNA Score 8.8
Affected Technologies
NixOS
CBL Mariner
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
wget2-libs-debuginfo
wget2-debug
Wiz
CVE-2025-33246 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-33246 [HIGH] CVE-2025-33246 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-33246 :
NixOS vulnerability analysis and mitigation
NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, or information disclosure.
Source : NVD
## 7.8
Score
Published February 18, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
nemo
Sources
NVD
Nix Severity HIGH Has Fix Added at: F
Wiz
CVE-2026-4713 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4713 [HIGH] CVE-2026-4713 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4713 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 7.5
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaFirefox-translations-common
firefox
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix Added at: Mar 29, 2026
Debian
Wiz
CVE-2026-28799 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-28799 [HIGH] CVE-2026-28799 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28799 :
NixOS vulnerability analysis and mitigation
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) that is triggered during presence unsubscription (SUBSCRIBE with Expires=0). This issue has been patched in version 2.17.
Source : NVD
## 8.7
Score
Published March 6, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
pjsip
pjproject
Sources
NVD
Nix Severity HIGH Has Fix Added at: M
Wiz
CVE-2025-68945 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.8
CVE-2025-68945 [MEDIUM] CVE-2025-68945 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68945 :
NixOS vulnerability analysis and mitigation
In Gitea before 1.21.2, an anonymous user can visit a private user's project.
Source : NVD
## 5.3
Score
Published December 26, 2025
Severity MEDIUM
CNA Score 5.8
Affected Technologies
NixOS
Gitea
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gitea
code.gitea.io/gitea
Sources
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18 Severity MEDIUM No Fix Added at: Jan 01, 2026
Chainguard Has Fix Added at: Dec 28, 2025
GoLang Severity MEDIUM Has Fix Added at: Dec 28, 2025
Homebrew Severity MEDIUM Has Fix Added at: Jan 01, 2026
Nix Severit
Wiz
CVE-2026-33660 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33660 [MEDIUM] CVE-2026-33660 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33660 :
NixOS vulnerability analysis and mitigation
n8n-nodes-base.merge
NODES_EXCLUDE
Source : NVD
## 9.4
Score
Published March 25, 2026
Severity CRITICAL
CNA Score 9.4
Affected Technologies
NixOS
n8n
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
n8n
Sources
NVD
npm Severity CRITICAL Has Fix Added at: Mar 26, 2026
Nix Severity HIGH Has Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component nam
Wiz
CVE-2025-13281 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.8
CVE-2025-13281 [MEDIUM] CVE-2025-13281 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-13281 :
NixOS vulnerability analysis and mitigation
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
Source : NVD
## 5.8
Score
Published December 14, 2025
Severity MEDIUM
CNA Score 5.8
Affected Technologies
NixOS
Kubernetes (Worker Node) - Workload Scan
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
blob-csi-fips-1.24
longhorn-m
Wiz
CVE-2026-23884 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2026-23884 [HIGH] CVE-2026-23884 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23884 :
NixOS vulnerability analysis and mitigation
gdi->drawing
Source : NVD
## 7.7
Score
Published January 19, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 39.2
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
freerdp-debugsource
freerdp2
Sources
NVD
AlmaLinux 8 Severity HIGH Has Fix Added at: Feb 08, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Feb 11, 2026
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23 Severity CRITICAL Has Fix Added at: Jan 29, 2026
Alpine edge Severity CRITICAL Has Fix Added at: Jan 26, 2026
Chaingu
Wiz
CVE-2025-20802 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2025-20802 [MEDIUM] CVE-2025-20802 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20802 :
NixOS vulnerability analysis and mitigation
In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10238968; Issue ID: MSV-4914.
Source : NVD
## 6.7
Score
Published January 6, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a prio
Wiz
CVE-2026-33217 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33217 [MEDIUM] CVE-2026-33217 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33217 :
NixOS vulnerability analysis and mitigation
$MQTT.>
Source : NVD
## 6.5
Score
Published March 25, 2026
Severity MEDIUM
CNA Score 7.1
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
nats
nats-server-fips
Sources
NVD
Chainguard Has Fix Added at: Mar 26, 2026
Debian 12, 13 Severity MEDIUM No Fix Added at: Mar 29, 2026
Debian 14 Severity MEDIUM Has Fix Added at: Mar 29, 2026
Echo Severity MEDIUM No Fix Added at: Mar 29, 2026
GoLang Severity HIGH Has Fix Added at: Mar 25, 2026
Homebrew Severity MEDIUM Has Fix Added at: Mar 29, 2026
MinimOS Severity MEDI
Wiz
CVE-2026-24677 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-24677 [HIGH] CVE-2026-24677 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24677 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecam_encoder_compress_h264 trusts server-controlled dimensions and does not validate the source buffer size, leading to an out-of-bounds read in sws_scale. This vulnerability is fixed in 3.22.0.
Source : NVD
## 8.7
Score
Published February 9, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libwinpr-devel
freerdp-plugins
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19,
Wiz
CVE-2025-15278 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-15278 [HIGH] CVE-2025-15278 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15278 :
NixOS vulnerability analysis and mitigation
FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of pixels within XBM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27865.
Source : NVD
## 7.8
Score
Published December 31, 2025
Severity
Wiz
CVE-2026-2240 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-2240 [MEDIUM] CVE-2026-2240 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2240 :
NixOS vulnerability analysis and mitigation
A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is 4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5. A patch should be applied to remediate this issue.
Source : NVD
## 4.8
Score
Published February 9, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.1
Exploitation Probability (EPSS) N/A
Wiz
CVE-2025-34450 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2025-34450 [MEDIUM] CVE-2025-34450 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-34450 :
NixOS vulnerability analysis and mitigation
merbanan/rtl_433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parse_rfraw() located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a stack buffer, resulting in memory corruption or a crash. This vulnerability can be exploited to cause a denial of service and, under certain conditions, may be leveraged for further exploitation depending on the execution environment and available mitigations.
Source : NVD
## 6.9
Score
Published December 18, 2025
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Expl
Wiz
CVE-2026-31885 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-31885 [MEDIUM] CVE-2026-31885 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31885 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and step_index values from input data. This vulnerability is fixed in 3.24.0.
Source : NVD
## 9.4
Score
Published March 13, 2026
Severity CRITICAL
CNA Score 6.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libwinpr-debuginfo
freerdp3
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22 Severity
Wiz
CVE-2026-24869 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-24869 [HIGH] CVE-2026-24869 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24869 :
NixOS vulnerability analysis and mitigation
Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability affects Firefox < 147.0.2.
Source : NVD
## 8.8
Score
Published January 27, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:mozilla:firefox
firefox
Sources
Alpine 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23, edge Severity HIGH No Fix Added at: Jan 30, 2026
Homebrew Severity HIGH Has Fix Added at: Feb 02, 2026
Nix Severity HIGH Has Fix Added at: Feb 0
Wiz
CVE-2025-68662 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.6
CVE-2025-68662 [HIGH] CVE-2025-68662 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68662 :
NixOS vulnerability analysis and mitigation
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds are available.
Source : NVD
## 9.9
Score
Published January 28, 2026
Severity CRITICAL
CNA Score 7.6
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discourse
So
Wiz
CVE-2026-22858 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.6
CVE-2026-22858 [MEDIUM] CVE-2026-22858 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22858 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypass the intended range restriction and be used as an index into a global lookup table, causing out-of-bounds access. This vulnerability is fixed in 3.20.1.
Source : NVD
## 5.6
Score
Published January 14, 2026
Severity MEDIUM
CNA Score 5.6
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit Yes
Has CISA KEV Exploit
Wiz
CVE-2026-24881 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2026-24881 [HIGH] CVE-2026-24881 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24881 :
NixOS vulnerability analysis and mitigation
In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.
Source : NVD
## 9.8
Score
Published January 27, 2026
Severity CRITICAL
CNA Score 8.1
Affected Technologies
NixOS
GNU Privacy Guard
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 42.6
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
cpe:2.3:a:gpg4win:gpg4win
gnupg
Sourc
Wiz
CVE-2026-2038 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2038 [CRITICAL] CVE-2026-2038 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2038 :
NixOS vulnerability analysis and mitigation
GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of the MArc.Core.Remoting.exe process, which listens on port 8017. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-27934.
Source : NVD
## 9.8
Score
Published February 20, 2026
Severity CRITICAL
CNA Score 7.3
Affected Technologies
NixOS
Homebrew
Ha
Wiz
CVE-2025-20781 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-20781 [HIGH] CVE-2025-20781 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20781 :
NixOS vulnerability analysis and mitigation
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4699.
Source : NVD
## 7.8
Score
Published January 6, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a prioritize
Wiz
CVE-2026-21858 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 10.0
CVE-2026-21858 [CRITICAL] CVE-2026-21858 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21858 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.
Source : NVD
## 10
Score
Published January 8, 2026
Severity CRITICAL
CNA Score 10.0
High-profile Vulnerability Yes
Affected Technologies
NixOS
n8n
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KE
Wiz
CVE-2026-33205 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33205 [MEDIUM] CVE-2026-33205 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33205 :
NixOS vulnerability analysis and mitigation
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitrary URLs and exfiltrate information out from the ebook sandbox. Version 9.6.0 patches the issue.
Source : NVD
## 4.8
Score
Published March 27, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.2
Exploitation Probability (EPSS) N/A
Affected packages and libra
Wiz
CVE-2026-27498 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.0
CVE-2026-27498 [CRITICAL] CVE-2026-27498 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27498 :
NixOS vulnerability analysis and mitigation
n8n-nodes-base.readWriteFile
NODES_EXCLUDE
Source : NVD
## 9
Score
Published February 25, 2026
Severity CRITICAL
CNA Score 9.0
Affected Technologies
NixOS
n8n
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 66.4
Exploitation Probability (EPSS) 0.5
Affected packages and libraries
n8n
Sources
NVD
npm Severity CRITICAL Has Fix Added at: Mar 02, 2026
Nix Severity HIGH Has Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Com
Wiz
CVE-2025-14332 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.3
CVE-2025-14332 [HIGH] CVE-2025-14332 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14332 :
NixOS vulnerability analysis and mitigation
Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146 and Thunderbird < 146.
Source : NVD
## 7.3
Score
Published December 9, 2025
Severity HIGH
CNA Score 7.3
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.9
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:mozilla:firefox
cpe:2.3:a:mozilla:thunderbird
Sources
Homebrew Severity HIGH Has F
Wiz
CVE-2025-14928 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-14928 [HIGH] CVE-2025-14928 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14928 :
NixOS vulnerability analysis and mitigation
Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint.
The specific flaw exists within the convert_config function. The issue results from the lack of proper validation of a user-supplied string before using it to execute Python code. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28253.
Source : NVD
## 7.8
Score
Published December 23, 2025
Severity HIGH
CNA Score 7.8
Affecte
Wiz
CVE-2026-20428 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2026-20428 [MEDIUM] CVE-2026-20428 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20428 :
NixOS vulnerability analysis and mitigation
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5536.
Source : NVD
## 6.7
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get
Wiz
CVE-2026-29075 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.3
CVE-2026-29075 [HIGH] CVE-2026-29075 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-29075 :
NixOS vulnerability analysis and mitigation
Mesa is an open-source Python library for agent-based modeling, simulating complex systems and exploring emergent behaviors. In version 3.5.0 and prior, checking out of untrusted code in benchmarks.yml workflow may lead to code execution in privileged runner. This issue has been patched via commit c35b8cd.
Source : NVD
## 9.8
Score
Published March 6, 2026
Severity CRITICAL
CNA Score 8.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 32.2
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
mesa
Sources
NVD
Homebrew Severity CRITICAL No Fix Added at: Mar 12, 2026
Wiz
CVE-2026-27468 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-27468 [MEDIUM] CVE-2026-27468 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27468 :
NixOS vulnerability analysis and mitigation
EXPERIMENTAL_FEATURES
fasp
fasp
fasp
Source : NVD
## 4.8
Score
Published February 24, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Mastodon
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
mastodon
cpe:2.3:a:joinmastodon:mastodon
Sources
Nix Severity HIGH Has Fix Added at: Mar 03, 2026
Linux Severity HIGH Has Fix Added at: Mar 02, 2026
Linux Severity HIGH Has Fix Added at: Mar 03, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's liste
Wiz
CVE-2026-2921 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-2921 [HIGH] CVE-2026-2921 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2921 :
NixOS vulnerability analysis and mitigation
GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the handling of palette data in AVI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28854.
Source : NVD
## 7.8
Score
Published March 16, 2026
Severity HIGH
CNA Sco
Wiz
CVE-2026-33987 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33987 [MEDIUM] CVE-2026-33987 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33987 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in libfreerdp/cache/persistent.c, persistent->bmpSize is updated before winpr_aligned_recalloc(). If realloc fails, bmpSize is inflated while bmpData points to the old buffer. This issue has been patched in version 3.24.2.
Source : NVD
## 6.6
Score
Published March 30, 2026
Severity MEDIUM
CNA Score 7.1
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
freerdp-server-debuginfo
libwinpr
Source
Wiz
CVE-2025-61147 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.2
CVE-2025-61147 [MEDIUM] CVE-2025-61147 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61147 :
NixOS vulnerability analysis and mitigation
strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table().
Source : NVD
## 6.2
Score
Published February 23, 2026
Severity MEDIUM
CNA Score 6.2
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libde265-devel
libde265
Sources
NVD
Debian 11, 12, 13 Severity LOW No Fix Added at: Feb 24, 2026
Debian 14 Severity LOW Has Fix Added at: Feb 24, 2026
Echo Severity MEDIUM Has Fix Added at: Feb 24, 2026
Homebrew Severity MEDIUM Has Fi
Wiz
CVE-2025-57784 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.3
CVE-2025-57784 [LOW] CVE-2025-57784 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-57784 :
NixOS vulnerability analysis and mitigation
strcmp
Source : NVD
## 3.3
Score
Published January 26, 2026
Severity LOW
CNA Score 4.0
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
hiawatha
Sources
NVD
Nix Severity LOW No Fix Added at: Feb 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published date
CVE-2026-4370
CRITICAL
10
NixOS
juju
N
Wiz
CVE-2025-61643 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.7
CVE-2025-61643 [LOW] CVE-2025-61643 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61643 :
NixOS vulnerability analysis and mitigation
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
Source : NVD
## 2.7
Score
Published February 3, 2026
Severity LOW
CNA Score 2.7
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM Has Fix Added at: Oct 03, 2025
Echo Severity MEDIUM Has Fix Added at: Nov 18, 2025
Nix Severit
Wiz
CVE-2025-20783 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2025-20783 [MEDIUM] CVE-2025-20783 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20783 :
NixOS vulnerability analysis and mitigation
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4684.
Source : NVD
## 6.7
Score
Published January 6, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Ge
Wiz
CVE-2026-25052 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.4
CVE-2026-25052 [CRITICAL] CVE-2026-25052 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25052 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical configuration data and user credentials, leading to complete account takeover of any user on the instance. This issue has been patched in versions 1.123.18 and 2.5.0.
Source : NVD
## 9.4
Score
Published February 4, 2026
Severity CRITICAL
CNA Score 9.4
Affected Technologies
NixOS
n8n
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS)
Wiz
CVE-2026-29774 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-29774 [MEDIUM] CVE-2026-29774 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-29774 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap buffer overflow occurs in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path due to missing horizontal bounds validation of H.264 metablock regionRects coordinates. In yuv.c, the clamp() function (line 347) only validates top/bottom against the surface/YUV height, but never checks left/right against the surface width. When avc420_yuv_to_rgb (line 67) computes destination and source pointers using rect->left, it performs unchecked pointer arithmetic that can reach far beyond the allocated surface buffer. A malicious server sends a WIRE_TO_SURFACE_PDU_1 with AVC420 codec containing a regionRects entry where left grea
Wiz
CVE-2026-2807 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2807 [CRITICAL] CVE-2026-2807 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2807 :
NixOS vulnerability analysis and mitigation
Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148 and Thunderbird < 148.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:mozilla:thunderbird
firefox
Sources
Homebrew Severity CRITICAL Has Fix Added at:
Wiz
CVE-2026-2772 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2772 [CRITICAL] CVE-2026-2772 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2772 :
NixOS vulnerability analysis and mitigation
Use-after-free in the Audio/Video: Playback component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
firefox-debuginfo
firefox
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13, 14 Severity CRITICAL
Wiz
CVE-2026-26004 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.7
CVE-2026-26004 [MEDIUM] CVE-2026-26004 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26004 :
NixOS vulnerability analysis and mitigation
Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference (IDOR) vulnerability in Sentry's GroupEventJsonView endpoint. Version 26.1.0 patches the issue.
Source : NVD
## 5.7
Score
Published March 18, 2026
Severity MEDIUM
CNA Score 5.7
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
sentry
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Mar 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in y
Wiz
CVE-2025-70298 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2025-70298 [HIGH] CVE-2025-70298 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-70298 :
NixOS vulnerability analysis and mitigation
GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function.
Source : NVD
## 8.2
Score
Published January 15, 2026
Severity HIGH
CNA Score 8.2
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gpac
Sources
NVD
Debian 11 Severity HIGH No Fix Added at: Jan 18, 2026
Homebrew Severity HIGH No Fix Added at: Jan 26, 2026
Nix Severity HIGH No Fix Added at: Jan 26, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitabl
Wiz
CVE-2026-30795 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-30795 [HIGH] CVE-2026-30795 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30795 :
NixOS vulnerability analysis and mitigation
Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop modules) allows Sniffing Attacks. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines Heartbeat JSON payload construction (preset-address-book-password).
This issue affects RustDesk Client: through 1.4.5.
Source : NVD
## 8.7
Score
Published March 5, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.7
Exploitation Probability (EPSS) N/A
A
Wiz
CVE-2026-25122 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-25122 [MEDIUM] CVE-2026-25122 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25122 :
NixOS vulnerability analysis and mitigation
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copy(io.Discard, gzi) without explicit bounds. With an attacker-controlled input stream, this can force large gzip inflation work and lead to resource exhaustion (availability impact). The Split function reads the first tar header, then drains the remainder of the gzip stream by reading from the gzip reader directly without any maximum uncompressed byte limit or inflate-ratio cap. A caller that parses attacker-controlled APK streams may be forced to spend excessive CPU time inflating gzip data, leading to timeouts or process slowdown. T
Wiz
CVE-2026-26955 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-26955 [HIGH] CVE-2026-26955 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26955 :
NixOS vulnerability analysis and mitigation
xfreerdp
gdi_SurfaceCommand_ClearCodec()
is_within_surface()
cmd->left
cmd->top
surface->data
gdiGfxSurface
codecs*
codecs*
NSC_CONTEXT.decode
nsc.c:500
Source : NVD
## 8.8
Score
Published February 25, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Alma Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libfreerdp2-2
libwinpr-debuginfo
Sources
NVD
AlmaLinux 8 Severity HIGH Has Fix Added at: Apr 05, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Apr 02, 2026
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17,
Wiz
CVE-2026-25056 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.4
CVE-2026-25056 [CRITICAL] CVE-2026-25056 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25056 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remote code execution. This issue has been patched in versions 1.118.0 and 2.4.0.
Source : NVD
## 9.4
Score
Published February 4, 2026
Severity CRITICAL
CNA Score 9.4
Affected Technologies
NixOS
n8n
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 37.6
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
n8n
Sources
Wiz
CVE-2026-2805 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2805 [CRITICAL] CVE-2026-2805 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2805 :
NixOS vulnerability analysis and mitigation
Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
thunderbird
cpe:2.3:a:mozilla:firefox
Sources
Homebrew Severity CRITICAL Has Fix Added at: Mar 03, 2026
Nix Severity CRITICAL Has Fix Added at: Mar 03, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added at: Mar 02, 2026
Linux Severity CRITICAL Has Fix Added at
Wiz
CVE-2026-1172 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-1172 [MEDIUM] CVE-2026-1172 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1172 :
NixOS vulnerability analysis and mitigation
A vulnerability has been found in birkir prime up to 0.4.0.beta.0. The affected element is an unknown function of the file /graphql of the component GraphQL Directive Handler. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Source : NVD
## 5.5
Score
Published January 19, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 32.9
Exploitation Probability (EPSS) 0.1
A
Wiz
CVE-2026-23732 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-23732 [MEDIUM] CVE-2026-23732 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23732 :
NixOS vulnerability analysis and mitigation
cbData
cx/cy
Source : NVD
## 5.5
Score
Published January 19, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Alma Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 32.9
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
winpr-devel
freerdp-proxy-plugins
Sources
NVD
AlmaLinux 9 Severity HIGH Has Fix Added at: Apr 02, 2026
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23 Severity HIGH Has Fix Added at: Jan 29, 2026
Alpine edge Severity HIGH Has Fix Added at: Jan 26, 2026
Chainguard Has Fix Added at: Jan 21, 2026
Debian 11 Severity HIGH
Wiz
CVE-2026-4371 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4371 [HIGH] CVE-2026-4371 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4371 :
NixOS vulnerability analysis and mitigation
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9.
Source : NVD
## 7.4
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.4
Affected Technologies
NixOS
Mozilla Thunderbird
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
Mo
Wiz
CVE-2026-22213 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.4
CVE-2026-22213 [LOW] CVE-2026-22213 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22213 :
NixOS vulnerability analysis and mitigation
RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the devopen() function, which constructs a device path using unbounded user-controlled input. The utility uses strcpy() and strcat() to concatenate the fixed prefix '/dev/' with a user-supplied device name provided via the -s command-line option without bounds checking. This allows an attacker to supply an excessively long device name and overflow a fixed-size stack buffer, leading to process crashes and memory corruption.
Source : NVD
## 2.4
Score
Published January 12, 2026
Severity LOW
CNA Score 2.4
Affected Technologies
N
Wiz
CVE-2025-70303 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-70303 [MEDIUM] CVE-2025-70303 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-70303 :
NixOS vulnerability analysis and mitigation
A heap overflow in the uncv_parse_config() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
Source : NVD
## 5.5
Score
Published January 15, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gpac
Sources
NVD
Debian 11 Severity MEDIUM No Fix Added at: Jan 18, 2026
Homebrew Severity MEDIUM No Fix Added at: Jan 26, 2026
Nix Severity MEDIUM No Fix Added at: Jan 26, 2026
## Get a CVE risk assessment
Get a prioritized view of
Wiz
CVE-2026-25631 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-25631 [MEDIUM] CVE-2026-25631 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25631 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This only might affect user who have credentials that use wildcard domain patterns (e.g., *.example.com) in the "Allowed domains" setting. This issue is fixed in version 1.121.0 and later.
Source : NVD
## 5.3
Score
Published February 6, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
n8n
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Perce
Wiz
CVE-2026-33411 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33411 [MEDIUM] CVE-2026-33411 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33411 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a potential stored XSS in topic titles for the solved posts stream. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks.
Source : NVD
## 5.4
Score
Published March 20, 2026
Severity MEDIUM
CNA Score 5.4
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected pack
Wiz
CVE-2025-14422 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-14422 [HIGH] CVE-2025-14422 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14422 :
NixOS vulnerability analysis and mitigation
GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PNM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28273.
Source : NVD
## 7.8
Score
Published December 23, 2025
Severity HIGH
CNA Score 7.8
Affected T
Wiz
CVE-2025-68668 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2025-68668 [CRITICAL] CVE-2025-68668 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68668 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process. This issue has been patched in version 2.0.0. Workarounds for this issue involve disabling the Code Node by setting the environment variable NODES_EXCLUDE: "["n8n-nodes-base.code"]", disabling Python support in the Code node by setting the environment variable N8N_PYTHON_ENABLED=false, which was introduced in n8n version 1.104.0, and configuring n8n to use
Wiz
CVE-2026-2790 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2790 [CRITICAL] CVE-2026-2790 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2790 :
NixOS vulnerability analysis and mitigation
Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaFirefox
MozillaFirefox-devel
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13, 14 Severity CRITICAL Has Fix
Wiz
CVE-2026-30793 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-30793 [CRITICAL] CVE-2026-30793 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30793 :
NixOS vulnerability analysis and mitigation
Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, FFI bridge modules) allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart, src/flutter_ffi.Rs and program routines URI handler for rustdesk://password/, bind.MainSetPermanentPassword().
This issue affects RustDesk Client: through 1.4.5.
Source : NVD
## 9.3
Score
Published March 5, 2026
Severity CRITICAL
CNA Score 9.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8
Ex
Wiz
CVE-2026-27800 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.4
CVE-2026-27800 [HIGH] CVE-2026-27800 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27800 :
NixOS vulnerability analysis and mitigation
extract_zip()
crates/util/src/archive.rs
../
Source : NVD
## 7.4
Score
Published February 26, 2026
Severity HIGH
CNA Score 7.4
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
zed
Sources
NVD
Chainguard Has Fix Added at: Mar 02, 2026
Homebrew Severity HIGH Has Fix Added at: Mar 04, 2026
Nix Severity HIGH Has Fix Added at: Mar 04, 2026
Wolfi Has Fix Added at: Mar 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed
Wiz
CVE-2026-27111 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-27111 [MEDIUM] CVE-2026-27111 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27111 :
NixOS vulnerability analysis and mitigation
Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the ability to manage promotion-related resources from the ability to trigger promotions, enabling fine-grained access control over what is often a sensitive operation. The promote verb is correctly enforced in Kargo's legacy gRPC API. However, three endpoints in the newer REST API omit this check, relying only on standard Kubernetes RBAC for the underlying resource operations (patch on freights/status or create on promotions). This permits u
Wiz
CVE-2026-27740 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-27740 [MEDIUM] CVE-2026-27740 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27740 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw output from an AI Large Language Model (LLM) and renders it using htmlSafe in the Review Queue interface without adequate sanitization. A malicious attacker can use valid Prompt Injection techniques to force the AI to return a malicious payload (e.g., tags). When a Staff member (Admin/Moderator) views the flagged post in the Review Queue, the payload executes. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, temporarily disable AI triage automation scripts.
Source : NVD
## 5.1
Score
Publish
Wiz
CVE-2026-32229 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32229 [MEDIUM] CVE-2026-32229 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32229 :
NixOS vulnerability analysis and mitigation
In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled
Source : NVD
## 6.8
Score
Published March 11, 2026
Severity MEDIUM
CNA Score 6.8
Affected Technologies
NixOS
JetBrains Hub
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
hub
cpe:2.3:a:jetbrains:hub
Sources
Homebrew Severity MEDIUM Has Fix Added at: Apr 05, 2026
Nix Severity MEDIUM Has Fix Added at: Apr 05, 2026
Windows Severity MEDIUM Has Fix Added at: Mar 19, 2026
Windows Severity MEDIUM Has Fix Added at: Apr 05, 2026
## Get a CVE risk a
Wiz
CVE-2026-22855 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.6
CVE-2026-22855 [MEDIUM] CVE-2026-22855 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22855 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1.
Source : NVD
## 5.6
Score
Published January 14, 2026
Severity MEDIUM
CNA Score 5.6
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 24.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
freerdp-server-debuginfo
freerdp
Sources
NVD
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 02, 2026
AlmaLinux 9 Severity HIGH Ha
Wiz
CVE-2026-22693 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-22693 [MEDIUM] CVE-2026-22693 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22693 :
NixOS vulnerability analysis and mitigation
HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to allocate memory (which can occur in low-memory conditions or when using custom allocators that simulate allocation failures), it returns NULL. The code then attempts to call the constructor on this null pointer using placement new syntax, resulting in undefined behavior and a Segmentation Fault. This issue has been patched in version 12.3.0.
Source : NVD
## 5.3
Score
Publish
Wiz
CVE-2026-0013 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2026-0013 [HIGH] CVE-2026-0013 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0013 :
NixOS vulnerability analysis and mitigation
In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 8.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view
Wiz
CVE-2026-31968 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-31968 [HIGH] CVE-2026-31968 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31968 :
NixOS vulnerability analysis and mitigation
VARINT
CONST
Source : NVD
## 8.8
Score
Published March 18, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
htslib
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Mar 19, 2026
Echo Severity HIGH No Fix Added at: Mar 19, 2026
Homebrew Severity HIGH Has Fix Added at: Mar 20, 2026
Nix Severity HIGH Has Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's
Wiz
CVE-2026-4689 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 10.0
CVE-2026-4689 [CRITICAL] CVE-2026-4689 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4689 :
NixOS vulnerability analysis and mitigation
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 10
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 10.0
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaFirefox
MozillaFirefox-translations-other
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added
Wiz
CVE-2026-21893 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.4
CVE-2026-21893 [CRITICAL] CVE-2026-21893 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21893 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system commands on the n8n host under specific conditions. This issue has been patched in version 1.120.3.
Source : NVD
## 9.4
Score
Published February 4, 2026
Severity CRITICAL
CNA Score 9.4
Affected Technologies
NixOS
n8n
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 48.7
Exploitation Probability (EPSS) 0.3
Affected packages and libra
Wiz
CVE-2026-23531 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2026-23531 [HIGH] CVE-2026-23531 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23531 :
NixOS vulnerability analysis and mitigation
glyphData
clear_decompress
freerdp_image_copy_no_overlap
Source : NVD
## 7.7
Score
Published January 19, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 33.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
freerdp-server
libfreerdp2-2
Sources
NVD
AlmaLinux 8 Severity HIGH Has Fix Added at: Feb 08, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Feb 11, 2026
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23 Severity CRITICAL Has Fix Added at: Jan 29, 2026
Alpine edge Severity CR
Wiz
CVE-2026-29064 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2026-29064 [HIGH] CVE-2026-29064 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-29064 :
NixOS vulnerability analysis and mitigation
Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or write on the system processing the package. This issue has been patched in version 0.73.1.
Source : NVD
## 8.2
Score
Published March 6, 2026
Severity HIGH
CNA Score 8.2
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
github.com/zar
Wiz
CVE-2026-1386 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.0
CVE-2026-1386 [MEDIUM] CVE-2026-1386 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1386 :
NixOS vulnerability analysis and mitigation
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges.
To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Source : NVD
## 6
Score
Published January 23, 2026
Severity MEDIUM
CNA Score 6.0
Affected Technologies
NixOS
Linux Alpine
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.9
Exploitat
Wiz
CVE-2026-20435 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.6
CVE-2026-20435 [MEDIUM] CVE-2026-20435 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20435 :
NixOS vulnerability analysis and mitigation
In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS10607099; Issue ID: MSV-6118.
Source : NVD
## 4.6
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 4.6
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
zephyr
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: M
Wiz
CVE-2026-29976 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.2
CVE-2026-29976 [MEDIUM] CVE-2026-29976 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-29976 :
NixOS vulnerability analysis and mitigation
Buffer Overflow vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee308e allows a local attacker to obtain sensitive information via the getradiotapfield() function
Source : NVD
## 6.2
Score
Published March 26, 2026
Severity MEDIUM
CNA Score 6.2
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
hcxtools
Sources
NVD
Homebrew Severity MEDIUM No Fix Added at: Apr 05, 2026
Nix Severity MEDIUM No Fix Added at: Apr 05, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can f
Wiz
CVE-2026-26203 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-26203 [MEDIUM] CVE-2026-26203 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26203 :
NixOS vulnerability analysis and mitigation
PJSIP is a free and open source multimedia communication library. Versions prior to 2.17 have a critical heap buffer underflow vulnerability in PJSIP's H.264 packetizer. The bug occurs when processing malformed H.264 bitstreams without NAL unit start codes, where the packetizer performs unchecked pointer arithmetic that can read from memory located before the allocated buffer. Version 2.17 contains a patch for the issue.
Source : NVD
## 5.1
Score
Published February 19, 2026
Severity MEDIUM
CNA Score 5.1
Affected Technologies
NixOS
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.9
Exploitation Probability (
Wiz
CVE-2026-26123 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-26123 [MEDIUM] CVE-2026-26123 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26123 :
NixOS vulnerability analysis and mitigation
Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally.
Source : NVD
## 5.5
Score
Published March 10, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
authenticator
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Mar 16, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Wiz
CVE-2026-33069 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33069 [MEDIUM] CVE-2026-33069 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33069 :
NixOS vulnerability analysis and mitigation
PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsip_multipart_parse(). After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This allows 1-2 bytes of adjacent heap memory to be read. All applications that process incoming SIP messages with multipart bodies or SDP content are potentially affected. This issue is resolved in version 2.17.
Source : NVD
## 6.9
Score
Published March 20, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploita
Wiz
CVE-2025-14714 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 0.9
CVE-2025-14714 [LOW] CVE-2025-14714 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14714 :
NixOS vulnerability analysis and mitigation
An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle
By executing the bundled interpreter directly the attacker's scripts run with the application's TCC privileges
In fixed versions parent-constraints are used to allow only the main application to launch interpreter with those permissions
This issue affects LibreOffice on macOS: from 25.2 before < 25.2.4.
Source : NVD
## 0.9
Score
Published December 15, 2025
Severity LOW
CNA Score 0.9
Affected Technologies
NixOS
LibreOffice
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date
Wiz
CVE-2025-67713 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-67713 [MEDIUM] CVE-2025-67713 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67713 :
NixOS vulnerability analysis and mitigation
Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to attacker-controlled sites. This issue is fixed in version 2.2.15.
Source : NVD
## 5.3
Score
Published December 11, 2025
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
miniflux.app
miniflux
Sou
Wiz
CVE-2025-64012 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2025-64012 [MEDIUM] CVE-2025-64012 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-64012 :
NixOS vulnerability analysis and mitigation
InvoicePlane commit debb446c is vulnerable to Incorrect Access Control. The invoices/view handler fails to verify ownership before returning invoice data.
Source : NVD
## 4.3
Score
Published December 16, 2025
Severity MEDIUM
CNA Score 4.3
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
invoiceplane
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Dec 31, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS
Wiz
CVE-2026-0007 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2026-0007 [HIGH] CVE-2026-0007 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0007 :
NixOS vulnerability analysis and mitigation
In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 8.6
Score
Published March 2, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a priori
Wiz
CVE-2026-4721 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-4721 [CRITICAL] CVE-2026-4721 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4721 :
NixOS vulnerability analysis and mitigation
Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 9.8
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.2
Exploitation Probability (EPSS) N/A
A
Wiz
CVE-2025-14926 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-14926 [HIGH] CVE-2025-14926 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14926 :
NixOS vulnerability analysis and mitigation
Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint.
The specific flaw exists within the convert_config function. The issue results from the lack of proper validation of a user-supplied string before using it to execute Python code. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28251.
Source : NVD
## 7.8
Score
Published December 23, 2025
Severity HIGH
CNA Score 7.8
Affected T
Wiz
CVE-2026-20426 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2026-20426 [MEDIUM] CVE-2026-20426 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20426 :
NixOS vulnerability analysis and mitigation
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5538.
Source : NVD
## 6.7
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get
Wiz
CVE-2026-4709 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4709 [HIGH] CVE-2026-4709 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4709 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 7.5
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaFirefox-devel
MozillaThunderbird
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix Adde
Wiz
CVE-2025-15275 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-15275 [HIGH] CVE-2025-15275 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15275 :
NixOS vulnerability analysis and mitigation
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SFD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28543.
Source : NVD
## 8.8
Score
Published December 31, 2025
Severity HIGH
CNA Score 8.8
Affe
Wiz
CVE-2026-0890 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2026-0890 [MEDIUM] CVE-2026-0890 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0890 :
NixOS vulnerability analysis and mitigation
Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
Source : NVD
## 5.4
Score
Published January 13, 2026
Severity MEDIUM
CNA Score 5.4
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
rhel10::firefox-flatpak.src
rhel10::thunderbird-flatpak.src
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Feb 11, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Jan 20, 2026
Debian 11, 12, 13, 14
Wiz
CVE-2026-2779 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2779 [CRITICAL] CVE-2026-2779 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2779 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
MozillaFirefox-devel
firefox-esr
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13, 14 Severity CRITICAL Has Fix
Wiz
CVE-2026-33986 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33986 [MEDIUM] CVE-2026-33986 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33986 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuv_ensure_buffer() in libfreerdp/codec/h264.c, h264->width and h264->height are updated before the reallocation loop. If any winpr_aligned_recalloc() call fails, the function returns FALSE but width/height are already inflated. This issue has been patched in version 3.24.2.
Source : NVD
## 7.5
Score
Published March 30, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
freerdp-libs-debuginfo
Wiz
CVE-2026-1171 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-1171 [MEDIUM] CVE-2026-1171 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1171 :
NixOS vulnerability analysis and mitigation
A flaw has been found in birkir prime up to 0.4.0.beta.0. Impacted is an unknown function of the file /graphql of the component GraphQL Field Handler. Executing a manipulation can lead to denial of service. The attack may be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Source : NVD
## 5.5
Score
Published January 19, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 32.9
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
prime
Wiz
CVE-2026-29785 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-29785 [HIGH] CVE-2026-29785 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-29785 :
NixOS vulnerability analysis and mitigation
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled (not default), then anyone who can connect can crash the nats-server by triggering a panic. This happens pre-authentication and requires that compression be enabled (which it is, by default, when leafnodes are used). Versions 2.11.14 and 2.12.5 contain a fix. As a workaround, disable compression on the leafnode port.
Source : NVD
## 7.5
Score
Published March 25, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Wiz
CVE-2025-14924 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-14924 [HIGH] CVE-2025-14924 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14924 :
NixOS vulnerability analysis and mitigation
Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of checkpoints. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27984.
Source : NVD
## 7.8
Score
Published December 23, 2
Wiz
CVE-2025-61639 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.7
CVE-2025-61639 [LOW] CVE-2025-61639 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61639 :
NixOS vulnerability analysis and mitigation
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
Source : NVD
## 1.7
Score
Published February 3, 2026
Severity LOW
CNA Score 1.7
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Wiz
CVE-2026-0878 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.0
CVE-2026-0878 [HIGH] CVE-2026-0878 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0878 :
NixOS vulnerability analysis and mitigation
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
Source : NVD
## 8
Score
Published January 13, 2026
Severity HIGH
CNA Score 8.0
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mozilla:thunderbird
thunderbird
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Feb 11, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Jan 20, 2026
Debian 11, 12, 1
Wiz
CVE-2026-1416 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-1416 [MEDIUM] CVE-2026-1416 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1416 :
NixOS vulnerability analysis and mitigation
A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as d45c264c20addf0c1cc05124ede33f8ffa800e68. It is advisable to implement a patch to correct this issue.
Source : NVD
## 4.8
Score
Published January 26, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentil
Wiz
CVE-2025-15533 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2025-15533 [MEDIUM] CVE-2025-15533 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15533 :
NixOS vulnerability analysis and mitigation
A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called 5a3391fdce046bc5473e52afbd835dd2dc127146. Applying a patch is advised to resolve this issue.
Source : NVD
## 4.8
Score
Published January 18, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.1
Exploitation Probabi
Wiz
CVE-2026-34352 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-34352 [MEDIUM] CVE-2026-34352 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-34352 :
NixOS vulnerability analysis and mitigation
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.
Source : NVD
## 9.8
Score
Published March 26, 2026
Severity CRITICAL
CNA Score 8.5
Affected Technologies
NixOS
TigerVNC
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
tigervnc
tigervnc-icons
Sources
Debian 11, 12, 13, 14 Severity CRITICAL No Fix Added at: Mar 29, 2026
Echo Severity CRITICAL No Fix Added at: Mar 29, 2026
Homebrew Severity CRITICAL Has Fix Added at: A
Wiz
CVE-2025-15276 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-15276 [HIGH] CVE-2025-15276 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15276 :
NixOS vulnerability analysis and mitigation
FontForge SFD File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SFD files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28198.
Source : NVD
## 7.8
Score
Published December 31, 2025
Severity HIGH
CNA Score 7
Wiz
CVE-2026-26078 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-26078 [HIGH] CVE-2026-26078 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26078 :
NixOS vulnerability analysis and mitigation
patreon_webhook_secret
patreon_webhook_secret
Source : NVD
## 7.5
Score
Published February 26, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discourse
Sources
Nix Severity HIGH No Fix Added at: Mar 03, 2026
Linux Severity HIGH Has Fix Added at: Mar 02, 2026
Linux Severity HIGH Has Fix Added at: Mar 03, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's l
Wiz
CVE-2026-25594 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-25594 [MEDIUM] CVE-2026-25594 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25594 :
NixOS vulnerability analysis and mitigation
family_name
Source : NVD
## 4.8
Score
Published February 18, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
invoiceplane
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Feb 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published date
CVE-2026-4370
CRITICAL
Wiz
CVE-2025-58929 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2025-58929 [HIGH] CVE-2025-58929 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-58929 :
NixOS vulnerability analysis and mitigation
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Pantry pantry allows PHP Local File Inclusion.This issue affects Pantry: from n/a through <= 1.4.
Source : NVD
## 8.2
Score
Published December 18, 2025
Severity HIGH
CNA Score 8.2
Affected Technologies
NixOS
WordPress
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
pantry
Sources
NVD
Nix Severity HIGH No Fix Added at: Jan 06, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you
Wiz
CVE-2026-27496 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2026-27496 [HIGH] CVE-2026-27496 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27496 :
NixOS vulnerability analysis and mitigation
N8N_RUNNERS_ENABLED=true
N8N_RUNNERS_MODE=external
Source : NVD
## 7.1
Score
Published March 25, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
NixOS
n8n
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
n8n
Sources
NVD
npm Severity HIGH Has Fix Added at: Mar 26, 2026
Nix Severity MEDIUM Has Fix Added at: Mar 29, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Comp
Wiz
CVE-2025-14424 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-14424 [HIGH] CVE-2025-14424 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14424 :
NixOS vulnerability analysis and mitigation
GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XCF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28376.
Source : NVD
## 7.8
Score
Published December 23, 2025
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Rocky L
Wiz
CVE-2026-2792 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2792 [CRITICAL] CVE-2026-2792 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2792 :
NixOS vulnerability analysis and mitigation
Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
rhel10
Wiz
CVE-2025-56422 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-56422 [CRITICAL] CVE-2025-56422 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-56422 :
NixOS vulnerability analysis and mitigation
A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server.
Source : NVD
## 9.8
Score
Published March 10, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 39.1
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
limesurvey
Sources
NVD
Nix Severity CRITICAL No Fix Added at: Mar 22, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE
Wiz
CVE-2026-3083 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-3083 [HIGH] CVE-2026-3083 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3083 :
NixOS vulnerability analysis and mitigation
GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the processing of X-QDM RTP payload elements. When parsing the packetid element, the process does not properly validate user-supplied data, which can result in a write past the end of an allocated array. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28850.
Source : NVD
## 8.8
Score
Published March 16, 2026
Wiz
CVE-2026-33164 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33164 [MEDIUM] CVE-2026-33164 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33164 :
NixOS vulnerability analysis and mitigation
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in pic_parameter_set::set_derived_values(). This issue has been patched in version 1.0.17.
Source : NVD
## 8.7
Score
Published March 20, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
libde265
Sources
NVD
Debian 11, 12, 13 Severity HIGH No Fix Added at: Mar 21, 2026
Debian 14 Severity HIGH Has Fix Added at: Mar 21, 2026
Echo
Wiz
CVE-2026-33713 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33713 [MEDIUM] CVE-2026-33713 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33713 :
NixOS vulnerability analysis and mitigation
n8n-nodes-base.dataTable
NODES_EXCLUDE
orderByColumn
Source : NVD
## 8.7
Score
Published March 25, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
n8n
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
n8n
Sources
NVD
npm Severity HIGH Has Fix Added at: Mar 29, 2026
Nix Severity HIGH Has Fix Added at: Mar 29, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Com
Wiz
CVE-2026-24679 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-24679 [HIGH] CVE-2026-24679 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24679 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusb_udev_select_interface. This vulnerability is fixed in 3.22.0.
Source : NVD
## 8.7
Score
Published February 9, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Alma Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
freerdp-sdl
libfreerdp3-3
Sources
NVD
AlmaLinux 9 Severity HIGH Has Fix Added at: Apr 02, 2026
Alpin
Wiz
CVE-2025-68946 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2025-68946 [MEDIUM] CVE-2025-68946 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68946 :
NixOS vulnerability analysis and mitigation
In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS.
Source : NVD
## 5.4
Score
Published December 26, 2025
Severity MEDIUM
CNA Score 5.4
Affected Technologies
NixOS
Gitea
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gitea
code.gitea.io/gitea
Sources
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18 Severity MEDIUM No Fix Added at: Jan 01, 2026
Chainguard Has Fix Added at: Dec 28, 2025
GoLang Severity MEDIUM Has Fix Added at: Dec 28, 2025
Homebrew Severity MEDIUM Has Fix Added at: Jan
Wiz
CVE-2026-27150 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.3
CVE-2026-27150 [LOW] CVE-2026-27150 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27150 :
NixOS vulnerability analysis and mitigation
validate_before_create
QueryGroupBookmarkable
validate_before_create
Source : NVD
## 1.3
Score
Published February 26, 2026
Severity LOW
CNA Score 1.3
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
discourse
cpe:2.3:a:discourse:discourse
Sources
Nix Severity LOW No Fix Added at: Mar 03, 2026
Linux Severity LOW Has Fix Added at: Mar 02, 2026
Linux Severity LOW Has Fix Added at: Mar 03, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable
Wiz
CVE-2026-0015 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.2
CVE-2026-0015 [MEDIUM] CVE-2026-0015 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0015 :
NixOS vulnerability analysis and mitigation
In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 6.2
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 6.2
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of
Wiz
CVE-2026-0998 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-0998 [MEDIUM] CVE-2026-0998 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0998 :
NixOS vulnerability analysis and mitigation
Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 and Mattermost Plugin Zoom versions <=1.11.0 fail to validate user identity and post ownership in the {{/api/v1/askPMI}} endpoint which allows unauthorized users to start Zoom meetings as any user and overwrite arbitrary posts via direct API calls with manipulated user IDs and post data.. Mattermost Advisory ID: MMSA-2025-00534
Source : NVD
## 4.3
Score
Published February 16, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.5
Exploitation Probability (EPSS) N/A
Affected pack
Wiz
CVE-2025-69289 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2025-69289 [MEDIUM] CVE-2025-69289 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69289 :
NixOS vulnerability analysis and mitigation
Discourse is an open source discussion platform. A privilege escalation vulnerability in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allows a non-admin moderator to bypass email-change restrictions, allowing a takeover of non-staff accounts. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a workaround, ensure moderators are trusted or enable the "require_change_email_confirmation" setting.
Source : NVD
## 5.1
Score
Published January 28, 2026
Severity MEDIUM
CNA Score 5.1
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.1
Exploitation
Wiz
CVE-2026-33481 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-33481 [MEDIUM] CVE-2026-33481 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33481 :
NixOS vulnerability analysis and mitigation
Syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those archives into temporary storage then inspect the unpacked contents. Under normal operation Syft will remove the temporary data it writes after completing a scan. This vulnerability would affect users of Syft that were scanning content that could cause Syft to fill the temporary storage that would then cause Syft to raise an error and exit. When the error is triggered Syft would exit without properly removing the temporary files in
Wiz
CVE-2026-4724 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-4724 [MEDIUM] CVE-2026-4724 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4724 :
NixOS vulnerability analysis and mitigation
Undefined behavior in the Audio/Video component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
Source : NVD
## 9.1
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firefox
thunderbird
Sources
Chainguard Has Fix Added at: Mar 29, 2026
Homebrew Severity CRITICAL Has Fix Added at: Mar 29, 2026
Nix Severity CRITICAL Has Fix Added at: Mar 29, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added at: Mar 29, 2026
Linux Severity CRITI
Wiz
CVE-2025-48578 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-48578 [HIGH] CVE-2025-48578 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48578 :
NixOS vulnerability analysis and mitigation
In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Source : NVD
## 7.8
Score
Published March 2, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get
Wiz
CVE-2025-68613 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2025-68613 [CRITICAL] CVE-2025-68613 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68613 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system
Wiz
CVE-2026-4696 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4696 [HIGH] CVE-2026-4696 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4696 :
NixOS vulnerability analysis and mitigation
Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 9.8
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
rhel10::thunderbird-flatpak.src
MozillaFirefox-branding-upstream
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Cha
Wiz
CVE-2026-33977 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-33977 [MEDIUM] CVE-2026-33977 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33977 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value (>= 89). The unvalidated step index is read directly from the network and used to index into a 89-entry lookup table, triggering a WINPR_ASSERT() failure and process abort via SIGABRT. This affects any FreeRDP client that has audio redirection (RDPSND) enabled, which is the default configuration. This issue has been patched in version 3.24.2.
Source : NVD
## 6.9
Score
Published March 30, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV
Wiz
CVE-2026-24746 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.7
CVE-2026-24746 [MEDIUM] CVE-2026-24746 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24746 :
NixOS vulnerability analysis and mitigation
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the Edit Quotes functions of InvoicePlane version 1.7.0. In the Editing Quotes function, the application does not validate user input at the quote_number parameter. Although administrator privileges are required to exploit it, this is still considered a critical vulnerability as it can cause actions such as unauthorized modification of application data, creation of persistent backdoors through stored malicious scripts, and full compromise of the application's integrity. Version 1.7.1 patches the issue.
Source : NVD
## 7.5
Score
Published February 18, 2026
Sever
Wiz
CVE-2026-20437 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.4
CVE-2026-20437 [MEDIUM] CVE-2026-20437 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20437 :
NixOS vulnerability analysis and mitigation
In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431940; Issue ID: MSV-5843.
Source : NVD
## 4.4
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 4.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVE
Wiz
CVE-2026-4706 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4706 [HIGH] CVE-2026-4706 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4706 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 7.5
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
rhel10::firefox-flatpak.src
MozillaThunderbird
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has
Wiz
CVE-2026-29771 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-29771 [HIGH] CVE-2026-29771 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-29771 :
NixOS vulnerability analysis and mitigation
Netmaker makes networks with WireGuard. Prior to version 1.2.0, the /api/server/shutdown endpoint allows termination of the Netmaker server process via syscall.SIGINT. This allows any user to repeatedly shut down the server, causing cyclic denial of service with approximately 3-second restart intervals. This issue has been patched in version 1.2.0.
Source : NVD
## 8.7
Score
Published March 7, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
github.com/gravitl/netmaker
netmaker
Sources
NV
Wiz
CVE-2026-20410 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2026-20410 [MEDIUM] CVE-2026-20410 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20410 :
NixOS vulnerability analysis and mitigation
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362552; Issue ID: MSV-5760.
Source : NVD
## 6.7
Score
Published February 2, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Feb 08, 2026
## Get a CVE risk assessment
Ge
Wiz
CVE-2025-48574 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2025-48574 [HIGH] CVE-2025-48574 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48574 :
NixOS vulnerability analysis and mitigation
In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 8.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Wiz
CVE-2026-2968 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
CVE-2026-2968 [MEDIUM] CVE-2026-2968 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2968 :
NixOS vulnerability analysis and mitigation
A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mg_chacha20_poly1305_decrypt of the file /src/tls_chacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is said to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Source : NVD
## 6.3
Score
Published February 23, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Releas
Wiz
CVE-2025-20806 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2025-20806 [MEDIUM] CVE-2025-20806 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20806 :
NixOS vulnerability analysis and mitigation
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114835; Issue ID: MSV-4479.
Source : NVD
## 6.7
Score
Published January 6, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a prioritize
Wiz
CVE-2026-22045 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.9
CVE-2026-22045 [MEDIUM] CVE-2026-22045 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22045 :
NixOS vulnerability analysis and mitigation
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up go routines and file descriptors indefinitely when the ACME TLS challenge is enabled. A malicious client can open many connections, send a minimal ClientHello with acme-tls/1, then stop responding, leading to denial of service of the entry point. The vulnerability is fixed in 2.11.35 and 3.6.7.
Source : NVD
## 7.5
Score
Published January 15, 2026
Severity HIGH
CNA Score 5.9
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Dat
Wiz
CVE-2026-28506 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-28506 [MEDIUM] CVE-2026-28506 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28506 :
NixOS vulnerability analysis and mitigation
Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no collection (e.g., Private Drafts, Deleted Documents), regardless of the user's actual permissions on those documents. While the document content is not directly exposed, this vulnerability leaks sensitive metadata (such as Document IDs, user activity timestamps, and in some specific cases like the Document Title of Permanent Delete). Crucially, leaking valid Document IDs of deleted drafts removes the protection of UUID randomness, ma
Wiz
CVE-2026-20972 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-20972 [MEDIUM] CVE-2026-20972 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20972 :
NixOS vulnerability analysis and mitigation
Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB.
Source : NVD
## 4.8
Score
Published January 9, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity LOW No Fix Added at: Jan 19, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Wiz
CVE-2025-15572 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2025-15572 [MEDIUM] CVE-2025-15572 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15572 :
NixOS vulnerability analysis and mitigation
A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Unfortunately, the project has no active maintainer at the moment.
Source : NVD
## 4.8
Score
Published February 10, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
wasm3
Sources
NVD
Homebrew Severity MEDIUM No Fix Added at: Feb 15, 20
Wiz
CVE-2025-20782 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2025-20782 [MEDIUM] CVE-2025-20782 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20782 :
NixOS vulnerability analysis and mitigation
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4685.
Source : NVD
## 6.7
Score
Published January 6, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Ge
Wiz
CVE-2025-48635 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2025-48635 [HIGH] CVE-2025-48635 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48635 :
NixOS vulnerability analysis and mitigation
In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 7.7
Score
Published March 2, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioriti
Wiz
CVE-2025-59947 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.5
CVE-2025-59947 [HIGH] CVE-2025-59947 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-59947 :
NixOS vulnerability analysis and mitigation
NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger both shared subscription and vanila subscription. This is fixed in version 0.24.4. As a workaround, disable shared subscription.
Source : NVD
## 8.5
Score
Published December 15, 2025
Severity HIGH
CNA Score 8.5
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
nanomq
Sources
NVD
Nix Severity CRITICAL Has Fix Added at: Feb 02, 2026
## Get a CVE risk assessment
Get a prioritized v
Wiz
CVE-2026-31799 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.9
CVE-2026-31799 [MEDIUM] CVE-2026-31799 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31799 :
NixOS vulnerability analysis and mitigation
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "section_id" and "user_id", the /api/v2?cmd=get_home_stats endpoint passes the section_id, user_id, before, and after query parameters directly into SQL via Python %-string formatting without parameterization. An attacker who holds the Tautulli admin API key can inject arbitrary SQL and exfiltrate any value from the Tautulli SQLite database via boolean-blind inference. This issue has been patched in version 2.17.0.
Source : NVD
## 4.9
Score
Published March 30, 2026
Severity MEDIUM
CNA Score 4.
Wiz
CVE-2026-25642 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-25642 [MEDIUM] CVE-2026-25642 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25642 :
NixOS vulnerability analysis and mitigation
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.6, files served below the /uploads/ endpoint did not use a more strict security-policy. This resulted in a too open Content-Security-Policy and furthermore opened the possibility to host malicious interactive web content (such as fake login forms) using SVG files. This vulnerability is fixed in 1.10.6.
Source : NVD
## 6.1
Score
Published February 6, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.1
Exploitation Probability (EPSS) N/A
Affected packages and librar
Wiz
CVE-2025-70310 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-70310 [MEDIUM] CVE-2025-70310 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-70310 :
NixOS vulnerability analysis and mitigation
A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .ogg file.
Source : NVD
## 5.5
Score
Published January 15, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gpac
Sources
NVD
Debian 11 Severity MEDIUM No Fix Added at: Jan 18, 2026
Homebrew Severity MEDIUM No Fix Added at: Jan 26, 2026
Nix Severity MEDIUM No Fix Added at: Jan 26, 2026
## Get a CVE risk assessment
Get a prioritized view of CV
Wiz
CVE-2026-33124 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33124 [MEDIUM] CVE-2026-33124 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33124 :
NixOS vulnerability analysis and mitigation
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Versions prior to 0.17.0-beta1 allow any authenticated user to change their own password without verifying the current password through the /users/{username}/password endpoint. Changing a password does not invalidate existing JWT tokens, and there is no validation of password strength. If an attacker obtains a valid session token (e.g., via accidentally exposed JWT, stolen cookie, XSS, compromised device, or sniffing over HTTP), they can change the victim’s password and gain permanent control of the account. Since password changes do not invalidate existing JWT tokens, session hijacks persist even after a password reset. Additional
Wiz
CVE-2026-21483 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2026-21483 [MEDIUM] CVE-2026-21483 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21483 :
NixOS vulnerability analysis and mitigation
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates. When a higher-privileged user (Super Admin) views or previews this content, the XSS executes in their browser context, allowing the attacker to perform privileged actions such as creating backdoor admin accounts. The attack can be weaponized via the public archive feature, where victims simply need to visit a link - no preview click required. Version 6.0.0 fixes the issue.
Source : NVD
## 5.4
Score
Published January 2, 2026
Severity MEDIUM
CNA Score 5.4
Affected Technologies
NixOS
Has Public Exploi
Wiz
CVE-2025-48619 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2025-48619 [HIGH] CVE-2025-48619 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48619 :
NixOS vulnerability analysis and mitigation
In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 8.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessme
Wiz
CVE-2026-25506 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2026-25506 [HIGH] CVE-2026-25506 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25506 :
NixOS vulnerability analysis and mitigation
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from process memory. With the leaked key material, the attacker could forge arbitrary MUNGE credentials to impersonate any user (including root) to services that rely on MUNGE for authentication. The vulnerability allows a buffer overflow by sending a crafted message with an oversized address length field, corrupting munged's internal state and enabling extraction of the MAC subkey used for credential verification. This vulnerability is fixed in 0.5.18.
Source : NVD
## 7.8
Score
Publi
Wiz
CVE-2025-20804 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2025-20804 [MEDIUM] CVE-2025-20804 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20804 :
NixOS vulnerability analysis and mitigation
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10198951; Issue ID: MSV-4503.
Source : NVD
## 6.7
Score
Published January 6, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a prioritized vi
Wiz
CVE-2025-69720 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.3
CVE-2025-69720 [HIGH] CVE-2025-69720 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69720 :
NixOS vulnerability analysis and mitigation
The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.
Wiz Threat Research note: This vulnerability's initial access potential has been overridden to FALSE by the Wiz Research team, as it is not confirmed to allow RCE, only stack-based buffer overflow.
Source : NVD
## 7.8
Score
Published March 19, 2026
Severity HIGH
CNA Score 7.3
Affected Technologies
NixOS
CBL Mariner
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
ncurses-term
ncurses
Sources
NVD
CBL-Mariner 2.0 S
Wiz
CVE-2026-26046 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.2
CVE-2026-26046 [HIGH] CVE-2026-26046 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26046 :
NixOS vulnerability analysis and mitigation
A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server.
Source : NVD
## 7.2
Score
Published February 21, 2026
Severity HIGH
CNA Score 7.2
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 38.3
Expl
Wiz
CVE-2025-68940 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.1
CVE-2025-68940 [LOW] CVE-2025-68940 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68940 :
NixOS vulnerability analysis and mitigation
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.
Source : NVD
## 5.3
Score
Published December 26, 2025
Severity MEDIUM
CNA Score 3.1
Affected Technologies
NixOS
Gitea
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gitea
code.gitea.io/gitea
Sources
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21 Severity MEDIUM No Fix Added at: Jan 03, 2026
Chainguard Has Fix Added at: Dec 28, 2025
GoLang Severity LOW Has Fix Added at: Dec 28, 2025
Homebrew Severity MED
Wiz
CVE-2024-44065 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2024-44065 [CRITICAL] CVE-2024-44065 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2024-44065 :
NixOS vulnerability analysis and mitigation
Time-based blind SQL Injection vulnerability in Cloudlog v2.6.15 at the endpoint /index.php/logbookadvanced/search in the qsoresults parameter.
Source : NVD
## 9.8
Score
Published December 26, 2025
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cloudlog
Sources
NVD
Nix Severity CRITICAL No Fix Added at: Jan 01, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilit
Wiz
CVE-2026-33126 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33126 [MEDIUM] CVE-2026-33126 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33126 :
NixOS vulnerability analysis and mitigation
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to version 0.16.3, the /ffprobe endpoint accepts arbitrary user-controlled URLs without proper validation, allowing Server-Side Request Forgery (SSRF) attacks. An attacker can use the Frigate server to make HTTP requests to internal network resources, cloud metadata services, or perform port scanning. This issue has been patched in version 0.16.3.
Source : NVD
## 4.3
Score
Published March 20, 2026
Severity MEDIUM
CNA Score 5.0
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.7
Exploitation Pr
Wiz
CVE-2026-33206 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33206 [MEDIUM] CVE-2026-33206 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33206 :
NixOS vulnerability analysis and mitigation
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling of images in Markdown and other similar text-based files allowing an attacker to include arbitrary files from the file system into the converted book. Additionally, missing authentication and server-side request forgery in the background-image endpoint in the ebook reader web view allow the files to be exfiltrated without additional interaction. Version 9.6.0 contains a fix.
Source : NVD
## 8.2
Score
Published March 27, 2026
Severity HIGH
CNA Score 8.2
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit
Wiz
CVE-2025-48577 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.4
CVE-2025-48577 [HIGH] CVE-2025-48577 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48577 :
NixOS vulnerability analysis and mitigation
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 7.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 7.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in yo
Wiz
CVE-2026-20992 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-20992 [MEDIUM] CVE-2026-20992 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20992 :
NixOS vulnerability analysis and mitigation
Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application.
Source : NVD
## 4.8
Score
Published March 16, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity LOW No Fix Added at: Mar 22, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabiliti
Wiz
CVE-2026-32239 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32239 [MEDIUM] CVE-2026-32239 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32239 :
NixOS vulnerability analysis and mitigation
Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in 1.4.0.
Source : NVD
## 6.3
Score
Published March 12, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 23
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
capnproto
Sources
NVD
Alpine 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3
Wiz
CVE-2026-33424 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33424 [MEDIUM] CVE-2026-33424 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33424 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an attacker can grant access to a private message topic through invites even after they lose access to that PM. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.
Source : NVD
## 4.3
Score
Published March 21, 2026
Severity MEDIUM
CNA Score 5.9
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discourse
Sources
Nix Sever
Wiz
CVE-2026-20445 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.4
CVE-2026-20445 [MEDIUM] CVE-2026-20445 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20445 :
NixOS vulnerability analysis and mitigation
In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10289875; Issue ID: MSV-5184.
Source : NVD
## 4.4
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 4.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of
Wiz
CVE-2026-26933 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.7
CVE-2026-26933 [MEDIUM] CVE-2026-26933 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26933 :
NixOS vulnerability analysis and mitigation
Improper Validation of Array Index (CWE-129) in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger out-of-bounds read operations, resulting in application crashes or resource exhaustion. This requires the attacker to be positioned on the same network segment as the Packetbeat deployment or to control traffic routed to monitored interfaces.
Source : NVD
## 5.7
Score
Published March 19, 2026
Severity MEDIUM
CNA Score 5.7
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Dat
Wiz
CVE-2025-57543 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.1
CVE-2025-57543 [MEDIUM] CVE-2025-57543 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-57543 :
NixOS vulnerability analysis and mitigation
Cross Site scripting vulnerability (XSS) in NetBox 4.3.5 "comment" field on object forms. An attacker can inject arbitrary HTML, which will be rendered in the web UI when viewed by other users. This could potentially lead to user interface redress attacks or be escalated to XSS in certain contexts.
Source : NVD
## 6.1
Score
Published March 16, 2026
Severity MEDIUM
CNA Score 6.1
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
netbox
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 22, 2026
## Get a CVE risk asses
Wiz
CVE-2026-0892 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-0892 [CRITICAL] CVE-2026-0892 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0892 :
NixOS vulnerability analysis and mitigation
Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 147 and Thunderbird < 147.
Source : NVD
## 9.8
Score
Published January 13, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
thunderbird
cpe:2.3:a:mozilla:firefox
Sources
Homebrew Severity CRITICAL Has Fix Added at: J
Wiz
CVE-2025-15279 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-15279 [HIGH] CVE-2025-15279 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15279 :
NixOS vulnerability analysis and mitigation
FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of pixels within BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27517.
Source : NVD
## 7.8
Score
Published December 31, 2025
Severity HIGH
Wiz
CVE-2026-20980 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.0
CVE-2026-20980 [HIGH] CVE-2026-20980 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20980 :
NixOS vulnerability analysis and mitigation
Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute arbitrary commands.
Source : NVD
## 7
Score
Published February 4, 2026
Severity HIGH
CNA Score 7.0
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Feb 08, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Wiz
CVE-2025-69649 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-69649 [HIGH] CVE-2025-69649 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69649 :
NixOS vulnerability analysis and mitigation
GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed.
Source : NVD
## 7.5
Score
Published March 6, 2026
Severity HIGH
CNA Score 5.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.5
Exploitation Prob
Wiz
CVE-2026-25062 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-25062 [MEDIUM] CVE-2026-25062 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25062 :
NixOS vulnerability analysis and mitigation
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the value of attachments[].key from the imported JSON is passed directly to path.join(rootPath, node.key) and then read using fs.readFile without validation. By embedding path traversal sequences such as ../ or absolute paths, an attacker can read arbitrary files on the server and import them as attachments. This vulnerability is fixed in 1.4.0.
Source : NVD
## 5.5
Score
Published February 11, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPS
Wiz
CVE-2026-31884 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-31884 [MEDIUM] CVE-2026-31884 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31884 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % block_size where block_size = context->common.format.nBlockAlign. The nBlockAlign value comes from the Server Audio Formats PDU on the RDPSND channel. The value 0 is not validated anywhere before reaching the decoder. When nBlockAlign = 0, the modulo operation causes a SIGFPE (floating point exception) crash. This vulnerability is fixed in 3.24.0.
Source : NVD
## 7.5
Score
Published March 13, 2026
Severity HIGH
CNA Score 6.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Wiz
CVE-2025-33250 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-33250 [HIGH] CVE-2025-33250 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-33250 :
NixOS vulnerability analysis and mitigation
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Source : NVD
## 7.8
Score
Published February 18, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 29.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
nemo
Sources
NVD
Nix Severity HIGH Has Fix Added at: Feb 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can fo
Wiz
CVE-2026-27821 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2026-27821 [HIGH] CVE-2026-27821 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27821 :
NixOS vulnerability analysis and mitigation
src/filters/dmx_nhml.c
Source : NVD
## 7.7
Score
Published February 26, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gpac
Sources
NVD
Debian 11 Severity HIGH No Fix Added at: Mar 02, 2026
Homebrew Severity HIGH No Fix Added at: Mar 13, 2026
Nix Severity HIGH No Fix Added at: Mar 13, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Wiz
CVE-2026-34041 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-34041 [MEDIUM] CVE-2026-34041 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-34041 :
NixOS vulnerability analysis and mitigation
act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an attacker can inject these commands to set arbitrary environment variables or modify the PATH for all subsequent steps in the job. This issue has been patched in version 0.2.86.
Source : NVD
## 7.7
Score
Published March 31, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percenti
Wiz
CVE-2025-67723 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.6
CVE-2025-67723 [MEDIUM] CVE-2025-67723 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67723 :
NixOS vulnerability analysis and mitigation
Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitigated cross-site scriptinv vulnerability on the Discourse Math plugin when using its KaTeX variant. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a workaround, the Discourse Math plugin can be disabled, or the Mathjax provider can be used instead of KaTeX.
Source : NVD
## 5.4
Score
Published January 28, 2026
Severity MEDIUM
CNA Score 4.6
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.3
Exploitation Probabi
Wiz
CVE-2026-2765 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2765 [CRITICAL] CVE-2026-2765 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2765 :
NixOS vulnerability analysis and mitigation
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:firefox_esr
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13,
Wiz
CVE-2026-32945 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32945 [MEDIUM] CVE-2026-32945 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32945 :
NixOS vulnerability analysis and mitigation
PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS parser's name length handler. Thisimpacts applications using PJSIP's built-in DNS resolver, such as those configured with pjsua_config.nameserver or UaConfig.nameserver in PJSUA/PJSUA2. It does not affect users who rely on the OS resolver (e.g., getaddrinfo()) by not configuring a nameserver, or those using an external resolver via pjsip_resolver_set_ext_resolver(). This issue is fixed in version 2.17. For users unable to upgrade, a workaround is to disable DNS resolution in the PJSIP config (by setting nameserver_count to zero) or to use an external resolver impleme
Wiz
CVE-2026-0822 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-0822 [MEDIUM] CVE-2026-0822 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0822 :
NixOS vulnerability analysis and mitigation
A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The identifier of the patch is 53eefbcd695165a3bd8c584813b472cb4a69fbf5. To fix this issue, it is recommended to deploy a patch.
Source : NVD
## 5.3
Score
Published January 10, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.6
Exploitation Probability (EPSS
Wiz
CVE-2026-26103 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2026-26103 [HIGH] CVE-2026-26103 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26103 :
NixOS vulnerability analysis and mitigation
A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys and render encrypted volumes inaccessible. Successful exploitation results in a denial-of-service condition through irreversible data loss.
Source : NVD
## 7.1
Score
Published February 25, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitatio
Wiz
CVE-2025-14020 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2025-14020 [MEDIUM] CVE-2025-14020 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14020 :
NixOS vulnerability analysis and mitigation
LINE client for Android versions prior to 14.20 contains a UI spoofing vulnerability in the in-app browser where the full-screen security Toast notification is not properly re-displayed when users return from another application, potentially allowing attackers to conduct phishing attacks by impersonating legitimate interfaces.
Source : NVD
## 4.3
Score
Published December 15, 2025
Severity MEDIUM
CNA Score 5.4
Affected Technologies
NixOS
Line
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:linecorp:line
line
Sources
Nix Severity MEDIUM
Wiz
CVE-2025-20780 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-20780 [HIGH] CVE-2025-20780 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20780 :
NixOS vulnerability analysis and mitigation
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184061; Issue ID: MSV-4712.
Source : NVD
## 7.8
Score
Published January 6, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a prioritize
Wiz
CVE-2026-4714 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4714 [HIGH] CVE-2026-4714 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4714 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 7.5
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mozilla:firefox_esr
rhel10::firefox-flatpak
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix Added at: Mar 29,
Wiz
CVE-2026-2789 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2789 [CRITICAL] CVE-2026-2789 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2789 :
NixOS vulnerability analysis and mitigation
Use-after-free in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
rhel10::thunderbird-flatpak.src
MozillaFirefox
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13, 14
Wiz
CVE-2026-25942 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-25942 [MEDIUM] CVE-2026-25942 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25942 :
NixOS vulnerability analysis and mitigation
xf_rail_server_execute_result
error_code_names[]
execResult->execResult
execResult
Source : NVD
## 5.5
Score
Published February 25, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
freerdp
freerdp-libs-debuginfo
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23, edge Severity HIGH Has Fix Added at: Mar 02, 2026
Chainguard Has Fix Added at: Mar 02, 2026
Debian 11, 13 Severity HIGH No Fix Added at: Mar 02, 2026
Debian 12
Wiz
CVE-2026-25646 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.3
CVE-2026-25646 [HIGH] CVE-2026-25646 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25646 :
NixOS vulnerability analysis and mitigation
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.
Wiz Threat Research note: This vulnerability's CVSS vector has been overridden to Confiden
Wiz
CVE-2025-61636 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2025-61636 [MEDIUM] CVE-2025-61636 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61636 :
NixOS vulnerability analysis and mitigation
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 13, 14 Severity MEDIUM Has Fix Added at: Oct 03, 2025
Nix S
Wiz
CVE-2025-66861 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.5
CVE-2025-66861 [LOW] CVE-2025-66861 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66861 :
NixOS vulnerability analysis and mitigation
An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file.
Source : NVD
## 2.5
Score
Published December 29, 2025
Severity LOW
CNA Score 2.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
binutils-gold
gcc-toolset-14-binutils-gprofng
Sources
NVD
Chainguard No Fix Added at: Jan 15, 2026
Debian 11, 12, 13, 14 Severity LOW No Fix Added at: Dec 30, 2025
Echo Severity LOW Has Fix Added at: Dec 30, 2025
Homebre
Wiz
CVE-2026-32837 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32837 [MEDIUM] CVE-2026-32837 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32837 :
NixOS vulnerability analysis and mitigation
miniaudio version 0.11.25 and earlier contain a heap out-of-bounds read vulnerability in the WAV BEXT metadata parser that allows attackers to trigger memory access violations by processing crafted WAV files. Attackers can exploit improper null-termination handling in the coding history field to cause out-of-bounds reads past the allocated metadata pool, resulting in application crashes or denial of service.
Source : NVD
## 5.1
Score
Published March 17, 2026
Severity MEDIUM
CNA Score 5.1
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.3
Exploitation Probability (EPSS) N/A
Affected
Wiz
CVE-2026-0877 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2026-0877 [HIGH] CVE-2026-0877 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0877 :
NixOS vulnerability analysis and mitigation
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
Source : NVD
## 8.1
Score
Published January 13, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaFirefox-branding-upstream
firefox-debugsource
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Feb 11, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Jan 20, 2026
Debian 11, 12, 13, 14 S
Wiz
CVE-2026-30914 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-30914 [MEDIUM] CVE-2026-30914 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30914 :
NixOS vulnerability analysis and mitigation
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths to bypass folder-level permissions or escape the boundaries of a configured Virtual Folder. This vulnerability is fixed in 2.7.1.
Source : NVD
## 5.3
Score
Published March 13, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.2
Exploitation Probability (EPSS) N
Wiz
CVE-2026-26985 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2026-26985 [HIGH] CVE-2026-26985 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26985 :
NixOS vulnerability analysis and mitigation
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Starting in version 24.0.0 and prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with the appropriate authorization can read configuration files on the server by exploiting a path traversal vulnerability. Some of these files contain hard-coded credentials. The vulnerability allows an attacker to read configuration files containing hard-coded credentials. The attacker could then authenticate to the database or other services if those credentials are reused. The attacker must be authenticated and have the required permissions. However, the vulnerability
Wiz
CVE-2026-26270 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2026-26270 [MEDIUM] CVE-2026-26270 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26270 :
NixOS vulnerability analysis and mitigation
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability exists in InvoicePlane (latest version) that allows an authenticated user with permissions to manage Invoice Groups to inject malicious JavaScript into the "Identifier Format" field. This script executes when any user views the invoice list or the main dashboard. Version 1.7.1 patches the issue.
Source : NVD
## 5.4
Score
Published February 18, 2026
Severity MEDIUM
CNA Score 5.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1
Exploitation Probabi
Wiz
CVE-2026-22867 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-22867 [HIGH] CVE-2026-22867 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22867 :
NixOS vulnerability analysis and mitigation
LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacker with document editing privileges can inject a malicious javascript: URL that executes arbitrary code when other users click on the link. This vulnerability is fixed in 4.4.0.
Source : NVD
## 5.4
Score
Published January 15, 2026
Severity MEDIUM
CNA Score 8.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (E
Wiz
CVE-2026-27810 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.4
CVE-2026-27810 [MEDIUM] CVE-2026-27810 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27810 :
NixOS vulnerability analysis and mitigation
content_disposition
/get/
/data-files/get/
Source : NVD
## 6.4
Score
Published February 27, 2026
Severity MEDIUM
CNA Score 6.4
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
calibre
cpe:2.3:a:calibre-ebook:calibre
Sources
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Mar 02, 2026
Debian 14 Severity MEDIUM Has Fix Added at: Mar 02, 2026
Echo Severity MEDIUM No Fix Added at: Mar 02, 2026
Homebrew Severity MEDIUM Has Fix Added at: Mar 08, 2026
Nix Severity MEDIUM Has Fix Added at: Mar 08, 2026
Win
Wiz
CVE-2026-1470 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-1470 [CRITICAL] CVE-2026-1470 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1470 :
NixOS vulnerability analysis and mitigation
n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime.
An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.
Source : NVD
## 9.9
Score
Published January 27, 2026
Severity CRITICAL
CNA Score 9.9
Affected Technologies
NixOS
n8n
H
Wiz
CVE-2026-2048 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-2048 [HIGH] CVE-2026-2048 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2048 :
NixOS vulnerability analysis and mitigation
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28591.
Source : NVD
## 7.8
Score
Published February 20, 2026
Severity HIGH
CNA Score 7.8
Affected Te
Wiz
CVE-2025-58899 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2025-58899 [HIGH] CVE-2025-58899 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-58899 :
NixOS vulnerability analysis and mitigation
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Frame frame allows PHP Local File Inclusion.This issue affects Frame: from n/a through <= 2.4.0.
Source : NVD
## 8.1
Score
Published December 18, 2025
Severity HIGH
CNA Score 8.1
Affected Technologies
NixOS
WordPress
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 38.5
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
frame
Sources
NVD
Nix Severity HIGH No Fix Added at: Jan 19, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you
Wiz
CVE-2026-33249 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33249 [MEDIUM] CVE-2026-33249 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33249 :
NixOS vulnerability analysis and mitigation
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to versions 2.11.15 and 2.12.6, a valid client which uses message tracing headers can indicate that the trace messages can be sent to an arbitrary valid subject, including those to which the client does not have publish permission. The payload is a valid trace message and not chosen by the attacker. Versions 2.11.15 and 2.12.6 contain a fix. No known workarounds are available.
Source : NVD
## 4.3
Score
Published March 25, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N
Wiz
CVE-2026-22853 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2026-22853 [MEDIUM] CVE-2026-22853 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22853 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array. This vulnerability is fixed in 3.20.1.
Source : NVD
## 6.8
Score
Published January 14, 2026
Severity MEDIUM
CNA Score 6.8
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 25.1
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
libfreerdp3-3
libuwac0-0
Sources
NVD
Alpine 3.10, 3.11,
Wiz
CVE-2026-27587 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2026-27587 [HIGH] CVE-2026-27587 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27587 :
NixOS vulnerability analysis and mitigation
path
%xx
Source : NVD
## 7.7
Score
Published February 24, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
caddy
github.com/caddyserver/caddy
Sources
NVD
Alpine 3.23, edge Severity CRITICAL Has Fix Added at: Mar 02, 2026
Chainguard Has Fix Added at: Feb 24, 2026
Debian 12, 13 Severity CRITICAL No Fix Added at: Feb 24, 2026
Echo Severity CRITICAL No Fix Added at: Feb 24, 2026
GoLang Severity HIGH Has Fix Added at: Feb 25, 2026
Homebrew Severity CRITICAL Has Fix Added at: M
Wiz
CVE-2026-34085 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-34085 [MEDIUM] CVE-2026-34085 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-34085 :
NixOS vulnerability analysis and mitigation
fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c.
Source : NVD
## 7.8
Score
Published March 25, 2026
Severity HIGH
CNA Score 5.9
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
fontconfig
fontconfig-devel
Sources
NVD
Homebrew Severity HIGH Has Fix Added at: Mar 29, 2026
Nix Severity HIGH Has Fix Added at: Mar 29, 2026
Red Hat 6, 7
Wiz
CVE-2026-30851 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2026-30851 [HIGH] CVE-2026-30851 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30851 :
NixOS vulnerability analysis and mitigation
Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forward_auth copy_headers does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2.
Source : NVD
## 8.8
Score
Published March 7, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
caddy
github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy
Sources
NVD
Alpine 3.22, 3.23 Severity HIG
Wiz
CVE-2026-33874 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33874 [MEDIUM] CVE-2026-33874 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33874 :
NixOS vulnerability analysis and mitigation
Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik Authenticator to version 4.16.0 or greater to receive a patch. There are no known workarounds.
Source : NVD
## 7.8
Score
Published March 27, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 22.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
authentica
Wiz
CVE-2026-26993 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.6
CVE-2026-26993 [MEDIUM] CVE-2026-26993 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26993 :
NixOS vulnerability analysis and mitigation
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitization. By embedding malicious JavaScript within an SVG (or other active content formats such as HTML or XML), an attacker can achieve script execution in the context of the application's origin when a victim views the file in “raw” mode. This results in a stored Cross-Site Scripting (XSS) vulnerability that can be exploited to exfiltrate user data. This issue has been fixed in version 1.7.1.
Source : NVD
## 5.4
Score
Published February 20, 2026
Severity MEDIUM
CNA Score 4.6
Affected Technologies
NixOS
Linux Alpine
Has
Wiz
CVE-2026-2044 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-2044 [HIGH] CVE-2026-2044 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2044 :
NixOS vulnerability analysis and mitigation
GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PGM files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28158.
Source : NVD
## 7.8
Score
Published February 20, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit
Wiz
CVE-2025-61616 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-61616 [HIGH] CVE-2025-61616 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61616 :
NixOS vulnerability analysis and mitigation
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Source : NVD
## 7.5
Score
Published March 9, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 24.2
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 10, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Ni
Wiz
CVE-2026-25579 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.2
CVE-2026-25579 [CRITICAL] CVE-2026-25579 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25579 :
NixOS vulnerability analysis and mitigation
Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL (/share/img/ ). When processing such requests, the server attempts to create an extremely large resized image, causing uncontrolled memory growth. This triggers the Linux OOM killer, terminates the Navidrome process, and results in a full service outage. If the system has sufficient memory and survives the allocation, Navidrome then writes these extremely large resized images into its cache directory, allowing an attacker to rapidly exhaust server disk space as well. This issue has
Wiz
CVE-2026-24748 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-24748 [MEDIUM] CVE-2026-24748 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24748 :
NixOS vulnerability analysis and mitigation
GetConfig()
Authorization
Bearer
RefreshResource
RefreshResource
Source : NVD
## 6.9
Score
Published January 27, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 28.2
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
github.com/akuity/kargo
kargo
Sources
NVD
GoLang Severity MEDIUM Has Fix Added at: Jan 28, 2026
Homebrew Severity HIGH Has Fix Added at: Mar 03, 2026
Nix Severity HIGH Has Fix Added at: Mar 03, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploi
Wiz
CVE-2025-12839 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-12839 [HIGH] CVE-2025-12839 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-12839 :
NixOS vulnerability analysis and mitigation
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of EXR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27947.
Source : NVD
## 7.8
Score
Publishe
Wiz
CVE-2025-15327 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2025-15327 [MEDIUM] CVE-2025-15327 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15327 :
NixOS vulnerability analysis and mitigation
Tanium addressed an improper access controls vulnerability in Deploy.
Source : NVD
## 4.3
Score
Published February 5, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
deploy
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Feb 11, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Wiz
CVE-2026-4729 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-4729 [MEDIUM] CVE-2026-4729 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4729 :
NixOS vulnerability analysis and mitigation
Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149 and Thunderbird < 149.
Source : NVD
## 9.8
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
thunderbird
firefox
Sources
Chainguard Has Fix Added at: Mar 29, 2026
Homebrew Severity CRI
Wiz
CVE-2026-0797 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-0797 [HIGH] CVE-2026-0797 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0797 :
NixOS vulnerability analysis and mitigation
GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28599.
Source : NVD
## 7.8
Score
Published February 20, 2026
Severity HIGH
CNA Score 7.8
Affected Tec
Wiz
CVE-2026-26064 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-26064 [CRITICAL] CVE-2026-26064 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26064 :
NixOS vulnerability analysis and mitigation
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. Function extract_pictures only checks startswith('Pictures'), and does not sanitize '..' sequences. calibre's own ZipFile.extractall() in utils/zipfile.py does sanitize '..' via _get_targetpath(), but extract_pictures() bypasses this by using manual zf.read() + open(). This issue has been fixed in version 9.3.0.
Source : NVD
## 9.3
Score
Published February 20, 202
Wiz
CVE-2025-56332 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2025-56332 [CRITICAL] CVE-2025-56332 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-56332 :
NixOS vulnerability analysis and mitigation
Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attackers to access Pangolin resource via Insecure Default Configuration
Source : NVD
## 9.1
Score
Published December 30, 2025
Severity CRITICAL
CNA Score 9.1
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 30.1
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
pangolin
Sources
NVD
Homebrew Severity CRITICAL Has Fix Added at: Feb 21, 2026
Nix Severity CRITICAL Has Fix Added at: Jan 11, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's ex
Wiz
CVE-2025-68943 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68943 [MEDIUM] CVE-2025-68943 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68943 :
NixOS vulnerability analysis and mitigation
Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.
Source : NVD
## 5.3
Score
Published December 26, 2025
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Gitea
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gitea
code.gitea.io/gitea
Sources
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19 Severity MEDIUM No Fix Added at: Jan 01, 2026
Chainguard Has Fix Added at: Dec 28, 2025
GoLang Severity MEDIUM Has Fix Added at: Dec 28, 2025
Homebre
Wiz
CVE-2026-25731 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-25731 [HIGH] CVE-2026-25731 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25731 :
NixOS vulnerability analysis and mitigation
calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0.
Source : NVD
## 7.8
Score
Published February 6, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:calibre-ebook:calibre
cali
Wiz
CVE-2025-14333 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2025-14333 [HIGH] CVE-2025-14333 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14333 :
NixOS vulnerability analysis and mitigation
Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
Source : NVD
## 8.1
Score
Published December 9, 2025
Severity HIGH
CNA Score 8.1
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
MozillaFir
Wiz
CVE-2025-68114 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2025-68114 [MEDIUM] CVE-2025-68114 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68114 :
NixOS vulnerability analysis and mitigation
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStream_concat lets a malicious cs_opt_mem.vsnprintf drive SStream’s index negative or past the end, leading to a stack buffer underflow/overflow when the next write occurs. Commit 2c7797182a1618be12017d7d41e0b6581d5d529e fixes the issue.
Source : NVD
## 9.8
Score
Published December 17, 2025
Severity CRITICAL
CNA Score 4.8
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
rust-src
ruby-default-gems
Sourc
Wiz
CVE-2019-25338 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2019-25338 [MEDIUM] CVE-2019-25338 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2019-25338 :
NixOS vulnerability analysis and mitigation
DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by analyzing the server's error response messages.
Source : NVD
## 6.9
Score
Published February 12, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
dokuwiki
Sources
NVD
Echo Severity MEDIUM No
Wiz
CVE-2026-32099 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-32099 [MEDIUM] CVE-2026-32099 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32099 :
NixOS vulnerability analysis and mitigation
hide_profile
Source : NVD
## 6.5
Score
Published March 19, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discourse
Sources
Nix Severity MEDIUM No Fix Added at: Mar 26, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 20, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 26, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vuln
Wiz
CVE-2026-25055 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2026-25055 [HIGH] CVE-2026-25055 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25055 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execution on those systems. As a prerequisites an unauthenticated attacker needs knowledge of such workflows existing and the endpoints for file uploads need to be unauthenticated. This issue has been patched in versions 1.123.12 and 2.4.0.
Source : NVD
## 7.1
Score
Published February 4, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
NixOS
n8n
Has Public Exploit N
Wiz
CVE-2026-25556 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.9
CVE-2026-25556 [MEDIUM] CVE-2026-25556 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25556 :
NixOS vulnerability analysis and mitigation
MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fz_decode_barcode_from_display_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash the process. This issue affects applications that enable and use MuPDF barcode decoding and can be triggered by processing crafted input that causes a rendering-time error while decoding barcodes.
Source : NVD
## 5.9
Score
Publi
Wiz
CVE-2025-67269 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-67269 [HIGH] CVE-2025-67269 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67269 :
NixOS vulnerability analysis and mitigation
nextstate()
gpsd/packet.c
ffa1d6f40bca0b035fc7f5e563160ebb67199da7
lexer->length = (size_t)c - 4
c
lexer->length
SIZE_MAX
Source : NVD
## 7.5
Score
Published January 2, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 30.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
gpsd-qt-debuginfo
gpsd-xclients
Sources
NVD
AlmaLinux 9 Severity HIGH Has Fix Added at: Jan 21, 2026
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21 Severity HIGH No Fix Added at: Jan 11, 2026
Alpine 3.22, 3.23 Severity
Wiz
CVE-2026-27162 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.9
CVE-2026-27162 [MEDIUM] CVE-2026-27162 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27162 :
NixOS vulnerability analysis and mitigation
posts_nearby
Post.secured(guardian)
Source : NVD
## 4.9
Score
Published February 26, 2026
Severity MEDIUM
CNA Score 4.9
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
discourse
cpe:2.3:a:discourse:discourse
Sources
Nix Severity MEDIUM No Fix Added at: Mar 03, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 02, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 03, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's list
Wiz
CVE-2026-0010 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2026-0010 [HIGH] CVE-2026-0010 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0010 :
NixOS vulnerability analysis and mitigation
In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 8.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your c
Wiz
CVE-2025-69848 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2025-69848 [MEDIUM] CVE-2025-69848 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69848 :
NixOS vulnerability analysis and mitigation
NetBox is an open-source infrastructure resource modeling and IP address management platform. A reflected cross-site scripting (XSS) vulnerability exists in versions 2.11.0 through 3.7.x in the ProtectedError handling logic, where object names are included in HTML error messages without proper escaping. This allows user-controlled content to be rendered in the web interface when a delete operation fails due to protected relationships, potentially enabling execution of arbitrary client-side code in the context of a privileged user.
Source : NVD
## 5.4
Score
Published February 3, 2026
Severity MEDIUM
CNA Score 5.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
Wiz
CVE-2026-3846 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-3846 [MEDIUM] CVE-2026-3846 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3846 :
NixOS vulnerability analysis and mitigation
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability affects Firefox < 148.0.2.
Source : NVD
## 6.5
Score
Published March 10, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mozilla:firefox
thunderbird
Sources
Alpine 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23, edge Severity MEDIUM No Fix Added at: Mar 12, 2026
Homebrew Severity MEDIUM Has Fix Added at: Mar 13, 2026
Nix Severity MEDIUM Has Fix
Wiz
CVE-2025-58885 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2025-58885 [HIGH] CVE-2025-58885 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-58885 :
NixOS vulnerability analysis and mitigation
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Pathfinder pathfinder allows PHP Local File Inclusion.This issue affects Pathfinder: from n/a through <= 1.16.
Source : NVD
## 8.2
Score
Published December 18, 2025
Severity HIGH
CNA Score 8.2
Affected Technologies
NixOS
WordPress
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
pathfinder
Sources
NVD
Nix Severity HIGH No Fix Added at: Jan 19, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in
Wiz
CVE-2026-25063 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.3
CVE-2026-25063 [HIGH] CVE-2026-25063 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25063 :
NixOS vulnerability analysis and mitigation
gradle-completion
gradle-completion
.bashrc
.bash_profile
Source : NVD
## 8.3
Score
Published January 29, 2026
Severity HIGH
CNA Score 8.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gradle-completion
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Jan 30, 2026
Debian 14 Severity HIGH No Fix Added at: Jan 30, 2026
Echo Severity HIGH No Fix Added at: Jan 30, 2026
Homebrew Severity HIGH No Fix Added at: Mar 13, 2026
Nix Severity HIGH No Fix Added at: Mar 13, 2026
## Get a CVE risk as
Wiz
CVE-2025-15270 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-15270 [HIGH] CVE-2025-15270 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15270 :
NixOS vulnerability analysis and mitigation
FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SFD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated array. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28563.
Source : NVD
## 8.8
Score
Published December 31, 2025
Severity HIGH
CNA
Wiz
CVE-2026-33875 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33875 [MEDIUM] CVE-2026-33875 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33875 :
NixOS vulnerability analysis and mitigation
Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update Gematik Authenticator to version 4.16.0 or greater to receive a patch. There are no known workarounds.
Source : NVD
## 9.3
Score
Published March 27, 2026
Severity CRITICAL
CNA Score 9.3
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
Wiz
CVE-2026-1436 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2026-1436 [HIGH] CVE-2026-1436 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1436 :
NixOS vulnerability analysis and mitigation
Improper Access Control (IDOR) in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other user's profiles without proper authorization checks. Exploiting this vulnerability allows valid users of the system to be listed and sensitive third-party information to be accessed, such as names, email addresses, internal identifiers, and last activity. The endpoint 'http:// :12900/users/' does not implement object-level authorization validations.
Source : NVD
## 7.1
Score
Published February 18, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploit
Wiz
CVE-2026-3082 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-3082 [HIGH] CVE-2026-3082 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3082 :
NixOS vulnerability analysis and mitigation
GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the processing of Huffman tables. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28840.
Source : NVD
## 7.8
Score
Published March 16, 2026
Severity HIGH
CNA
Wiz
CVE-2026-2800 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2800 [CRITICAL] CVE-2026-2800 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2800 :
NixOS vulnerability analysis and mitigation
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 148 and Thunderbird < 148.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:mozilla:firefox
cpe:2.3:a:mozilla:thunderbird
Sources
Homebrew Severity CRITICAL Has Fix Added at: Mar 03, 2026
Nix Severity CRITICAL Has Fix Added at: Mar 03, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added at: Mar 02, 2026
Linux S
Wiz
CVE-2026-33219 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.9
CVE-2026-33219 [MEDIUM] CVE-2026-33219 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33219 :
NixOS vulnerability analysis and mitigation
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which can connect to the WebSockets port can cause unbounded memory use in the nats-server before authentication; this requires sending a corresponding amount of data. This is a milder variant of CVE-2026-27571. That earlier issue was a compression bomb, this vulnerability is not. Attacks against this new issue thus require significant client bandwidth. Versions 2.11.15 and 2.12.6 contain a fix. As a workaround, disable websockets if not required for project deployment.
Source : NVD
## 5.3
Score
Published March 25, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technol
Wiz
CVE-2025-40891 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.3
CVE-2025-40891 [LOW] CVE-2025-40891 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40891 :
NixOS vulnerability analysis and mitigation
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across two snapshots. Exploitation requires a victim to use the Time Machine Snapshot Diff feature on those specific snapshots and perform specific GUI actions, at which point the injected HTML renders in their browser, enabling phishing and open redirect attacks. Full XSS exploitation is prevented by input validation and Content Security Policy. Attack complexity is high due to multiple required conditions.
Source : NVD
## 2.3
Score
P
Wiz
CVE-2026-21877 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-21877 [CRITICAL] CVE-2026-21877 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21877 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted users, but upgrading to the latest version is recommended.
Source : NVD
## 9.9
Score
Published January 8, 2026
Severity CRITICAL
CNA Score 9.9
Affected Technologies
NixOS
n8n
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 94.3
Wiz
CVE-2026-30783 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-30783 [HIGH] CVE-2026-30783 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30783 :
NixOS vulnerability analysis and mitigation
A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config management modules) allows Privilege Abuse. This vulnerability is associated with program files src/rendezvous_mediator.Rs, src/hbbs_http/sync.Rs and program routines API sync loop, api-server config handling.
This issue affects RustDesk Client: through 1.4.5.
Source : NVD
## 8.8
Score
Published March 5, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 26.9
Exploitation Probability (EPSS) 0.1
Af
Wiz
CVE-2026-1376 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-1376 [HIGH] CVE-2026-1376 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1376 :
NixOS vulnerability analysis and mitigation
IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources.
Source : NVD
## 7.5
Score
Published March 17, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 24.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
i
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE I
Wiz
CVE-2026-26967 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2026-26967 [HIGH] CVE-2026-26967 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26967 :
NixOS vulnerability analysis and mitigation
PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and below, there is a critical Heap-based Buffer Overflow vulnerability in PJSIP's H.264 unpacketizer. The bug occurs when processing malformed SRTP packets, where the unpacketizer reads a 2-byte NAL unit size field without validating that both bytes are within the payload buffer bounds. The vulnerability affects applications that receive video using H.264. A patch is available at https://github.com/pjsip/pjproject/commit/f821c214e52b11bae11e4cd3c7f0864538fb5491 .
Source : NVD
## 8.1
Score
Published February 20, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
NixOS
Linux Ubuntu
Has Public Exploit No
Has CISA KE
Wiz
CVE-2026-32853 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32853 [MEDIUM] CVE-2026-32853 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32853 :
NixOS vulnerability analysis and mitigation
LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking in the HandleUltraZipBPP() function by manipulating subrectangle header counts to read beyond the allocated heap buffer.
Source : NVD
## 6.9
Score
Published March 24, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.1
Exploitation Probability (EPSS) N/A
Affected package
Wiz
CVE-2025-20800 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-20800 [HIGH] CVE-2025-20800 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20800 :
NixOS vulnerability analysis and mitigation
In mminfra, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10267349; Issue ID: MSV-5033.
Source : NVD
## 7.8
Score
Published January 6, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a
Wiz
CVE-2026-33985 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33985 [MEDIUM] CVE-2026-33985 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33985 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2.
Source : NVD
## 7.1
Score
Published March 30, 2026
Severity HIGH
CNA Score 5.9
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
freerdp
freerdp-devel
Sources
NVD
Alpine 3.23, edge Severity HIGH Has Fix Added at: Mar 29, 2026
Chainguard Has Fix Added at: Mar 31, 2026
Wiz
CVE-2026-25997 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-25997 [MEDIUM] CVE-2026-25997 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25997 :
NixOS vulnerability analysis and mitigation
xf_clipboard_format_equal
lastSentFormats
xf_clipboard_formats_free
xf_clipboard_changed
Source : NVD
## 5.5
Score
Published February 25, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 30.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
libwinpr
freerdp-libs-debuginfo
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23, edge Severity CRITICAL Has Fix Added at: Mar 02, 2026
Chainguard Has Fix Added at: Mar 02, 2026
Debian 11, 13 Severity CRITICAL No Fix Added at: Mar 02,
Wiz
CVE-2026-4685 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4685 [HIGH] CVE-2026-4685 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4685 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 7.5
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firefox-x11
cpe:2.3:a:mozilla:firefox_esr
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix
Wiz
CVE-2025-70309 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-70309 [MEDIUM] CVE-2025-70309 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-70309 :
NixOS vulnerability analysis and mitigation
A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted WAV file.
Source : NVD
## 5.5
Score
Published January 15, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gpac
Sources
NVD
Debian 11 Severity MEDIUM No Fix Added at: Jan 18, 2026
Homebrew Severity MEDIUM No Fix Added at: Jan 26, 2026
Nix Severity MEDIUM No Fix Added at: Jan 26, 2026
## Get a CVE risk assessment
Get a prioritized view
Wiz
CVE-2026-20417 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-20417 [MEDIUM] CVE-2026-20417 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20417 :
NixOS vulnerability analysis and mitigation
In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10314946 / ALPS10340155; Issue ID: MSV-5154.
Source : NVD
## 5.3
Score
Published February 2, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Feb 04, 2026
## Get a CVE risk as
Wiz
CVE-2026-33995 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33995 [MEDIUM] CVE-2026-33995 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33995 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() (WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c) can cause a crash in any FreeRDP clients on systems where Kerberos and/or Kerberos U2U is configured (Samba AD member, or krb5 for NFS). The crash is triggered during NLA connection teardown and requires a failed authentication attempt. This issue has been patched in version 3.24.2.
Source : NVD
## 5.3
Score
Published March 30, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CIS
Wiz
CVE-2026-1439 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-1439 [MEDIUM] CVE-2026-1439 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1439 :
NixOS vulnerability analysis and mitigation
Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the '/
alerts
/' endpoint.
Source : NVD
## 5.3
Score
Published February 18, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Has Public Exploit No
Has CISA K
Wiz
CVE-2026-30794 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2026-30794 [CRITICAL] CVE-2026-30794 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30794 :
NixOS vulnerability analysis and mitigation
Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (HTTP API client, TLS transport modules) allows Adversary in the Middle (AiTM). This vulnerability is associated with program files src/hbbs_http/http_client.Rs and program routines TLS retry with danger_accept_invalid_certs(true).
This issue affects RustDesk Client: through 1.4.5.
Source : NVD
## 9.1
Score
Published March 5, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.6
Exploitation Probability (EPSS) N/A
Wiz
CVE-2026-25635 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2026-25635 [HIGH] CVE-2026-25635 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25635 :
NixOS vulnerability analysis and mitigation
calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. This vulnerability is fixed in 9.2.0.
Source : NVD
## 8.6
Score
Published February 6, 2026
Severity HIGH
CNA Score 8.6
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 24
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:ca
Wiz
CVE-2026-27963 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-27963 [MEDIUM] CVE-2026-27963 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27963 :
NixOS vulnerability analysis and mitigation
Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.32.0 of the Audiobookshelf web application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification privileges can execute code in victim users' browsers, potentially leading to session hijacking and data exfiltration. Version 2.32.0 contains a patch for the issue.
Source : NVD
## 4.8
Score
Published February 26, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.
Wiz
CVE-2026-34240 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-34240 [MEDIUM] CVE-2026-34240 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-34240 :
NixOS vulnerability analysis and mitigation
JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header (jwk). The vulnerability exists because key selection could treat header-provided jwk as a verification candidate even when that key was not present in the trusted key store. Since JOSE headers are untrusted input, an attacker could exploit this by creating a token payload, embedding an attacker-controlled public key in the header, and signing with the matching private key. Applications using affected versions for token verification are impacted. This issue has been patched in version 0.3.5+
Wiz
CVE-2025-48653 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-48653 [HIGH] CVE-2025-48653 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48653 :
NixOS vulnerability analysis and mitigation
In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 7.8
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view
Wiz
CVE-2025-69218 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2025-69218 [HIGH] CVE-2025-69218 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69218 :
NixOS vulnerability analysis and mitigation
top_uploads
Source : NVD
## 7.1
Score
Published January 28, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discourse
Sources
Nix Severity MEDIUM Has Fix Added at: Feb 02, 2026
Linux Severity MEDIUM Has Fix Added at: Jan 29, 2026
Linux Severity MEDIUM Has Fix Added at: Feb 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vul
Wiz
CVE-2026-29089 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-29089 [HIGH] CVE-2026-29089 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-29089 :
NixOS vulnerability analysis and mitigation
TimescaleDB is a time-series database for high-performance real-time analytics packaged as a Postgres extension. From version 2.23.0 to 2.25.1, PostgreSQL uses the search_path setting to locate unqualified database objects (tables, functions, operators). If the search_path includes user-writable schemas a malicious user can create functions in that schema that shadow builtin postgres functions and will be called instead of the postgres functions leading to arbitrary code execution during extension upgrade. This issue has been patched in version 2.25.2.
Source : NVD
## 8.8
Score
Published March 6, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV R
Wiz
CVE-2026-4728 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-4728 [MEDIUM] CVE-2026-4728 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4728 :
NixOS vulnerability analysis and mitigation
Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
Source : NVD
## 6.5
Score
Published March 24, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mozilla:firefox
cpe:2.3:a:mozilla:thunderbird
Sources
Chainguard Has Fix Added at: Mar 29, 2026
Homebrew Severity MEDIUM Has Fix Added at: Mar 29, 2026
Nix Severity MEDIUM Has Fix Added at: Mar 29, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added a
Wiz
CVE-2026-33721 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33721 [MEDIUM] CVE-2026-33721 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33721 :
NixOS vulnerability analysis and mitigation
MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD (Styled Layer Descriptor) parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with more than 100 Threshold elements inside a ColorMap/Categorize structure (commonly reachable via WMS GetMap with SLD_BODY). Version 8.6.1 patches the issue.
Source : NVD
## 7.5
Score
Published March 27, 2026
Severity HIGH
CNA Score 5.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 43.4
Exploi
Wiz
CVE-2025-15337 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-15337 [MEDIUM] CVE-2025-15337 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15337 :
NixOS vulnerability analysis and mitigation
Tanium addressed an incorrect default permissions vulnerability in Patch.
Source : NVD
## 6.5
Score
Published February 5, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
patch
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Feb 11, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploi
Wiz
CVE-2026-32881 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32881 [MEDIUM] CVE-2026-32881 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32881 :
NixOS vulnerability analysis and mitigation
ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 through 3.0.4 are vulnerable to authentication bypass or spoofed proxy-trust headers. Chunked transfer encoding trailer handling merges declared trailer fields into req.headers after body parsing, but the denylist only blocks 9 header names. A malicious client can exploit this by declaring these headers in the Trailer field and appending them after the final chunk, causing request.set_header to overwrite legitimate values (e.g., those set by a reverse proxy). This enables attackers to forge authentication credentials, hijack sessions, bypass IP-based rate limiting, or spoof proxy-trust headers in any downstream middleware that reads headers after ewe.read_b
Wiz
CVE-2025-15331 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2025-15331 [MEDIUM] CVE-2025-15331 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15331 :
NixOS vulnerability analysis and mitigation
Tanium addressed an uncontrolled resource consumption vulnerability in Connect.
Source : NVD
## 4.3
Score
Published February 5, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
connect
Sources
NVD
Homebrew Severity MEDIUM Has Fix Added at: Feb 11, 2026
Nix Severity MEDIUM Has Fix Added at: Feb 11, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilitie
Wiz
CVE-2026-24846 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-24846 [MEDIUM] CVE-2026-24846 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24846 :
NixOS vulnerability analysis and mitigation
handleSymlink
Source : NVD
## 5
Score
Published January 29, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
github.com/chainguard-dev/malcontent
malcontent
Sources
NVD
GoLang Severity MEDIUM Has Fix Added at: Jan 30, 2026
Homebrew Severity MEDIUM Has Fix Added at: Mar 02, 2026
Nix Severity MEDIUM Has Fix Added at: Mar 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
##
Wiz
CVE-2026-0024 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.0
CVE-2026-0024 [MEDIUM] CVE-2026-0024 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0024 :
NixOS vulnerability analysis and mitigation
In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to reveal the location of media due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 4
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 4.0
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk asse
Wiz
CVE-2026-31971 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2026-31971 [HIGH] CVE-2026-31971 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31971 :
NixOS vulnerability analysis and mitigation
BYTE_ARRAY_LEN
cram_byte_array_len_decode()
Source : NVD
## 7.1
Score
Published March 18, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 32.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
htslib
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Mar 19, 2026
Echo Severity HIGH No Fix Added at: Mar 19, 2026
Homebrew Severity HIGH Has Fix Added at: Mar 20, 2026
Nix Severity HIGH Has Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on wha
Wiz
CVE-2025-62514 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.3
CVE-2025-62514 [HIGH] CVE-2025-62514 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-62514 :
NixOS vulnerability analysis and mitigation
libparsec_crypto
libparsec_crypto
Source : NVD
## 7.1
Score
Published January 29, 2026
Severity HIGH
CNA Score 8.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
parsec
Sources
NVD
Homebrew Severity HIGH Has Fix Added at: Mar 03, 2026
Nix Severity HIGH Has Fix Added at: Mar 03, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Compone
Wiz
CVE-2026-0880 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-0880 [HIGH] CVE-2026-0880 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0880 :
NixOS vulnerability analysis and mitigation
Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
Source : NVD
## 8.8
Score
Published January 13, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaFirefox-translations-other
cpe:2.3:a:mozilla:firefox
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Feb 11, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Jan 20, 2026
Wiz
CVE-2026-20977 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-20977 [MEDIUM] CVE-2026-20977 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20977 :
NixOS vulnerability analysis and mitigation
Improper access control in Emergency Sharing prior to SMR Feb-2026 Release 1 allows local attackers to interrupt its functioning.
Source : NVD
## 6.9
Score
Published February 4, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Feb 08, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Sever
Wiz
CVE-2026-0021 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2026-0021 [HIGH] CVE-2026-0021 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0021 :
NixOS vulnerability analysis and mitigation
In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible cross-user permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 8.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritize
Wiz
CVE-2026-20412 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-20412 [HIGH] CVE-2026-20412 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20412 :
NixOS vulnerability analysis and mitigation
In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5733.
Source : NVD
## 7.8
Score
Published February 2, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Feb 08, 2026
## Get a CVE risk assessment
Get
Wiz
CVE-2024-48077 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2024-48077 [HIGH] CVE-2024-48077 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2024-48077 :
NixOS vulnerability analysis and mitigation
NanoMQ v0.22.7 is vulnerable to Denial of Service (DoS) due to improper resource throttling. A crafted sequence of requests causes the recv-q queue to saturate, leading to the rapid exhaustion of system file descriptors (FDs). This exhaustion triggers a process crash, rendering the broker unable to provide services.
Source : NVD
## 7.5
Score
Published January 15, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
nanomq
Sources
NVD
Nix Severity HIGH No Fix Added at: Jan 26, 2026
## Get a C
Wiz
CVE-2026-24061 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-24061 [CRITICAL] CVE-2026-24061 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24061 :
NixOS vulnerability analysis and mitigation
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.
Source : NVD
## 9.8
Score
Published January 21, 2026
Severity CRITICAL
CNA Score 9.8
High-profile Vulnerability Yes
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit Yes
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 99.4
Exploitation Probability (EPSS) 87
Affected packages and libraries
cpe:2.3:a:gnu:inetutils
net-misc/inetutils
Sources
Debian 11, 12, 13, 14 Severity CRITICAL Has Fix Added at: Jan 22, 2026
Echo Severity CRITICAL Has Fix Added at: Jan 21, 2026
Gentoo Severity HIGH Has Fix Added at:
Wiz
CVE-2025-67734 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2025-67734 [MEDIUM] CVE-2025-67734 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67734 :
NixOS vulnerability analysis and mitigation
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company Website field of the Job Form, exposing users to an XSS attack. The script could then be executed in the browsers of users who opened the malicious job posting. This issue is fixed in version 2.42.0.
Source : NVD
## 5.1
Score
Published December 12, 2025
Severity MEDIUM
CNA Score 5.1
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.7
Exploitation Probability (EPSS) N/A
Affected packages and libra
Wiz
CVE-2025-67230 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2025-67230 [HIGH] CVE-2025-67230 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67230 :
NixOS vulnerability analysis and mitigation
Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation.
Source : NVD
## 7.1
Score
Published January 23, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
builder
Sources
NVD
Nix Severity HIGH Has Fix Added at: Jan 30, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not
Wiz
CVE-2026-3194 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.0
CVE-2026-3194 [LOW] CVE-2026-3194 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3194 :
NixOS vulnerability analysis and mitigation
A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function send_transaction/get_private_key of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication. The attack can only be executed locally. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been published and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".
Source : NVD
## 2
Score
Published February 25, 2026
Severity LOW
CNA Score 2.0
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CIS
Wiz
CVE-2026-25154 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.1
CVE-2026-25154 [MEDIUM] CVE-2026-25154 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25154 :
NixOS vulnerability analysis and mitigation
app/assets/web/main.js
handleFilesDisplay
Source : NVD
## 6.1
Score
Published January 30, 2026
Severity MEDIUM
CNA Score 6.1
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
localsend
Sources
NVD
Homebrew Severity MEDIUM No Fix Added at: Feb 20, 2026
Nix Severity MEDIUM No Fix Added at: Feb 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technolo
Wiz
CVE-2025-68659 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2025-68659 [MEDIUM] CVE-2025-68659 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68659 :
NixOS vulnerability analysis and mitigation
Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have an application level denial of service vulnerabilityin the username change functionality at try.discourse.org. The vulnerability allows attackers to cause noticeable server delays and resource exhaustion by sending large JSON payloads to the username preference endpoint PUT /u//preferences/username, resulting in degraded performance for other users and endpoints. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds are available.
Source : NVD
## 5.3
Score
Published January 28, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
NixOS
Discourse
Has Publ
Wiz
CVE-2026-28505 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-28505 [HIGH] CVE-2026-28505 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28505 :
NixOS vulnerability analysis and mitigation
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the str_eval() function in notification_handler.py implements a sandboxed eval() for notification text templates. The sandbox attempts to restrict callable names by inspecting code.co_names of the compiled code object. However, co_names only contains names from the outer code object. When a lambda expression is used, it creates a nested code object whose attribute accesses are stored in code.co_consts, NOT in code.co_names. The sandbox never inspects nested code objects. This issue has been patched in version 2.17.0.
Source : NVD
## 7.5
Score
Published March 30, 2026
Severity HIGH
CNA Score 7.5
Affected Technologi
Wiz
CVE-2025-68388 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68388 [MEDIUM] CVE-2025-68388 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68388 :
NixOS vulnerability analysis and mitigation
Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat.
Source : NVD
## 5.3
Score
Published December 18, 2025
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Chainguard
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 32.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
apm-server-fips-8.19
elastic-agent
Sources
NVD
Chainguard Has Fix Added at: Dec 22, 2025
GoLang Severity HIGH Has Fix Added
Wiz
CVE-2025-69261 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-69261 [MEDIUM] CVE-2025-69261 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69261 :
NixOS vulnerability analysis and mitigation
WasmEdge/include/runtime/instance/memory.h
checkAccessBound()
Source : NVD
## 5.5
Score
Published December 30, 2025
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
wasmedge-debuginfo
wasmedge-debugsource
Sources
NVD
Debian 13 Severity MEDIUM No Fix Added at: Dec 31, 2025
Debian 14 Severity HIGH Has Fix Added at: Dec 31, 2025
Echo Severity HIGH No Fix Added at: Dec 31, 2025
Homebrew Severity HIGH No Fix Added at: Mar 09, 2026
Nix Severity HIGH No Fix Added at: Mar 09, 2026
Wiz
CVE-2026-0881 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 10.0
CVE-2026-0881 [CRITICAL] CVE-2026-0881 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0881 :
NixOS vulnerability analysis and mitigation
Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147 and Thunderbird < 147.
Source : NVD
## 10
Score
Published January 13, 2026
Severity CRITICAL
CNA Score 10.0
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mozilla:firefox
cpe:2.3:a:mozilla:thunderbird
Sources
Homebrew Severity CRITICAL Has Fix Added at: Jan 23, 2026
Nix Severity CRITICAL Has Fix Added at: Jan 23, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added at: Jan 15, 2026
Linux Severity CRITICAL
Wiz
CVE-2026-1739 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-1739 [MEDIUM] CVE-2026-1739 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1739 :
NixOS vulnerability analysis and mitigation
A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is df535f5524314620715e842baf9723efbeb481a7. Applying a patch is the recommended action to fix this issue.
Source : NVD
## 5.5
Score
Published February 2, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.2
Expl
Wiz
CVE-2025-48654 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-48654 [HIGH] CVE-2025-48654 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48654 :
NixOS vulnerability analysis and mitigation
In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 7.8
Score
Published March 2, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs
Wiz
CVE-2026-1145 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-1145 [MEDIUM] CVE-2026-1145 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1145 :
NixOS vulnerability analysis and mitigation
A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 53aebe66170d545bb6265906fe4324e4477de8b4. It is suggested to install a patch to address this issue.
Source : NVD
## 5.3
Score
Published January 19, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 29.3
Exploitation Probability (EPSS) 0
Wiz
CVE-2025-66023 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2025-66023 [MEDIUM] CVE-2025-66023 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66023 :
NixOS vulnerability analysis and mitigation
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.5 have a Heap-Use-After-Free (UAF) vulnerability within the MQTT bridge client component (implemented via the underlying NanoNNG library). The vulnerability is triggered when NanoMQ acts as a bridge connecting to a remote MQTT broker. A malicious remote broker can trigger a crash (Denial of Service) or potential memory corruption by accepting the connection and immediately sending a malformed packet sequence. Version 0.34.5 contains a patch. The patch enforces stricter protocol adherence in the MQTT client SDK embedded in NanoMQ. Specifically, it ensures that CONNACK is always the first packet processed in the line. This prevents the
Wiz
CVE-2025-15412 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2025-15412 [MEDIUM] CVE-2025-15412 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15412 :
NixOS vulnerability analysis and mitigation
A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.
Source : NVD
## 4.8
Score
Published January 1, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N
Wiz
CVE-2026-3606 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-3606 [MEDIUM] CVE-2026-3606 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3606 :
NixOS vulnerability analysis and mitigation
A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segment of the file src/ettercap/utils/etterfilter/ef_output.c of the component etterfilter. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Source : NVD
## 4.8
Score
Published March 5, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6
Wiz
CVE-2025-14325 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.3
CVE-2025-14325 [HIGH] CVE-2025-14325 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14325 :
NixOS vulnerability analysis and mitigation
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
Source : NVD
## 7.3
Score
Published December 9, 2025
Severity HIGH
CNA Score 7.3
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 25.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
MozillaFirefox-translations-common
firefox-debugsource
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Dec 12, 2025
AlmaLinux 9 Severity HIGH Has Fix Added at: Dec 12, 2025
Debian 11, 12, 13, 14 Severity
Wiz
CVE-2026-27570 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-27570 [MEDIUM] CVE-2026-27570 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27570 :
NixOS vulnerability analysis and mitigation
ai_bot_public_sharing_allowed_groups
Source : NVD
## 5.1
Score
Published March 19, 2026
Severity MEDIUM
CNA Score 5.1
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discourse
Sources
Nix Severity MEDIUM No Fix Added at: Mar 26, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 20, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 26, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
Wiz
CVE-2026-2767 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2767 [CRITICAL] CVE-2026-2767 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2767 :
NixOS vulnerability analysis and mitigation
Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15
Exploitation Probability (EPSS) N/A
Affected packages and libraries
thunderbird
MozillaFirefox
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13, 14 Severity CRITICAL Has Fix Added at: Fe
Wiz
CVE-2026-2242 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-2242 [MEDIUM] CVE-2026-2242 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2242 :
NixOS vulnerability analysis and mitigation
A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetc_if of the file src/core/specials.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called c43e06672cd9dacf2122c99f362120a17c34b391. It is advisable to implement a patch to correct this issue.
Source : NVD
## 4.8
Score
Published February 9, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.1
Exploitation Probability (EPSS) N/A
Aff
Wiz
CVE-2026-2887 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-2887 [MEDIUM] CVE-2026-2887 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2887 :
NixOS vulnerability analysis and mitigation
A security vulnerability has been detected in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. Such manipulation leads to uncontrolled recursion. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. Upgrading to version 2026.1 will fix this issue. The name of the patch is 8ba49f98ccfc9734ef352146806433a41d9f9aa6. It is advisable to upgrade the affected component.
Source : NVD
## 4.8
Score
Published February 21, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Pro
Wiz
CVE-2026-31959 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-31959 [MEDIUM] CVE-2026-31959 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31959 :
NixOS vulnerability analysis and mitigation
Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery (SSRF) vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not possible under standard network conditions due to HTTPS with proper TLS certificate validation; however, environments with TLS-intercepting proxies (common in corporate networks), compromised certificate authorities, or other trust boundary violations are at risk. When retrieving submission logs, Quill fetches a URL provided in the API response without validating that the scheme is https or that
Wiz
CVE-2026-22245 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2026-22245 [HIGH] CVE-2026-22245 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22245 :
NixOS vulnerability analysis and mitigation
ALLOWED_PRIVATE_ADDRESSES
Source : NVD
## 7.1
Score
Published January 8, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
NixOS
Mastodon
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:joinmastodon:mastodon
mastodon
Sources
Nix Severity HIGH Has Fix Added at: Jan 19, 2026
Linux Severity HIGH Has Fix Added at: Jan 11, 2026
Linux Severity HIGH Has Fix Added at: Jan 19, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Ni
Wiz
CVE-2026-26977 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-26977 [MEDIUM] CVE-2026-26977 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26977 :
NixOS vulnerability analysis and mitigation
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release.
Source : NVD
## 6.9
Score
Published February 20, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
learning
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Feb 24, 2026
## Get a CVE risk assessment
Get a
Wiz
CVE-2026-4702 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4702 [HIGH] CVE-2026-4702 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4702 :
NixOS vulnerability analysis and mitigation
JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 9.8
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
rhel10::thunderbird-flatpak
rhel10::thunderbird-flatpak.src
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix Added at: Mar
Wiz
CVE-2026-33682 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33682 [MEDIUM] CVE-2026-33682 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33682 :
NixOS vulnerability analysis and mitigation
ComponentRequestHandler
os.path.realpath()
Path.resolve()
\\attacker-controlled-host\share
Source : NVD
## 4.8
Score
Published March 26, 2026
Severity MEDIUM
CNA Score 4.7
Affected Technologies
NixOS
Streamlit
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
streamlit
Sources
NVD
pip Severity MEDIUM Has Fix Added at: Mar 26, 2026
Nix Severity MEDIUM Has Fix Added at: Apr 05, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vul
Wiz
CVE-2026-4370 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-4370 [MEDIUM] CVE-2026-4370 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4370 :
NixOS vulnerability analysis and mitigation
A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client certificates when a new node attempts to join the cluster. An unauthenticated attacker with network reachability to the Juju controller's Dqlite port can exploit this flaw to join the database cluster. Once joined, the attacker gains full read and write access to the underlying database, allowing for total data compromise.
Source : NVD
## 10
Score
Published April 1, 2026
Severity CRITICAL
CNA Score 10.0
Affected Technologies
NixOS
Wiz
CVE-2025-20786 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2025-20786 [MEDIUM] CVE-2025-20786 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20786 :
NixOS vulnerability analysis and mitigation
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673.
Source : NVD
## 6.7
Score
Published January 6, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a priori
Wiz
CVE-2026-24678 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-24678 [HIGH] CVE-2026-24678 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24678 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecam_channel_write. This vulnerability is fixed in 3.22.0.
Source : NVD
## 8.7
Score
Published February 9, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
freerdp-debugsource
freerdp-server-debuginfo
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.
Wiz
CVE-2025-65791 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-65791 [CRITICAL] CVE-2025-65791 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-65791 :
NixOS vulnerability analysis and mitigation
ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec() function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php.
Source : NVD
## 9.8
Score
Published February 18, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 50
Exploitation Probability (EPSS) 0.3
Affected packages and libraries
zoneminder
Sources
NVD
Debian 11, 12, 13, 14 Severity LOW No Fix Added at: Feb 19, 2026
Echo Severity CRITICAL
Wiz
CVE-2023-53944 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2023-53944 [HIGH] CVE-2023-53944 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-53944 :
NixOS vulnerability analysis and mitigation
EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read system files such as /windows/win.ini.
Source : NVD
## 7.1
Score
Published December 18, 2025
Severity HIGH
CNA Score 7.1
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 46.1
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
webserver
Sources
NVD
Nix Severity MEDIUM No Fix Added at: D
Wiz
CVE-2026-4179 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-4179 [MEDIUM] CVE-2026-4179 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4179 :
NixOS vulnerability analysis and mitigation
Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c) can lead to an infinite while loop.
Source : NVD
## 6.1
Score
Published March 16, 2026
Severity MEDIUM
CNA Score 6.1
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
zephyr
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Apr 05, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
C
Wiz
CVE-2026-20409 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-20409 [HIGH] CVE-2026-20409 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20409 :
NixOS vulnerability analysis and mitigation
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363246; Issue ID: MSV-5779.
Source : NVD
## 7.8
Score
Published February 2, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Feb 08, 2026
## Get a CVE risk assessment
Get a
Wiz
CVE-2026-30852 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-30852 [MEDIUM] CVE-2026-30852 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30852 :
NixOS vulnerability analysis and mitigation
Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the vars_regexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When vars_regexp matches against a placeholder like {http.request.header.X-Input}, the header value gets resolved once (expected), then passed through repl.ReplaceAll() again (the bug). This means an attacker can put {env.DATABASE_URL} or {file./etc/passwd} in a request header and the server will evaluate it, leaking environment variables, file contents, and system info. This issue has been patched in version 2.11.2.
Source : NVD
## 5.5
Score
Published March 7, 2026
Severity MEDIUM
CNA Score 5.5
Affected T
Wiz
CVE-2025-20805 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2025-20805 [MEDIUM] CVE-2025-20805 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20805 :
NixOS vulnerability analysis and mitigation
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114696; Issue ID: MSV-4480.
Source : NVD
## 6.7
Score
Published January 6, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a prioritize
Wiz
CVE-2026-0967 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-0967 [MEDIUM] CVE-2026-0967 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0967 :
NixOS vulnerability analysis and mitigation
match_pattern()
Source : NVD
## 5.5
Score
Published March 26, 2026
Severity MEDIUM
CNA Score 2.2
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 24.1
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
libssh-config
libssh-debuginfo
Sources
NVD
Chainguard No Fix Added at: Apr 02, 2026
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Feb 12, 2026
Debian 14 Severity MEDIUM Has Fix Added at: Feb 12, 2026
Echo Severity MEDIUM No Fix Added at: Feb 12, 2026
Homebrew Severity MEDIUM No Fix Added at: Apr 05, 2026
MinimOS Severity MEDIUM Has Fix Added at: Apr 05, 2026
Wiz
CVE-2026-31806 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-31806 [CRITICAL] CVE-2026-31806 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31806 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdi_surface_bits() function processes SURFACE_BITS_COMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server are not properly validated against the actual desktop dimensions. A malicious RDP server can supply crafted bmp.width and bmp.height values that exceed the expected surface size. Because these values are used during bitmap decoding and memory operations without proper bounds checking, this can lead to a heap buffer overflow. Since the attacker can also control the associated pixel data transmitted by the server, the overflow may be exploitable to ove
Wiz
CVE-2026-4710 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4710 [HIGH] CVE-2026-4710 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4710 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 9.8
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
rhel10::firefox-flatpak
rhel10::thunderbird-flatpak
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix Added at: Mar 29,
Wiz
CVE-2025-28164 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-28164 [MEDIUM] CVE-2025-28164 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-28164 :
NixOS vulnerability analysis and mitigation
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.
Source : NVD
## 5.5
Score
Published January 27, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
OpenJDK JDK
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libpng16-devel-32bit
seal-libpng1.6
Sources
NVD
Alpine 3.17, 3.18, 3.19 Severity MEDIUM No Fix Added at: Feb 08, 2026
Chainguard No Fix Added at: Feb 08, 2026
Debian 11, 12 Severity LOW No Fix Added at: Jan 28, 2026
Debian 13, 14
Wiz
CVE-2026-33222 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33222 [MEDIUM] CVE-2026-33222 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33222 :
NixOS vulnerability analysis and mitigation
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore one stream could restore to other stream names, impacting data which should have been protected against them. Versions 2.11.15 and 2.12.6 contain a fix. As a workaround, if developers have configured users to have limited JetStream restore permissions, temporarily remove those permissions.
Source : NVD
## 4.9
Score
Published March 25, 2026
Severity MEDIUM
CNA Score 4.9
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile
Wiz
CVE-2026-24683 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-24683 [HIGH] CVE-2026-24683 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24683 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior to 3.22.0, This vulnerability is fixed in 3.22.0.
Source : NVD
## 8.7
Score
Published February 9, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Alma Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libfreerdp-server-proxy3-3
libuwac0-0
Sources
NVD
AlmaL
Wiz
CVE-2026-2771 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2771 [CRITICAL] CVE-2026-2771 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2771 :
NixOS vulnerability analysis and mitigation
Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
MozillaFirefox-devel
MozillaThunderbird-translations-other
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian
Wiz
CVE-2025-28162 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-28162 [MEDIUM] CVE-2025-28162 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-28162 :
NixOS vulnerability analysis and mitigation
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive
Source : NVD
## 5.5
Score
Published January 27, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
OpenJDK JDK
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libpng-debuginfo
libpng
Sources
NVD
Alpine 3.17, 3.18, 3.19 Severity MEDIUM No Fix Added a
Wiz
CVE-2026-33223 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33223 [MEDIUM] CVE-2026-33223 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33223 :
NixOS vulnerability analysis and mitigation
Nats-Request-Info:
Source : NVD
## 5.4
Score
Published March 25, 2026
Severity MEDIUM
CNA Score 6.4
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
rke2-runtime-1.33
k3s
Sources
NVD
Chainguard Has Fix Added at: Mar 26, 2026
Debian 12, 13 Severity MEDIUM No Fix Added at: Mar 29, 2026
Debian 14 Severity MEDIUM Has Fix Added at: Mar 29, 2026
Echo Severity MEDIUM No Fix Added at: Mar 29, 2026
GoLang Severity MEDIUM Has Fix Added at: Mar 25, 2026
Homebrew Severity MEDIUM Has Fix Added at: Mar 29, 2026
MinimOS
Wiz
CVE-2025-48609 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2025-48609 [CRITICAL] CVE-2025-48609 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48609 :
NixOS vulnerability analysis and mitigation
In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 9.1
Score
Published March 2, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity CRITICAL No Fix Added at: Mar 04, 2026
#
Wiz
CVE-2026-31836 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2026-31836 [HIGH] CVE-2026-31836 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31836 :
NixOS vulnerability analysis and mitigation
Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. In versions from 3.5.1 and prior, a mass assignment vulnerability in Checkmate's user profile update endpoint allows any authenticated user to escalate their privileges to superadmin, bypassing all role-based access controls. An attacker can modify their user role to gain complete administrative access to the application, including the ability to view all users, modify critical configurations, and access sensitive system data. At time of publication, there are no publicly available patches.
Source : NVD
## 8.1
Score
Published March 20, 2026
Sever
Wiz
CVE-2026-25161 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-25161 [HIGH] CVE-2026-25161 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25161 :
NixOS vulnerability analysis and mitigation
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal sequences into filename components, enabling unauthorised file removal, movement and copying across user boundaries within the same storage mount. This issue has been patched in version 3.57.0.
Source : NVD
## 8.8
Score
Published February 4, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability
Wiz
CVE-2020-36993 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2020-36993 [MEDIUM] CVE-2020-36993 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2020-36993 :
NixOS vulnerability analysis and mitigation
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenu[title] and Surveymenu[parent_id] parameters to execute arbitrary JavaScript in administrative contexts.
Source : NVD
## 5.1
Score
Published January 28, 2026
Severity MEDIUM
CNA Score 5.1
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
limesurvey
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Feb 02, 2026
## Get a CVE r
Wiz
CVE-2026-3351 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-3351 [MEDIUM] CVE-2026-3351 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3351 :
NixOS vulnerability analysis and mitigation
Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server.
Source : NVD
## 2.1
Score
Published March 3, 2026
Severity LOW
CNA Score 2.1
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
lxd
github.com/canonical/lxd
Sources
NVD
GoLang Severity MEDIUM Has Fix Added at: Mar 05, 2026
Nix Severity MEDIUM No Fix Added at: Mar 13, 2026
## Get a CVE risk assessment
Get a prioritize
Wiz
CVE-2025-14930 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-14930 [HIGH] CVE-2025-14930 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14930 :
NixOS vulnerability analysis and mitigation
Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of weights. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28309.
Source : NVD
## 7.8
Score
Published December 23, 2025
Severity
Wiz
CVE-2026-33749 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33749 [MEDIUM] CVE-2026-33749 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33749 :
NixOS vulnerability analysis and mitigation
/rest/binary-data
Content-Disposition
Content-Security-Policy
Source : NVD
## 6.3
Score
Published March 25, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
NixOS
n8n
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
n8n
Sources
NVD
npm Severity MEDIUM Has Fix Added at: Mar 29, 2026
Nix Severity CRITICAL Has Fix Added at: Mar 29, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Wiz
CVE-2026-27624 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.2
CVE-2026-27624 [HIGH] CVE-2026-27624 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27624 :
NixOS vulnerability analysis and mitigation
Coturn is a free open source implementation of TURN and STUN Server. Coturn is commonly configured to block loopback and internal ranges using "denied-peer-ip" and/or default loopback restrictions. CVE-2020-26262 addressed bypasses involving "0.0.0.0", "[::1]" and "[::]", but IPv4-mapped IPv6 is not covered. When sending a "CreatePermission" or "ChannelBind" request with the "XOR-PEER-ADDRESS" value of "::ffff:127.0.0.1", a successful response is received, even though "127.0.0.0/8" is blocked via "denied-peer-ip". The root cause is that, prior to the updated fix implemented in version 4.9.0, three functions in "src/client/ns_turn_ioaddr.c" do not check "IN6_IS_ADDR_V4MAPPED". "ioa_addr_is_loopback()" checks "127.x.x.x" (AF_I
Wiz
CVE-2026-30797 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-30797 [CRITICAL] CVE-2026-30797 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30797 :
NixOS vulnerability analysis and mitigation
Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, config import modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files flutter/lib/common.Dart and program routines importConfig() via URI handler.
This issue affects RustDesk Client: through 1.4.5.
Source : NVD
## 9.3
Score
Published March 5, 2026
Severity CRITICAL
CNA Score 9.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.8
Exploitation Probability (EPS
Wiz
CVE-2026-21888 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-21888 [HIGH] CVE-2026-21888 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21888 :
NixOS vulnerability analysis and mitigation
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer() accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier.
Source : NVD
## 7.5
Score
Published March 11, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
nanomq
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 19, 2026
## Get a CVE risk assessment
Get a prioritized
Wiz
CVE-2026-2184 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-2184 [MEDIUM] CVE-2026-2184 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2184 :
NixOS vulnerability analysis and mitigation
A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be executed remotely. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The code repository of the project has not been active for many years.
Source : NVD
## 6.9
Score
Published February 8, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV D
Wiz
CVE-2025-14022 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2025-14022 [HIGH] CVE-2025-14022 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14022 :
NixOS vulnerability analysis and mitigation
LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS certificate validation in an integrated financial SDK. The SDK interfered with the application's network processing, causing server certificate verification to be disabled for a significant portion of network traffic, which could allow a network-adjacent attacker to intercept or modify encrypted communications.
Source : NVD
## 6.8
Score
Published December 15, 2025
Severity MEDIUM
CNA Score 7.7
Affected Technologies
NixOS
Line
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6
Exploitation Probability (EPSS) N/A
Affected packages an
Wiz
CVE-2026-2644 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-2644 [MEDIUM] CVE-2026-2644 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2644 :
NixOS vulnerability analysis and mitigation
A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. This manipulation of the argument variable index with the input 2147483648 causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Source : NVD
## 4.8
Score
Published February 18, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
E
Wiz
CVE-2025-20796 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-20796 [HIGH] CVE-2025-20796 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20796 :
NixOS vulnerability analysis and mitigation
In imgsys, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10314745; Issue ID: MSV-5553.
Source : NVD
## 7.8
Score
Published January 6, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a prio
Wiz
CVE-2026-22184 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.6
CVE-2026-22184 [MEDIUM] CVE-2026-22184 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22184 :
NixOS vulnerability analysis and mitigation
zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.
Source : NVD
## 4.6
Score
Published January 7, 2026
Severity MEDIUM
CNA Score 4.6
Affected Technologies
NixOS
rsync
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.2
Exploitation Probabil
Wiz
CVE-2026-32828 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.0
CVE-2026-32828 [LOW] CVE-2026-32828 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32828 :
NixOS vulnerability analysis and mitigation
Kargo manages and automates the promotion of software artifacts. In versions 1.4.0 through 1.6.3, 1.7.0-rc.1 through 1.7.8, 1.8.0-rc.1 through 1.8.11, and 1.9.0-rc.1 through 1.9.4, the http and http-download promotion steps allow Server-Side Request Forgery (SSRF) against link-local addresses, most critically the cloud instance metadata endpoint (169.254.169.254), enabling exfiltration of sensitive data such as IAM credentials. These steps provide full control over request headers and methods, rendering cloud provider header-based SSRF mitigations ineffective. An authenticated attacker with permissions to create/update Stages or craft Promotion resources can exploit this by submitting a malicious Promotion manifest, with res
Wiz
CVE-2026-30942 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.3
CVE-2026-30942 [HIGH] CVE-2026-30942 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30942 :
NixOS vulnerability analysis and mitigation
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/[filename] allows any logged-in user to read arbitrary files from within the application container. The filename URL parameter is passed to path.join() without sanitization, and getFileStream() performs no path validation, enabling %2F-encoded ../ sequences to escape the uploads/avatars/ directory and read any file accessible to the nextjs process under /app/. Authentication is enforced by Next.js middleware. However, on instances with open registration enabled (the default), any attacker can self-register and immediately exploit this. This vulnerab
Wiz
CVE-2025-68666 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.9
CVE-2025-68666 [MEDIUM] CVE-2025-68666 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68666 :
NixOS vulnerability analysis and mitigation
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, users archives are viewable by users with moderation privileges even though moderators should not have access to the archives. Private topic/post content made by the users are leaked through the archives leading to a breach of confidentiality. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. To work around this problem, a site admin can temporarily revoke the moderation role from all moderators until the Discourse instance has been upgraded to a version that has been patched.
Source : NVD
## 5.9
Score
Published January 28, 2026
Severity MEDIUM
CNA Score 5.9
Affected Technologie
Wiz
CVE-2025-14023 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.1
CVE-2025-14023 [LOW] CVE-2025-14023 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14023 :
NixOS vulnerability analysis and mitigation
LINE client for iOS prior to 15.19 allows UI spoofing due to inconsistencies between the navigation state and the in-app browser's user interface, which could create confusion about the trust context of displayed pages or interactive elements under specific conditions.
Source : NVD
## 4.3
Score
Published December 15, 2025
Severity MEDIUM
CNA Score 3.1
Affected Technologies
NixOS
Line
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
line
cpe:2.3:a:linecorp:line
Sources
Nix Severity MEDIUM Has Fix Added at: Dec 21, 2025
Windows Severity MEDIUM Has
Wiz
CVE-2026-27589 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-27589 [MEDIUM] CVE-2026-27589 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27589 :
NixOS vulnerability analysis and mitigation
127.0.0.1:2019
POST /load
enforce_origin
Source : NVD
## 6.9
Score
Published February 24, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
github.com/caddyserver/caddy/v2
caddy
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23, edge Severity MEDIUM Has Fix Added at: Mar 02, 2026
Chainguard Has Fix Added at: Feb 24, 2026
Debian 12, 13 Severity MEDIUM No Fix Added at: Feb 24, 2026
Echo Severity MEDIUM No Fix Added at: Feb
Wiz
CVE-2026-29110 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.2
CVE-2026-29110 [LOW] CVE-2026-29110 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-29110 :
NixOS vulnerability analysis and mitigation
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.0, in non-debug mode Cryptomator might leak cleartext paths into the log file. This can reveal meta information about the files stored inside a vault at a time, where the actual vault is closed. Not every cleartext path is logged. Only if a filesystem request fails for some reason (e.g. damaged encrypted file, not existing file), a log message is created. This issue has been patched in version 1.19.0.
Source : NVD
## 5.3
Score
Published March 6, 2026
Severity MEDIUM
CNA Score 2.2
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Pro
Wiz
CVE-2026-20968 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2026-20968 [MEDIUM] CVE-2026-20968 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20968 :
NixOS vulnerability analysis and mitigation
Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code.
Source : NVD
## 6.7
Score
Published January 9, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Jan 19, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Wiz
CVE-2025-48646 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-48646 [HIGH] CVE-2025-48646 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48646 :
NixOS vulnerability analysis and mitigation
In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Source : NVD
## 7.8
Score
Published March 2, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so yo
Wiz
CVE-2026-27965 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2026-27965 [HIGH] CVE-2026-27965 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27965 :
NixOS vulnerability analysis and mitigation
--external-decompressor
vttablet
vtbackup
cat
tee
--external-decompressor
vttablet
vtbackup
Source : NVD
## 8.4
Score
Published February 26, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
CBL Mariner
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
vitess
vitess.io/vitess
Sources
NVD
CBL-Mariner 2.0 Severity HIGH Has Fix Added at: Mar 13, 2026
CBL-Mariner 3.0 Severity HIGH Has Fix Added at: Mar 04, 2026
GoLang Severity HIGH No Fix Added at: Mar 02, 2026
Homebrew Severity CRITICAL Has Fix Added at: Mar 03, 2026
Nix Severit
Wiz
CVE-2026-29196 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-29196 [HIGH] CVE-2026-29196 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-29196 :
NixOS vulnerability analysis and mitigation
Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/{network} or GET /api/nodes/{network}. While the Netmaker UI restricts visibility, the API endpoints return full records, including private keys, without filtering based on the requesting user's ownership. This issue has been patched in version 1.5.0.
Source : NVD
## 8.7
Score
Published March 7, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.3
Exploitatio
Wiz
CVE-2026-22214 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2026-22214 [MEDIUM] CVE-2026-22214 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22214 :
NixOS vulnerability analysis and mitigation
RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the _handle_char() function, where incoming frame bytes are appended to a fixed-size stack buffer without verifying that the current write index remains within bounds. An attacker capable of sending crafted serial or TCP-framed input can cause the current write index to exceed the buffer size, resulting in a write past the end of the stack buffer. This condition leads to memory corruption and application crash.
Source : NVD
## 6.8
Score
Published January 12, 2026
Severity MEDIUM
CNA Score 6
Wiz
CVE-2026-3193 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.3
CVE-2026-3193 [LOW] CVE-2026-3193 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3193 :
NixOS vulnerability analysis and mitigation
A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file /send_transaction. The manipulation results in cross-site request forgery. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit is now public and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".
Source : NVD
## 2.3
Score
Published February 25, 2026
Severity LOW
CNA Score 2.3
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Wiz
CVE-2026-28372 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.4
CVE-2026-28372 [HIGH] CVE-2026-28372 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28372 :
NixOS vulnerability analysis and mitigation
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.
Source : NVD
## 7.8
Score
Published February 27, 2026
Severity HIGH
CNA Score 7.4
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
inetutils
cpe:2.3:a:gnu:i
Wiz
CVE-2025-14425 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-14425 [HIGH] CVE-2025-14425 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14425 :
NixOS vulnerability analysis and mitigation
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28248.
Source : NVD
## 7.8
Score
Published December 23, 2025
Severity HIGH
CNA Score 7.8
Affected Te
Wiz
CVE-2025-65319 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2025-65319 [CRITICAL] CVE-2025-65319 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-65319 :
NixOS vulnerability analysis and mitigation
When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software.
Source : NVD
## 9.1
Score
Published December 16, 2025
Severity CRITICAL
CNA Score 9.1
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 29.1
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
bluemail
Sources
NVD
Nix Severity CRITICAL No Fix Added at: Dec 31, 2025
## Get a CVE risk assessment
Get a prioritized
Wiz
CVE-2026-21788 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2026-21788 [MEDIUM] CVE-2026-21788 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21788 :
NixOS vulnerability analysis and mitigation
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may allow the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.
Source : NVD
## 5.4
Score
Published March 19, 2026
Severity MEDIUM
CNA Score 5.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12
Exploitation Probability (EPSS) N/A
Affected packages and libraries
connections
Sources
NVD
Nix Severity MEDIU
Wiz
CVE-2025-61615 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-61615 [HIGH] CVE-2025-61615 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61615 :
NixOS vulnerability analysis and mitigation
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Source : NVD
## 7.5
Score
Published March 9, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 10, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Ni
Wiz
CVE-2026-27015 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.0
CVE-2026-27015 [MEDIUM] CVE-2026-27015 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27015 :
NixOS vulnerability analysis and mitigation
smartcard_unpack_read_size_align()
libfreerdp/utils/smartcard_pack.c:1703
WINPR_ASSERT
abort()
WITH_VERBOSE_WINPR_ASSERT=ON
xfreerdp /smartcard
/smartcard-logon
/smartcard
Source : NVD
## 5
Score
Published February 25, 2026
Severity MEDIUM
CNA Score 5.0
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
freerdp
freerdp-libs
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22 Severity MEDIUM No Fix Added at: Mar 02, 2026
Chainguard Has Fix Added at: Mar 02, 2026
Wiz
CVE-2025-14430 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-14430 [CRITICAL] CVE-2025-14430 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14430 :
NixOS vulnerability analysis and mitigation
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through <= 2.9.0.
Source : NVD
## 9.8
Score
Published January 8, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
WordPress
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 38.5
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
brook
Sources
NVD
Homebrew Severity CRITICAL No Fix Added at: Jan 28, 2026
Nix Severity CRITICAL No Fix Added at: Jan 28, 2026
## Get a CVE risk asse
Wiz
CVE-2026-22791 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.6
CVE-2026-22791 [MEDIUM] CVE-2026-22791 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22791 :
NixOS vulnerability analysis and mitigation
openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key and invoking C_WrapKey. This can lead to heap corruption, or denial-of-service.
Source : NVD
## 6.1
Score
Published January 13, 2026
Severity MEDIUM
CNA Score 6.6
Affected Technologies
NixOS
Linux Ubuntu
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
Wiz
CVE-2025-59946 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-59946 [HIGH] CVE-2025-59946 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-59946 :
NixOS vulnerability analysis and mitigation
NanoMQ MQTT Broker (NanoMQ) is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could result in heap use after free crash. This issue has been patched in version 0.24.2.
Source : NVD
## 7.5
Score
Published December 27, 2025
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
nanomq
Sources
NVD
Nix Severity HIGH Has Fix Added at: Feb 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you
Wiz
CVE-2025-68148 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2025-68148 [MEDIUM] CVE-2025-68148 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68148 :
NixOS vulnerability analysis and mitigation
FreshRSS is a free, self-hostable RSS aggregator. From version 1.27.0 to before 1.28.0, An attacker could globally deny access to feeds via proxy modifying to 429 Retry-After for a large list of feeds on given instance, making it unusable for majority of users. This issue has been patched in version 1.28.0.
Source : NVD
## 7.5
Score
Published December 27, 2025
Severity HIGH
CNA Score 4.3
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
freshrss
Sources
NVD
Nix Severity HIGH Has Fix Added at: Jan 01, 2026
## Get a CVE
Wiz
CVE-2026-24684 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-24684 [HIGH] CVE-2026-24684 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24684 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. This vulnerability is fixed in 3.22.0.
Source : NVD
## 8.7
Score
Published February 9, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Alma Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libuwac0-0
freerdp-server-debuginfo
Sources
NVD
AlmaLinux 9 Severity HIGH Has Fix Added at: Apr 0
Wiz
CVE-2025-34451 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2025-34451 [MEDIUM] CVE-2025-34451 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-34451 :
NixOS vulnerability analysis and mitigation
rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password fields, the application may write beyond the bounds of fixed-size stack buffers, leading to memory corruption or crashes. This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations.
Source : NVD
## 6.9
Score
Published December 18, 2025
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Homeb
Wiz
CVE-2025-14087 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.6
CVE-2025-14087 [MEDIUM] CVE-2025-14087 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14087 :
NixOS vulnerability analysis and mitigation
A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.
Source : NVD
## 9.8
Score
Published December 10, 2025
Severity CRITICAL
CNA Score 5.6
Affected Technologies
NixOS
Alma Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 46
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
glib2-doc
rpm-ostree
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.
Wiz
CVE-2025-48642 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-48642 [MEDIUM] CVE-2025-48642 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48642 :
NixOS vulnerability analysis and mitigation
In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 5.5
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in you
Wiz
CVE-2026-22854 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2026-22854 [MEDIUM] CVE-2026-22854 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22854 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory. This vulnerability is fixed in 3.20.1.
Source : NVD
## 6.8
Score
Published January 14, 2026
Severity MEDIUM
CNA Score 6.8
Affected Technologies
NixOS
Alma Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 24.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
freerdp-sdl
libfreerdp3-3
Sources
NVD
Wiz
CVE-2025-48630 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.4
CVE-2025-48630 [HIGH] CVE-2025-48630 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48630 :
NixOS vulnerability analysis and mitigation
In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 7.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 7.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a priori
Wiz
CVE-2026-22784 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.3
CVE-2026-22784 [LOW] CVE-2026-22784 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22784 :
NixOS vulnerability analysis and mitigation
Lychee is a free, open-source photo-management tool. Prior to 7.1.0, an authorization vulnerability exists in Lychee's album password unlock functionality that allows users to gain possibly unauthorized access to other users' password-protected albums. When a user unlocks a password-protected public album, the system automatically unlocks ALL other public albums that share the same password, resulting in a complete authorization bypass. This vulnerability is fixed in 7.1.0.
Source : NVD
## 2.3
Score
Published January 12, 2026
Severity LOW
CNA Score 2.3
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Perce
Wiz
CVE-2025-12495 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-12495 [HIGH] CVE-2025-12495 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-12495 :
NixOS vulnerability analysis and mitigation
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of EXR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27946.
Source : NVD
## 7.8
Score
Publishe
Wiz
CVE-2026-2966 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
CVE-2026-2966 [MEDIUM] CVE-2026-2966 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2966 :
NixOS vulnerability analysis and mitigation
A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched remotely. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Source : NVD
## 6.3
Score
Published February 23, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KE
Wiz
CVE-2026-2764 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2764 [CRITICAL] CVE-2026-2764 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2764 :
NixOS vulnerability analysis and mitigation
JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
thunderbird-flatpak
MozillaThunderbird
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian
Wiz
CVE-2026-2757 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2757 [CRITICAL] CVE-2026-2757 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2757 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
MozillaThunderbird-openpgp-librnp
cpe:2.3:a:mozilla:thunderbird
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Ma
Wiz
CVE-2026-27967 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2026-27967 [HIGH] CVE-2026-27967 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27967 :
NixOS vulnerability analysis and mitigation
read_file
edit_file
file_scan_exclusions
private_files
Source : NVD
## 7.1
Score
Published February 26, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
zed
Sources
NVD
Chainguard Has Fix Added at: Mar 02, 2026
Homebrew Severity HIGH Has Fix Added at: Mar 09, 2026
Nix Severity HIGH Has Fix Added at: Mar 09, 2026
Wolfi Has Fix Added at: Mar 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just
Wiz
CVE-2026-4686 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4686 [HIGH] CVE-2026-4686 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4686 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 7.5
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaFirefox
MozillaFirefox-devel
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix Added
Wiz
CVE-2025-59949 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-59949 [MEDIUM] CVE-2025-59949 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-59949 :
NixOS vulnerability analysis and mitigation
FreshRSS is a free, self-hostable RSS aggregator. Versions prior to 1.27.1 have a logout cross-site request forgery vulnerability that can lead to denial of service via . Version 1.27.1 patches the issue.
Source : NVD
## 6.5
Score
Published December 18, 2025
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
freshrss
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Dec 31, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitab
Wiz
CVE-2026-22708 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.2
CVE-2026-22708 [HIGH] CVE-2026-22708 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22708 :
NixOS vulnerability analysis and mitigation
Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval.
This allows an attacker via indirect or direct prompt injection to poison the shell environment by setting, modifying, or removing environment variables that influence trusted commands. This vulnerability is fixed in 2.3.
Source : NVD
## 7.2
Score
Published January 14, 2026
Severity HIGH
CNA Score 7.2
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probab
Wiz
CVE-2026-32310 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32310 [MEDIUM] CVE-2026-32310 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32310 :
NixOS vulnerability analysis and mitigation
Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart() directly against the vault path and immediately calls Files.exists(...). This allows a malicious vault config to supply parent-directory escapes, absolute local paths, or UNC paths (e.g., masterkeyfile://attacker/share/masterkey.cryptomator). On Windows, the UNC variant is especially dangerous because Path.resolve("//attacker/share/...") becomes \attacker\share..., so the existence check can trigger outbound SMB access before the
Wiz
CVE-2025-48650 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2025-48650 [HIGH] CVE-2025-48650 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48650 :
NixOS vulnerability analysis and mitigation
In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 8.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus o
Wiz
CVE-2026-27166 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.1
CVE-2026-27166 [MEDIUM] CVE-2026-27166 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27166 :
NixOS vulnerability analysis and mitigation
Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2. To workaround this issue, remove Codepen from the list of allowed iframes.
Source : NVD
## 5.4
Score
Published March 19, 2026
Severity MEDIUM
CNA Score 4.1
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.6
Exploitation Probability (EPSS) N/A
Affected packag
Wiz
CVE-2026-32854 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32854 [MEDIUM] CVE-2026-32854 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32854 :
NixOS vulnerability analysis and mitigation
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled.
Source : NVD
## 6.3
Score
Published March 24, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation P
Wiz
CVE-2025-68118 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.6
CVE-2025-68118 [MEDIUM] CVE-2025-68118 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68118 :
NixOS vulnerability analysis and mitigation
freerdp_certificate_data_hash_ uses
_snprintf
_snprintf
Source : NVD
## 6.6
Score
Published December 17, 2025
Severity MEDIUM
CNA Score 6.6
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
freerdp
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, edge Severity CRITICAL No Fix Added at: Jan 03, 2026
Alpine 3.22, 3.23 Severity CRITICAL No Fix Added at: Jan 28, 2026
Chainguard Has Fix Added at: Dec 21, 2025
Homebrew Severity CRITICAL Has Fix Added at: Jan 04, 2026
Nix
Wiz
CVE-2026-24883 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.7
CVE-2026-24883 [LOW] CVE-2026-24883 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24883 :
NixOS vulnerability analysis and mitigation
In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).
Source : NVD
## 5.5
Score
Published January 27, 2026
Severity MEDIUM
CNA Score 3.7
Affected Technologies
NixOS
GNU Privacy Guard
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gpg2-lang
gnupg
Sources
Chainguard Has Fix Added at: Jan 28, 2026
Debian 11, 12, 13, 14 Severity LOW No Fix Added at: Jan 28, 2026
Echo Severity MEDIUM Has Fix Added at: Jan 28, 2026
Ho
Wiz
CVE-2026-32695 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32695 [MEDIUM] CVE-2026-32695 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32695 :
NixOS vulnerability analysis and mitigation
rules[].hosts[]
tenant.example.com
attacker.com
headers[].exact
Source : NVD
## 6.3
Score
Published March 27, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
traefik
traefik-3
Sources
NVD
Chainguard Has Fix Added at: Mar 29, 2026
GoLang Severity MEDIUM Has Fix Added at: Mar 29, 2026
Homebrew Severity HIGH No Fix Added at: Apr 06, 2026
MinimOS Severity HIGH Has Fix Added at: Mar 29, 2026
Nix Severity HIGH No Fix Added at: Apr 06, 2026
Wolfi Has Fix Added at: Mar 29, 20
Wiz
CVE-2026-21885 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-21885 [MEDIUM] CVE-2026-21885 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21885 :
NixOS vulnerability analysis and mitigation
GET /proxy/{encodedDigest}/{encodedURL}
/proxy/...
Source : NVD
## 6.5
Score
Published January 8, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
miniflux
miniflux.app/v2
Sources
NVD
Alpine 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21 Severity MEDIUM No Fix Added at: Jan 13, 2026
Alpine 3.22, 3.23 Severity MEDIUM No Fix Added at: Jan 28, 2026
Debian 13 Severity MEDIUM No Fix Added at: Jan 11, 2026
Debian 14 Severity MEDIUM Has Fix Added at: Jan 11, 2026
Wiz
CVE-2025-69650 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-69650 [HIGH] CVE-2025-69650 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69650 :
NixOS vulnerability analysis and mitigation
GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.
Source : NVD
## 7.5
Score
Published March 6, 202
Wiz
CVE-2025-61640 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2025-61640 [MEDIUM] CVE-2025-61640 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61640 :
NixOS vulnerability analysis and mitigation
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/RclToOrFromWidget.Js.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM Has Fix Added at
Wiz
CVE-2026-24122 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.7
CVE-2026-24122 [LOW] CVE-2026-24122 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24122 :
NixOS vulnerability analysis and mitigation
Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be considered valid during verification even if the provided timestamp would mean the issuing certificate should be considered expired. When verifying artifact signatures using a certificate, Cosign first verifies the certificate chain using the leaf certificate's "not before" timestamp and later checks expiry of the leaf certificate using either a signed timestamp provided by the Rekor transparency log or from a timestamp authority, or using the current time. The root and all issuing certificates are assumed to be valid during the leaf ce
Wiz
CVE-2026-2036 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-2036 [HIGH] CVE-2026-2036 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2036 :
NixOS vulnerability analysis and mitigation
GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the configuration of the MArc.Store.Remoting.exe process. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-27936.
Source : NVD
## 8.8
Score
Published February 20, 2026
Severity HIGH
CNA
Wiz
CVE-2026-2776 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 10.0
CVE-2026-2776 [CRITICAL] CVE-2026-2776 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2776 :
NixOS vulnerability analysis and mitigation
Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 10
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 10.0
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 23
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
MozillaThunderbird
thunderbird
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar
Wiz
CVE-2026-33720 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33720 [MEDIUM] CVE-2026-33720 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33720 :
NixOS vulnerability analysis and mitigation
N8N_SKIP_AUTH_ON_OAUTH_CALLBACK
true
N8N_SKIP_AUTH_ON_OAUTH_CALLBACK=true
N8N_SKIP_AUTH_ON_OAUTH_CALLBACK=true
Source : NVD
## 6.3
Score
Published March 25, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
NixOS
n8n
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
n8n
Sources
NVD
npm Severity MEDIUM Has Fix Added at: Mar 26, 2026
Nix Severity MEDIUM Has Fix Added at: Mar 29, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Ni
Wiz
CVE-2026-22040 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-22040 [MEDIUM] CVE-2026-22040 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22040 :
NixOS vulnerability analysis and mitigation
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter, it is possible to reliably trigger heap memory corruption in the Broker process, causing it to exit immediately with SIGABRT due to free(): invalid pointer. As of time of publication, no known patched versions are available.
Source : NVD
## 5.3
Score
Published March 4, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (E
Wiz
CVE-2026-20979 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2026-20979 [HIGH] CVE-2026-20979 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20979 :
NixOS vulnerability analysis and mitigation
Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Settings privilege.
Source : NVD
## 8.4
Score
Published February 4, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Feb 08, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities
Wiz
CVE-2026-0882 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-0882 [HIGH] CVE-2026-0882 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0882 :
NixOS vulnerability analysis and mitigation
Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
Source : NVD
## 8.8
Score
Published January 13, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firefox
cpe:2.3:a:mozilla:firefox_esr
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Feb 11, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Jan 20, 2026
Debian 11, 12, 13, 14 Severity HIGH Has Fix Added a
Wiz
CVE-2026-23963 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-23963 [MEDIUM] CVE-2026-23963 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23963 :
NixOS vulnerability analysis and mitigation
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, the server does not enforce a maximum length for the names of lists or filters, or for filter keywords, allowing any user to set an arbitrarily long string as the name or keyword. Any local user can abuse the list or filter fields to cause disproportionate storage and computing resource usage. They can additionally cause their own web interface to be unusable, although they must intentionally do this to themselves or unknowingly approve a malicious API client. Mastodon versions v4.5.5, v4.4.12, v4.3.18 are patched.
Source : NVD
## 6.5
Score
Published January 22, 2026
Severity MEDIUM
CNA Score 4.3
Wiz
CVE-2025-67229 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-67229 [CRITICAL] CVE-2025-67229 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67229 :
NixOS vulnerability analysis and mitigation
An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficient certificate validation.
Source : NVD
## 9.8
Score
Published January 23, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
builder
Sources
NVD
Nix Severity CRITICAL Has Fix Added at: Jan 30, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can foc
Wiz
CVE-2026-4698 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4698 [HIGH] CVE-2026-4698 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4698 :
NixOS vulnerability analysis and mitigation
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 9.8
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaThunderbird
MozillaThunderbird-translations-other
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chaingu
Wiz
CVE-2026-21865 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-21865 [MEDIUM] CVE-2026-21865 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21865 :
NixOS vulnerability analysis and mitigation
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can convert some personal messages to public topics when they shouldn't have access. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a workaround, site admin can temporarily revoke the moderation role from untrusted moderators or remove the moderator group from the "personal message enabled groups" site setting until the Discourse instance has been upgraded to a version that has been patched.
Source : NVD
## 6.5
Score
Published January 28, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
C
Wiz
CVE-2026-2794 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-2794 [HIGH] CVE-2026-2794 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2794 :
NixOS vulnerability analysis and mitigation
Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android. This vulnerability affects Firefox < 148.
Source : NVD
## 7.5
Score
Published February 24, 2026
Severity HIGH
CNA Score 6.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firefox
cpe:2.3:a:mozilla:firefox
Sources
Alpine 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23, edge Severity HIGH No Fix Added at: Mar 02, 2026
Homebrew Severity HIGH Has Fix Added at: Mar 03, 2026
Nix Severity HIG
Wiz
CVE-2026-21696 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.3
CVE-2026-21696 [HIGH] CVE-2026-21696 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21696 :
NixOS vulnerability analysis and mitigation
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a condition that floods the panel with activity records. After Wings sends activity logs to the panel it deletes the processed activity entries from the wings SQLite database. However, it does not consider the max parameter limit of SQLite, 32766 as of SQLite 3.32.0. If wings attempts to delete more than 32766 entries from the SQLite database in one query, it triggers an error (SQL logic error: too many SQL variables (1)) and does not remove
Wiz
CVE-2026-22695 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2026-22695 [HIGH] CVE-2026-22695 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22695 :
NixOS vulnerability analysis and mitigation
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.
Source : NVD
## 7.1
Score
Published January 12, 2026
Severity HIGH
CNA Score 6.1
Affected Technologies
NixOS
OpenJDK JDK
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.6
Expl
Wiz
CVE-2025-14321 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-14321 [CRITICAL] CVE-2025-14321 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14321 :
NixOS vulnerability analysis and mitigation
Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
Source : NVD
## 9.8
Score
Published December 9, 2025
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
rhel10::firefox-flatpak.src
firefox
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Dec 12, 2025
AlmaLinux 9 Severity HIGH Has Fix Added at: Dec 12, 2025
Debian 11, 12, 13, 14 Severity CRITICAL Has Fix Added
Wiz
CVE-2025-70308 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-70308 [HIGH] CVE-2025-70308 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-70308 :
NixOS vulnerability analysis and mitigation
An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .gsf file.
Source : NVD
## 7.5
Score
Published January 15, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 22.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
gpac
Sources
NVD
Debian 11 Severity HIGH No Fix Added at: Jan 18, 2026
Homebrew Severity HIGH No Fix Added at: Jan 26, 2026
Nix Severity HIGH No Fix Added at: Jan 26, 2026
## Get a CVE risk assessment
Get a prioritized view of
Wiz
CVE-2025-56226 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-56226 [MEDIUM] CVE-2025-56226 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-56226 :
NixOS vulnerability analysis and mitigation
Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file.
Source : NVD
## 5.3
Score
Published January 14, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
CBL Mariner
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 24.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
seal-libsndfile
libsndfile
Sources
NVD
Alpine 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, edge Severity MEDIUM No Fix Added at: Jan 23, 2026
Alpine 3.22, 3.23 Severity MEDIUM No Fix Added at: Jan 28, 2026
CBL-Mariner 3.0 Severity MEDIUM Has Fix Added at:
Wiz
CVE-2026-23893 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2026-23893 [MEDIUM] CVE-2026-23893 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23893 :
NixOS vulnerability analysis and mitigation
openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token directories, resulting in privilege escalation or data exposure. Token and lock directories are 0770 (group-writable for token users), so any token-group member can plant files and symlinks inside them. When run as root, the base code handling token directory file access, as well as several openCryptoki tools used for administrative purposes, may reset ownership or permissions on existing files inside the token directories. An attack
Wiz
CVE-2026-27936 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-27936 [MEDIUM] CVE-2026-27936 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27936 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a restriction bypass allows restricted post action counts to be disclosed to non-privileged users through a carefully crafted request. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.
Source : NVD
## 6.9
Score
Published March 19, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discour
Wiz
CVE-2026-3214 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-3214 [MEDIUM] CVE-2026-3214 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3214 :
NixOS vulnerability analysis and mitigation
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Functionality Bypass.This issue affects CAPTCHA: from 0.0.0 before 1.17.0, from 2.0.0 before 2.0.10.
Source : NVD
## 6.5
Score
Published March 25, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
captcha
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Apr 05, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just
Wiz
CVE-2026-25540 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-25540 [MEDIUM] CVE-2026-25540 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25540 :
NixOS vulnerability analysis and mitigation
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via `Rails.cache. When AUTHORIZED_FETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that depend on the account that signed the HTTP request. However, these contents are stored in an internal cache and reused with no regards to the signing actor. As a result, an empty response generated for a blocked user account may be served to requests from legitimate non-blocked actors, or conversely, content intended for non-blocked actors may be returned to blocked actors. This issue has been patched in versions 4.3.19, 4.4.13, 4.
Wiz
CVE-2025-71264 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.7
CVE-2025-71264 [LOW] CVE-2025-71264 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71264 :
NixOS vulnerability analysis and mitigation
Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash).
Source : NVD
## 5.3
Score
Published March 16, 2026
Severity MEDIUM
CNA Score 3.7
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mumble
mumble-server
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Mar 16, 2026
Debian 14 Severity MEDIUM Has Fix Added at: Mar 16, 2026
Echo Severity MEDIUM No Fix Added at: Mar 17, 2026
Homebrew Severity MEDIUM Has Fix Added at: Apr 05, 2026
Wiz
CVE-2026-31960 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-31960 [MEDIUM] CVE-2026-31960 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31960 :
NixOS vulnerability analysis and mitigation
Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not possible under standard network conditions due to HTTPS with proper TLS certificate validation; however, environments with TLS-intercepting proxies (common in corporate networks), compromised certificate authorities, or other trust boundary violations are at risk. When processing HTTP responses during notarization, Quill reads the entire response body into memory without any size limit. An attacker who can control or modify the response
Wiz
CVE-2025-20798 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-20798 [HIGH] CVE-2025-20798 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20798 :
NixOS vulnerability analysis and mitigation
In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315812; Issue ID: MSV-5533.
Source : NVD
## 7.8
Score
Published January 6, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a
Wiz
CVE-2025-14324 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-14324 [CRITICAL] CVE-2025-14324 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14324 :
NixOS vulnerability analysis and mitigation
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
Source : NVD
## 9.8
Score
Published December 9, 2025
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 22.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
MozillaFirefox
MozillaFirefox-devel
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Dec 12, 2025
AlmaLinux 9 Severity HIGH Has Fix Added at: Dec 12, 2025
Debian 11, 12, 13, 14 Se
Wiz
CVE-2026-2778 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 10.0
CVE-2026-2778 [CRITICAL] CVE-2026-2778 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2778 :
NixOS vulnerability analysis and mitigation
Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 10
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 10.0
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 23
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
firefox
cpe:2.3:a:mozilla:firefox
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
D
Wiz
CVE-2026-25054 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.5
CVE-2026-25054 [HIGH] CVE-2026-25054 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25054 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting (XSS) vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could abuse this to execute scripts with same-origin privileges when other users interact with a maliciously crafted workflow. This could lead to session hijacking and account takeover. This issue has been patched in versions 1.123.9 and 2.2.1.
Source : NVD
## 8.5
Score
Published February 4, 2026
Severity HIGH
CNA Score 8.5
Affected Technologies
NixOS
n8n
Has Public Exploit
Wiz
CVE-2026-0034 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2026-0034 [HIGH] CVE-2026-0034 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0034 :
NixOS vulnerability analysis and mitigation
In setPackageOrComponentEnabled of ManagedServices.java, there is a possible notification policy desync due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 8.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioriti
Wiz
CVE-2025-48568 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.4
CVE-2025-48568 [HIGH] CVE-2025-48568 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48568 :
NixOS vulnerability analysis and mitigation
In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 7.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 7.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on
Wiz
CVE-2025-69413 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-69413 [MEDIUM] CVE-2025-69413 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69413 :
NixOS vulnerability analysis and mitigation
In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists.
Source : NVD
## 5.3
Score
Published January 1, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Gitea
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gitea
code.gitea.io/gitea
Sources
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21 Severity MEDIUM No Fix Added at: Jan 08, 2026
Alpine 3.22, 3.23 Severity MEDIUM No Fix Added at: Jan 28, 2026
Chainguard Has Fix Added at: Jan 01,
Wiz
CVE-2026-24681 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-24681 [HIGH] CVE-2026-24681 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24681 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urb_write_completion. This vulnerability is fixed in 3.22.0.
Source : NVD
## 8.7
Score
Published February 9, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Alma Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
winpr-devel
freerdp2-devel
Sources
NVD
AlmaLinux 9 Severity HIGH Has Fix Added at: Apr 02, 2026
Alpine 3.1
Wiz
CVE-2026-28227 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.2
CVE-2026-28227 [LOW] CVE-2026-28227 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28227 :
NixOS vulnerability analysis and mitigation
publish_to_category
Source : NVD
## 1.2
Score
Published February 26, 2026
Severity LOW
CNA Score 1.2
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discourse
Sources
Nix Severity LOW No Fix Added at: Mar 03, 2026
Linux Severity LOW Has Fix Added at: Mar 02, 2026
Linux Severity LOW Has Fix Added at: Mar 03, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulne
Wiz
CVE-2026-22771 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-22771 [HIGH] CVE-2026-22771 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22771 :
NixOS vulnerability analysis and mitigation
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be used to communicate with the control plane and gain access to all secrets that are used by Envoy proxy, e.g. TLS private keys and credentials used for downstream and upstream communication. This vulnerability is fixed in 1.5.7 and 1.6.2.
Source : NVD
## 8.8
Score
Published January 12, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due
Wiz
CVE-2025-61634 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2025-61634 [MEDIUM] CVE-2025-61634 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61634 :
NixOS vulnerability analysis and mitigation
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Rest/Handler/PageHTMLHandler.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 13, 14 Severity LOW Has Fix Added at: Oct 03, 2025
Nix Severity LOW Has Fix Added at: Mar 19, 2026
## Get a CVE risk assessment
Get a prioritized view
Wiz
CVE-2025-61914 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.3
CVE-2025-61914 [HIGH] CVE-2025-61914 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61914 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting (XSS) vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the top-level window, rather than within the expected sandbox introduced in version 1.103.0. This behavior can enable a malicious actor with workflow creation permissions to execute arbitrary JavaScript in the context of the n8n editor interface. This issue has been patched in version 1.114.0. Workarounds for this issue involve restricting workflow creation and modification privileges to trusted users only, avoiding use of untrusted H
Wiz
CVE-2025-15274 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-15274 [HIGH] CVE-2025-15274 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15274 :
NixOS vulnerability analysis and mitigation
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SFD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28544.
Source : NVD
## 8.8
Score
Published December 31, 2025
Severity HIGH
CNA Score 8.8
Affe
Wiz
CVE-2025-14744 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-14744 [MEDIUM] CVE-2025-14744 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14744 :
NixOS vulnerability analysis and mitigation
Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability affects Firefox for iOS < 144.0.
Source : NVD
## 6.5
Score
Published December 18, 2025
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mozilla:firefox
firefox
Sources
Alpine 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21 Severity MEDIUM No Fix Add
Wiz
CVE-2026-0965 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.3
CVE-2026-0965 [LOW] CVE-2026-0965 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0965 :
NixOS vulnerability analysis and mitigation
A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations.
Source : NVD
## 3.3
Score
Published March 26, 2026
Severity LOW
CNA Score 3.3
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.5
Exploitation Probability (EPSS) N/A
Affected pack
Wiz
CVE-2026-23533 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2026-23533 [HIGH] CVE-2026-23533 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23533 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
Source : NVD
## 7.7
Score
Published January 19, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Dat
Wiz
CVE-2025-60458 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-60458 [MEDIUM] CVE-2025-60458 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-60458 :
NixOS vulnerability analysis and mitigation
UxPlay 1.72 contains a double free vulnerability in its RTSP request handling. A specially crafted RTSP TEARDOWN request can trigger multiple calls to free() on the same memory address, potentially causing a Denial of Service.
Source : NVD
## 6.5
Score
Published December 29, 2025
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
uxplay
uxplay-beacon
Sources
NVD
Debian 12, 13 Severity MEDIUM No Fix Added at: Dec 30, 2025
Debian 14 Severity MEDIUM Has Fix Added at: Dec 30, 2025
Wiz
CVE-2026-2804 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2026-2804 [MEDIUM] CVE-2026-2804 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2804 :
NixOS vulnerability analysis and mitigation
Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
Source : NVD
## 5.4
Score
Published February 24, 2026
Severity MEDIUM
CNA Score 5.4
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mozilla:firefox
cpe:2.3:a:mozilla:thunderbird
Sources
Homebrew Severity MEDIUM Has Fix Added at: Mar 03, 2026
Nix Severity MEDIUM Has Fix Added at: Mar 03, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added at: Mar 02, 2026
Linux Severity MEDIUM
Wiz
CVE-2025-14330 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-14330 [CRITICAL] CVE-2025-14330 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14330 :
NixOS vulnerability analysis and mitigation
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
Source : NVD
## 9.8
Score
Published December 9, 2025
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.2
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
MozillaFirefox-translations-common
MozillaFirefox-translations-other
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Dec 12, 2025
AlmaLinux 9 Severity HIGH Has Fix Added at: Dec 12, 2025
Debian 11, 12
Wiz
CVE-2026-20425 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2026-20425 [MEDIUM] CVE-2026-20425 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20425 :
NixOS vulnerability analysis and mitigation
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5539.
Source : NVD
## 6.7
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get
Wiz
CVE-2026-20438 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.4
CVE-2026-20438 [MEDIUM] CVE-2026-20438 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20438 :
NixOS vulnerability analysis and mitigation
In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431920; Issue ID: MSV-5835.
Source : NVD
## 6.4
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 6.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioriti
Wiz
CVE-2025-68972 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.9
CVE-2025-68972 [MEDIUM] CVE-2025-68972 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68972 :
NixOS vulnerability analysis and mitigation
In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.
Source : NVD
## 4.7
Score
Published December 27, 2025
Severity MEDIUM
CNA Score 5.9
Affected Technologies
NixOS
GNU Privacy Guard
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
A
Wiz
CVE-2025-61641 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.7
CVE-2025-61641 [LOW] CVE-2025-61641 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61641 :
NixOS vulnerability analysis and mitigation
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
Source : NVD
## 1.7
Score
Published February 3, 2026
Severity LOW
CNA Score 1.7
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM Has Fix Added at: Oct 03, 2025
Echo Severity MEDIUM Has Fix Added at: Nov 18, 2025
Nix Severity MEDIUM Has Fix Add
Wiz
CVE-2025-15570 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2025-15570 [MEDIUM] CVE-2025-15570 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15570 :
NixOS vulnerability analysis and mitigation
A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Source : NVD
## 4.8
Score
Published February 10, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
lrzip
Sources
NVD
Wiz
CVE-2025-68660 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68660 [MEDIUM] CVE-2025-68660 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68660 :
NixOS vulnerability analysis and mitigation
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, an endpoint lets any authenticated user bypass the ai_discover_persona access controls and gain ongoing DM access to personas that may be wired to staff-only categories, RAG document sets, or automated tooling, enabling unauthorized data disclosure. Because the controller also accepts arbitrary user_id, an attacker can impersonate other accounts to trigger unwanted AI conversations on their behalf, generating confusing or abusive PM traffic. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds are available.
Source : NVD
## 5.3
Score
Published January 28, 2026
Se
Wiz
CVE-2026-29068 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-29068 [HIGH] CVE-2026-29068 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-29068 :
NixOS vulnerability analysis and mitigation
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain more frames than the caller-provided frames can hold. This issue has been patched in version 2.17.
Source : NVD
## 8.7
Score
Published March 6, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.1
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
pjsip
pjproject
Sources
NVD
Nix Severity HIGH Has Fix Added at: Mar 12, 2026
Ubuntu
Wiz
CVE-2026-25139 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-25139 [HIGH] CVE-2026-25139 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25139 :
NixOS vulnerability analysis and mitigation
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to read adjacent memory locations, or crash a vulnerable device running the 6LoWPAN stack. The received packet is cast into a sixlowpan_sfr_rfrag_t struct and dereferenced without validating the packet is large enough to contain the struct object. At time of publication, no known patch exists.
Source : NVD
## 8.7
Score
Published February 4, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Has Public Exploit Yes
Wiz
CVE-2026-23964 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-23964 [MEDIUM] CVE-2026-23964 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23964 :
NixOS vulnerability analysis and mitigation
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, an insecure direct object reference in the web push subscription update endpoint lets any authenticated user update another user's push subscription by guessing or obtaining the numeric subscription id. This can be used to disrupt push notifications for other users and also leaks the web push subscription endpoint. Any user with a web push subscription is impacted, because another authenticated user can tamper with their push subscription settings if they can guess or obtain the subscription id. This allows an attacker to disrupt push notifications by changing the policy (whether to filter notifications fr
Wiz
CVE-2026-34155 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-34155 [MEDIUM] CVE-2026-34155 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-34155 :
NixOS vulnerability analysis and mitigation
RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a legitimate signature, an attacker can modify the part of the payload which is not covered by the signature. This issue has been patched in version 1.15.2.
Source : NVD
## 7.2
Score
Published March 31, 2026
Severity HIGH
CNA Score 7.2
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.3
Exploita
Wiz
CVE-2026-26979 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-26979 [MEDIUM] CVE-2026-26979 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26979 :
NixOS vulnerability analysis and mitigation
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users are able to close, archive and pin topics in private categories they don't have access to. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available.
Source : NVD
Published February 26, 2026
Severity NONE
CNA Score N/A
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
discourse
cpe:2.3:a:discourse:discourse
Sources
Nix Severity LOW No Fix Added at: Mar 03, 2026
Linu
Wiz
CVE-2026-2047 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-2047 [HIGH] CVE-2026-2047 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2047 :
NixOS vulnerability analysis and mitigation
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28530.
Source : NVD
## 7.8
Score
Published February 20, 2026
Severity HIGH
CNA Score 7.8
Affected T
Wiz
CVE-2026-27824 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-27824 [MEDIUM] CVE-2026-27824 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27824 :
NixOS vulnerability analysis and mitigation
remote_addr
X-Forwarded-For
X-Forwarded-For
Source : NVD
## 5.3
Score
Published February 27, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
calibre
cpe:2.3:a:calibre-ebook:calibre
Sources
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Mar 02, 2026
Debian 14 Severity MEDIUM Has Fix Added at: Mar 02, 2026
Echo Severity MEDIUM No Fix Added at: Mar 02, 2026
Homebrew Severity MEDIUM Has Fix Added at: Mar 08, 2026
Nix Severity MEDIUM Has Fix Added at: Mar 08, 2026
Win
Wiz
CVE-2026-0888 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-0888 [MEDIUM] CVE-2026-0888 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0888 :
NixOS vulnerability analysis and mitigation
Information disclosure in the XML component. This vulnerability affects Firefox < 147 and Thunderbird < 147.
Source : NVD
## 5.3
Score
Published January 13, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
thunderbird
cpe:2.3:a:mozilla:firefox
Sources
Homebrew Severity MEDIUM Has Fix Added at: Jan 23, 2026
Nix Severity MEDIUM Has Fix Added at: Jan 23, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added at: Jan 15, 2026
Linux Severity MEDIUM Has Fix Added at: Jan 14, 2026
Wiz
CVE-2026-27495 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.4
CVE-2026-27495 [CRITICAL] CVE-2026-27495 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27495 :
NixOS vulnerability analysis and mitigation
N8N_RUNNERS_ENABLED=true
N8N_RUNNERS_MODE=external
Source : NVD
## 9.4
Score
Published February 25, 2026
Severity CRITICAL
CNA Score 9.4
Affected Technologies
NixOS
n8n
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 25.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
n8n
Sources
NVD
npm Severity CRITICAL Has Fix Added at: Mar 02, 2026
Nix Severity CRITICAL Has Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Tech
Wiz
CVE-2025-68617 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.0
CVE-2025-68617 [HIGH] CVE-2025-68617 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68617 :
NixOS vulnerability analysis and mitigation
FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed memory, if the synthesizer is being concurrently destroyed, or samples of the (unloaded) DLS file are concurrently used to synthesize audio. This issue has been patched in version 2.5.2. The problem will not occur, when explicitly unloading a DLS file (before synth destruction), provided that at the time of unloading, no samples of the respective file are used by active voices. The problem will not occur in versions of FluidSynth that
Wiz
CVE-2025-15325 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
CVE-2025-15325 [MEDIUM] CVE-2025-15325 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15325 :
NixOS vulnerability analysis and mitigation
Tanium addressed an improper input validation vulnerability in Discover.
Source : NVD
## 6.3
Score
Published February 5, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
discover
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Feb 11, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV expl
Wiz
CVE-2025-15281 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-15281 [HIGH] CVE-2025-15281 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15281 :
NixOS vulnerability analysis and mitigation
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.
Source : NVD
## 7.5
Score
Published January 20, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.2
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
glibc-langpack-az
glibc-static
Sources
NVD
AlmaLinux 8 Severity MEDIUM Has Fix Added at: Mar 20, 2026
AlmaLinux 9 Severity MED
Wiz
CVE-2025-48636 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2025-48636 [HIGH] CVE-2025-48636 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48636 :
NixOS vulnerability analysis and mitigation
In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 8.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a priorit
Wiz
CVE-2025-66862 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-66862 [HIGH] CVE-2025-66862 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66862 :
NixOS vulnerability analysis and mitigation
A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
Source : NVD
## 7.5
Score
Published December 29, 2025
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 22.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
gcc-toolset-15-binutils-devel
gdb-gdbserver
Sources
NVD
Chainguard No Fix Added at: Jan 15, 2026
Debian 11, 12, 13, 14 Severity LOW No Fix Added at: Dec 30, 2025
Echo Severity HIGH Has Fix Added at: Dec 30, 2025
Homebrew
Wiz
CVE-2026-1415 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-1415 [MEDIUM] CVE-2026-1415 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1415 :
NixOS vulnerability analysis and mitigation
A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is af951b892dfbaaa38336ba2eba6d6a42c25810fd. To fix this issue, it is recommended to deploy a patch.
Source : NVD
## 4.8
Score
Published January 26, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.4
Exploita
Wiz
CVE-2026-29777 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.1
CVE-2026-29777 [MEDIUM] CVE-2026-29777 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-29777 :
NixOS vulnerability analysis and mitigation
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can bypass listener hostname constraints and redirect traffic for victim hostnames to attacker-controlled backends. This vulnerability is fixed in 3.6.10.
Source : NVD
## 6.1
Score
Published March 11, 2026
Severity MEDIUM
CNA Score 6.1
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.1
Exploitation Pr
Wiz
CVE-2026-24743 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.7
CVE-2026-24743 [MEDIUM] CVE-2026-24743 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24743 :
NixOS vulnerability analysis and mitigation
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the upload Invoice Logo functions of InvoicePlane version 1.7.0. The Upload Invoice Logo function allows the application to upload svg files. Although administrator privileges are required to exploit it, this is still considered a critical vulnerability as it can cause actions such as unauthorized modification of application data, creation of persistent backdoors through stored malicious scripts, and full compromise of the application's integrity. Version 1.7.1 patches the issue.
Source : NVD
## 7.5
Score
Published February 18, 2026
Severity HIGH
CNA Score 5.7
Wiz
CVE-2025-15288 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.1
CVE-2025-15288 [LOW] CVE-2025-15288 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15288 :
NixOS vulnerability analysis and mitigation
Tanium addressed an improper access controls vulnerability in Interact.
Source : NVD
## 4.3
Score
Published January 29, 2026
Severity MEDIUM
CNA Score 3.1
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
interact
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Mar 10, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV explo
Wiz
CVE-2026-20974 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.2
CVE-2026-20974 [MEDIUM] CVE-2026-20974 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20974 :
NixOS vulnerability analysis and mitigation
Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock.
Source : NVD
## 5.2
Score
Published January 9, 2026
Severity MEDIUM
CNA Score 5.2
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Feb 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities
Wiz
CVE-2025-41077 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2025-41077 [HIGH] CVE-2025-41077 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-41077 :
NixOS vulnerability analysis and mitigation
IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality to access the application by impersonating any user, including those with administrative permissions.
Source : NVD
## 8.6
Score
Published January 12, 2026
Severity HIGH
CNA Score 8.6
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
Wiz
CVE-2026-20439 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.4
CVE-2026-20439 [MEDIUM] CVE-2026-20439 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20439 :
NixOS vulnerability analysis and mitigation
In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431955; Issue ID: MSV-5826.
Source : NVD
## 4.4
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 4.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of
Wiz
CVE-2025-68697 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2025-68697 [HIGH] CVE-2025-68697 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68697 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. Prior to version 2.0.0, in self-hosted n8n instances where the Code node runs in legacy (non-task-runner) JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node. This allows a workflow editor to perform actions on the n8n host with the same privileges as the n8n process, including: reading files from the host filesystem (subject to any file-access restrictions configured on the instance and OS/container permissions), and writing files to the host filesystem (subject to the same restrictions). This issue has been patched in version 2.0.0. Workarounds for this issue involve limiting file opera
Wiz
CVE-2025-69195 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.6
CVE-2025-69195 [HIGH] CVE-2025-69195 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69195 :
NixOS vulnerability analysis and mitigation
A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted URL, which, upon user interaction with wget2, can lead to memory corruption. This can cause the application to crash and potentially allow for further malicious activities.
Source : NVD
## 8.8
Score
Published January 9, 2026
Severity HIGH
CNA Score 7.6
Affected Technologies
NixOS
CBL Mariner
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percenti
Wiz
CVE-2026-33983 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33983 [MEDIUM] CVE-2026-33983 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33983 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressive_decompress_tile_upgrade() detects a mismatch via progressive_rfx_quant_cmp_equal() but only emits WLog_WARN, execution continues. The wrapped value (247) is used as a shift exponent, causing undefined behavior and an approximately 80 billion iteration loop (CPU DoS). This issue has been patched in version 3.24.2.
Source : NVD
## 6.5
Score
Published March 30, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15
Exploitation Probability (EPSS) N/A
Affected
Wiz
CVE-2025-68431 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-68431 [MEDIUM] CVE-2025-68431 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68431 :
NixOS vulnerability analysis and mitigation
HeifPixelImage::overlay()
size_t
memcpy
iovl
Source : NVD
## 7.1
Score
Published December 29, 2025
Severity HIGH
CNA Score 6.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
libheif1
libheif-dav1d
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21 Severity HIGH Has Fix Added at: Mar 02, 2026
Alpine 3.22 Severity HIGH Has Fix Added at: Jan 25, 2026
Alpine 3.23 Severity HIGH Has Fix Added at: Feb 04, 2026
Alpine edge Severity HIGH Has Fix Added at: Jan 24, 2026
Wiz
CVE-2026-33470 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33470 [MEDIUM] CVE-2026-33470 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33470 :
NixOS vulnerability analysis and mitigation
/api/timeline
/api/events/{event_id}/snapshot-clean.webp
Depends(require_camera_access)
event.camera
Source : NVD
## 4.3
Score
Published March 26, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
frigate
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Apr 05, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
C
Wiz
CVE-2026-27934 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-27934 [HIGH] CVE-2026-27934 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27934 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a lack of visibility checks with a user action API endpoint that results in disclosure of the title and post excerpt to unauthorized users, leading to information disclosure. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.
Source : NVD
## 8.7
Score
Published March 19, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13
Exploitation Probability (EPSS) N/A
Affected packages and librarie
Wiz
CVE-2026-24811 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-24811 [CRITICAL] CVE-2026-24811 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24811 :
NixOS vulnerability analysis and mitigation
Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inffast.C.
This issue affects root.
Source : NVD
## 9.3
Score
Published January 27, 2026
Severity CRITICAL
CNA Score 9.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 25.1
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
root
Sources
NVD
Homebrew Severity CRITICAL No Fix Added at: Feb 19, 2026
Nix Severity CRITICAL No Fix Added at: Feb 19, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's
Wiz
CVE-2026-33751 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33751 [MEDIUM] CVE-2026-33751 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33751 :
NixOS vulnerability analysis and mitigation
n8n-nodes-base.ldap
NODES_EXCLUDE
Source : NVD
## 6.3
Score
Published March 25, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
NixOS
n8n
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.1
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
n8n
Sources
NVD
npm Severity MEDIUM Has Fix Added at: Mar 29, 2026
Nix Severity MEDIUM Has Fix Added at: Mar 29, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
Wiz
CVE-2026-20427 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2026-20427 [MEDIUM] CVE-2026-20427 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20427 :
NixOS vulnerability analysis and mitigation
In display, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5537.
Source : NVD
## 6.7
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Wiz
CVE-2025-70888 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-70888 [CRITICAL] CVE-2025-70888 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-70888 :
NixOS vulnerability analysis and mitigation
An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component
Source : NVD
## 9.8
Score
Published March 25, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 31.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
osslsigncode
Sources
NVD
Debian 11 Severity CRITICAL No Fix Added at: Mar 29, 2026
Debian 12, 13 Severity MEDIUM No Fix Added at: Mar 29, 2026
Debian 14 Severity CRITICAL Has Fix Added at: Mar 29, 2026
Echo Severity CRITICAL No Fix Add
Wiz
CVE-2021-47857 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2021-47857 [MEDIUM] CVE-2021-47857 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2021-47857 :
NixOS vulnerability analysis and mitigation
Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the event.
Source : NVD
## 5.1
Score
Published January 21, 2026
Severity MEDIUM
CNA Score 5.1
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
moodle
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 09, 2026
## Get a CVE risk
Wiz
CVE-2026-26268 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.0
CVE-2026-26268 [HIGH] CVE-2026-26268 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26268 :
NixOS vulnerability analysis and mitigation
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time they are triggered. No user interaction was required as Git executes these commands automatically. Fixed in version 2.5.
Source : NVD
## 9.9
Score
Published February 13, 2026
Severity CRITICAL
CNA Score 8.0
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.7
Exploitation Probability (EPSS) N/
Wiz
CVE-2026-0023 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-0023 [HIGH] CVE-2026-0023 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0023 :
NixOS vulnerability analysis and mitigation
In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 7.8
Score
Published March 2, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Wiz
CVE-2025-67730 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2025-67730 [MEDIUM] CVE-2025-67730 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67730 :
NixOS vulnerability analysis and mitigation
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0.
Source : NVD
## 5.1
Score
Published December 12, 2025
Severity MEDIUM
CNA Score 5.1
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
learning
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Dec 16, 2025
## Get a CVE risk asses
Wiz
CVE-2025-14920 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-14920 [HIGH] CVE-2025-14920 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14920 :
NixOS vulnerability analysis and mitigation
Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25423.
Source : NVD
## 7.8
Score
Published December 23, 20
Wiz
CVE-2025-58932 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2025-58932 [HIGH] CVE-2025-58932 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-58932 :
NixOS vulnerability analysis and mitigation
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Prisma prisma allows PHP Local File Inclusion.This issue affects Prisma: from n/a through <= 1.10.
Source : NVD
## 8.2
Score
Published December 18, 2025
Severity HIGH
CNA Score 8.2
Affected Technologies
NixOS
WordPress
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
prisma
Sources
NVD
Nix Severity HIGH No Fix Added at: Dec 26, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so yo
Wiz
CVE-2026-25953 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-25953 [MEDIUM] CVE-2026-25953 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25953 :
NixOS vulnerability analysis and mitigation
xf_AppUpdateWindowFromSurface
xfAppWindow
xf_rail_get_window
Source : NVD
## 5.5
Score
Published February 25, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 30.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
freerdp-libs
freerdp-libs-debuginfo
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23, edge Severity CRITICAL Has Fix Added at: Mar 02, 2026
Chainguard Has Fix Added at: Mar 02, 2026
Debian 11, 13 Severity CRITICAL No Fix Added at: Mar 02, 2026
Debian 12 Severity
Wiz
CVE-2026-2634 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2634 [CRITICAL] CVE-2026-2634 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2634 :
NixOS vulnerability analysis and mitigation
Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability affects Firefox for iOS < 147.4.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:mozilla:firefox
firefox
Sources
Alpine 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22
Wiz
CVE-2026-0005 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.2
CVE-2026-0005 [MEDIUM] CVE-2026-0005 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0005 :
NixOS vulnerability analysis and mitigation
In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing limited interaction with other apps without knowing the LSKF due to a missing permission check. This could lead to local information disclosure where the extent of interaction and impact is app-dependent with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 6.2
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 6.2
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packag
Wiz
CVE-2026-0886 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-0886 [MEDIUM] CVE-2026-0886 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0886 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
Source : NVD
## 5.3
Score
Published January 13, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mozilla:firefox_esr
MozillaThunderbird-translations-common
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Feb 11, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Jan 20, 2026
Wiz
CVE-2026-20441 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2026-20441 [MEDIUM] CVE-2026-20441 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20441 :
NixOS vulnerability analysis and mitigation
In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10432500; Issue ID: MSV-5803.
Source : NVD
## 6.7
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a pr
Wiz
CVE-2025-14927 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-14927 [HIGH] CVE-2025-14927 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14927 :
NixOS vulnerability analysis and mitigation
Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must convert a malicious checkpoint.
The specific flaw exists within the convert_config function. The issue results from the lack of proper validation of a user-supplied string before using it to execute Python code. An attacker can leverage this vulnerability to execute code in the context of the current user.
. Was ZDI-CAN-28252.
Source : NVD
## 7.8
Score
Published December 23, 2025
Severity HIGH
CNA Score 7.8
Affec
Wiz
CVE-2025-61145 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.0
CVE-2025-61145 [MEDIUM] CVE-2025-61145 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61145 :
NixOS vulnerability analysis and mitigation
libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.
Source : NVD
## 5
Score
Published February 23, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Alma Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libtiff-static
compat-libtiff3-debuginfo
Sources
NVD
CBL-Mariner 2.0, 3.0 Severity MEDIUM Has Fix Added at: Mar 03, 2026
Debian 11, 12, 13 Severity LOW No Fix Added at: Feb 24, 2026
Debian 14 Severity LOW Has Fix Added at: Feb 24, 2026
Echo Severity MEDIUM Has Fix Added at: Feb 24,
Wiz
CVE-2026-2759 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2759 [CRITICAL] CVE-2026-2759 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2759 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
thunderbird-flatpak
MozillaThunderbird-openpgp-librnp
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Wiz
CVE-2026-22801 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2026-22801 [MEDIUM] CVE-2026-22801 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22801 :
NixOS vulnerability analysis and mitigation
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.
Source : NVD
## 7.8
Score
Published January 12, 2026
Severity HIGH
CNA Score 6.8
Affected Technologies
NixOS
OpenJDK JDK
Has Public Exploi
Wiz
CVE-2026-27154 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.3
CVE-2026-27154 [LOW] CVE-2026-27154 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27154 :
NixOS vulnerability analysis and mitigation
display_name_on_posts
prioritize_username_in_ux
Source : NVD
## 1.3
Score
Published February 26, 2026
Severity LOW
CNA Score 1.3
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
discourse
cpe:2.3:a:discourse:discourse
Sources
Nix Severity MEDIUM No Fix Added at: Mar 03, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 02, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 03, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just w
Wiz
CVE-2026-27021 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-27021 [MEDIUM] CVE-2026-27021 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27021 :
NixOS vulnerability analysis and mitigation
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the voters endpoint in the poll plugin lacked post visibility checks which allowed unauthorized access to voters details of polls in any post. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available.
Source : NVD
## 6.9
Score
Published February 26, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.7
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discourse
Wiz
CVE-2026-33984 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-33984 [HIGH] CVE-2026-33984 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33984 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c, vBarEntry->size is updated to vBarEntry->count before the winpr_aligned_recalloc() call. If realloc fails, size is inflated while pixels still points to the old, smaller buffer. On a subsequent call where count <= size (the inflated value), realloc is skipped. The caller then writes count * bpp bytes of attacker-controlled pixel data into the undersized buffer, causing a heap buffer overflow. This issue has been patched in version 3.24.2.
Source : NVD
## 7.5
Score
Published March 30, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
H
Wiz
CVE-2025-61645 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2025-61645 [MEDIUM] CVE-2025-61645 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61645 :
NixOS vulnerability analysis and mitigation
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/pager/CodexTablePager.Php.
This issue affects MediaWiki: from * before 1.44.1.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Mar 09, 2026
## Get a CVE risk assessment
Get a prioritized view o
Wiz
CVE-2026-26017 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2026-26017 [HIGH] CVE-2026-26017 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26017 :
NixOS vulnerability analysis and mitigation
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.
Source : NVD
## 6.3
Score
Published March 6, 2026
Severity MEDIUM
CNA Score 7.7
Affected Technologies
NixOS
CBL Mariner
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
kubernetes-dns-nod
Wiz
CVE-2026-2760 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 10.0
CVE-2026-2760 [CRITICAL] CVE-2026-2760 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2760 :
NixOS vulnerability analysis and mitigation
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 10
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 10.0
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 23
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
thunderbird
cpe:2.3:a:mozilla:firefox
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02,
Wiz
CVE-2025-48641 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.0
CVE-2025-48641 [HIGH] CVE-2025-48641 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48641 :
NixOS vulnerability analysis and mitigation
In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 7
Score
Published March 2, 2026
Severity HIGH
CNA Score 7.0
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus
Wiz
CVE-2026-24744 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.7
CVE-2026-24744 [MEDIUM] CVE-2026-24744 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24744 :
NixOS vulnerability analysis and mitigation
invoice_number
Source : NVD
## 7.5
Score
Published February 18, 2026
Severity HIGH
CNA Score 5.7
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
invoiceplane
Sources
NVD
Nix Severity HIGH No Fix Added at: Feb 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published date
CVE-2026-4370
CRITICAL
1
Wiz
CVE-2026-22783 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.6
CVE-2026-22783 [CRITICAL] CVE-2026-22783 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22783 :
NixOS vulnerability analysis and mitigation
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the file_local_name field combined with path trust in the delete operation enables authenticated users to delete arbitrary filesystem paths. The vulnerability manifests through a three-step attack chain: authenticated users upload a file to the datastore, update the file's file_local_name field to point to an arbitrary filesystem path through mass assignment, then trigger the delete operation which removes the target file without path validation. This vulnerability is fixed in 2.4.24.
Source : NVD
## 8
Wiz
CVE-2026-23741 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-23741 [MEDIUM] CVE-2026-23741 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23741 :
NixOS vulnerability analysis and mitigation
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue
Wiz
CVE-2026-3845 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-3845 [MEDIUM] CVE-2026-3845 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3845 :
NixOS vulnerability analysis and mitigation
Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability affects Firefox < 148.0.2.
Source : NVD
## 8.8
Score
Published March 10, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mozilla:firefox
firefox
Sources
Alpine 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23, edge Severity HIGH No Fix Added at: Mar 13, 2026
Homebrew Severity HIGH Has Fix Added at: Mar 13, 2026
Nix Severity HIGH Has Fi
Wiz
CVE-2025-69644 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.0
CVE-2025-69644 [MEDIUM] CVE-2025-69644 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69644 :
NixOS vulnerability analysis and mitigation
An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects versions prior to the upstream fix and allows a local attacker to cause excessive resource consumption by supplying a malicious input file.
Source : NVD
## 5
Score
Published March 6, 2026
Severity MEDIUM
CNA Score 5.0
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probabili
Wiz
CVE-2026-27703 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-27703 [HIGH] CVE-2026-27703 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27703 :
NixOS vulnerability analysis and mitigation
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In 2026.01 and earlier, the default handler for the well_known_core resource coap_well_known_core_default_handler writes user-provided option data and other data into a fixed size buffer without validating the buffer is large enough to contain the response. This vulnerability allows an attacker to corrupt neighboring stack location, including security-sensitive addresses like the return address, leading to denial of service or arbitrary code execution.
Source : NVD
## 9.8
Score
Published March 11, 2026
Severity CRITICAL
CNA Score 7.5
Affected Technologies
NixOS
Wiz
CVE-2026-32114 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32114 [MEDIUM] CVE-2026-32114 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32114 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference (IDOR) vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their identifiers. This information includes credit allocations and usage statistics which are not intended to be public. The attack is performed over the network, requires low privileges (any logged-in user), and results in a low impact on confidentiality with no impact on integrity or availability. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. To work around this issue, disable AI plugin or upgrade to a patched version.
Wiz
CVE-2026-2777 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2777 [CRITICAL] CVE-2026-2777 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2777 :
NixOS vulnerability analysis and mitigation
Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
MozillaFirefox-branding-upstream
firefox-debuginfo
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12
Wiz
CVE-2026-4697 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4697 [HIGH] CVE-2026-4697 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4697 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 7.5
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaThunderbird
MozillaThunderbird-translations-common
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix A
Wiz
CVE-2026-25548 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2026-25548 [CRITICAL] CVE-2026-25548 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25548 :
NixOS vulnerability analysis and mitigation
public_invoice_template
Source : NVD
## 9.1
Score
Published February 18, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 41.1
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
invoiceplane
Sources
NVD
Nix Severity CRITICAL Has Fix Added at: Feb 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published date
CVE-2026
Wiz
CVE-2026-33355 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33355 [MEDIUM] CVE-2026-33355 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33355 :
NixOS vulnerability analysis and mitigation
/private-posts
Source : NVD
## 6.5
Score
Published March 19, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
discourse
cpe:2.3:a:discourse:discourse
Sources
Nix Severity MEDIUM No Fix Added at: Mar 26, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 20, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 26, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vu
Wiz
CVE-2026-0534 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2026-0534 [HIGH] CVE-2026-0534 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0534 :
NixOS vulnerability analysis and mitigation
A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
Source : NVD
## 8.1
Score
Published January 22, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
fusion
Sources
NVD
Nix Severity HIGH Has Fix Added at: Feb 02, 2026
Wiz
CVE-2026-30889 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-30889 [MEDIUM] CVE-2026-30889 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30889 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a moderator could exploit insufficient authorization checks to access metadata of posts they should not have permission to view. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch.
Source : NVD
## 5.3
Score
Published March 20, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
discourse
cpe:2.3:a:discourse:discourse
Sources
Nix Severity MEDIUM No Fix Ad
Wiz
CVE-2026-20978 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.8
CVE-2026-20978 [MEDIUM] CVE-2026-20978 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20978 :
NixOS vulnerability analysis and mitigation
Improper authorization in KnoxGuardManager prior to SMR Feb-2026 Release 1 allows local attackers to bypass the persistence configuration of the application.
Source : NVD
## 5.8
Score
Published February 4, 2026
Severity MEDIUM
CNA Score 5.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Feb 08, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vuln
Wiz
CVE-2025-67873 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2025-67873 [MEDIUM] CVE-2025-67873 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67873 :
NixOS vulnerability analysis and mitigation
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path. Commit cbef767ab33b82166d263895f24084b75b316df3 fixes the issue.
Source : NVD
## 7.8
Score
Published December 17, 2025
Severity HIGH
CNA Score 4.8
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
rubygem-mongo-doc
rubygem-mysql2
Wiz
CVE-2026-31883 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-31883 [MEDIUM] CVE-2026-31883 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31883 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header sizes from a size_t variable without checking for underflow. When nBlockAlign (received from the server) is set such that size % block_size == 0 triggers the header parsing at a point where size is smaller than the header (4 or 8 bytes), the subtraction wraps size to ~SIZE_MAX. The while (size > 0) loop then continues for an astronomical number of iterations. This vulnerability is fixed in 3.24.0.
Source : NVD
## 9.8
Score
Publ
Wiz
CVE-2026-30915 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-30915 [MEDIUM] CVE-2026-30915 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30915 :
NixOS vulnerability analysis and mitigation
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using placeholders like %username%, the value replacing the placeholder is not strictly sanitized against relative path components. Consequently, if a user is created with a specially crafted username the resulting path may resolve to a parent directory instead of the intended sub-directory. This issue is fixed in version v2.7.1
Source : NVD
## 5.3
Score
Published March 13, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Wiz
CVE-2025-67936 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2025-67936 [HIGH] CVE-2025-67936 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67936 :
NixOS vulnerability analysis and mitigation
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through < 3.3.
Source : NVD
## 8.1
Score
Published January 8, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
NixOS
WordPress
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
curly
Sources
NVD
Nix Severity HIGH Has Fix Added at: Jan 30, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can
Wiz
CVE-2025-33226 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-33226 [HIGH] CVE-2025-33226 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-33226 :
NixOS vulnerability analysis and mitigation
NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Source : NVD
## 7.8
Score
Published December 16, 2025
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 40.5
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
nemo
Sources
NVD
Nix Severity HIGH Has Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a prioritize
Wiz
CVE-2026-20416 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.2
CVE-2026-20416 [HIGH] CVE-2026-20416 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20416 :
NixOS vulnerability analysis and mitigation
In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315038 / ALPS10340155; Issue ID: MSV-5155.
Source : NVD
## 7.2
Score
Published March 2, 2026
Severity HIGH
CNA Score 7.2
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessmen
Wiz
CVE-2025-65411 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-65411 [HIGH] CVE-2025-65411 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-65411 :
NixOS vulnerability analysis and mitigation
A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the search_path parameter.
Source : NVD
## 7.5
Score
Published December 30, 2025
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
unrtf
Sources
NVD
Alpine 3.19, 3.20, 3.21, edge Severity HIGH No Fix Added at: Jan 11, 2026
Alpine 3.22, 3.23 Severity HIGH No Fix Added at: Jan 28, 2026
Debian 11, 12, 13, 14 Severity LOW N
Wiz
CVE-2026-4716 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4716 [HIGH] CVE-2026-4716 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4716 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 9.1
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mozilla:firefox
MozillaFirefox
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix
Wiz
CVE-2026-4687 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4687 [HIGH] CVE-2026-4687 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4687 :
NixOS vulnerability analysis and mitigation
Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 8.6
Score
Published March 24, 2026
Severity HIGH
CNA Score 9.6
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaFirefox-branding-upstream
cpe:2.3:a:mozilla:firefox
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar
Wiz
CVE-2026-25636 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2026-25636 [HIGH] CVE-2026-25636 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25636 :
NixOS vulnerability analysis and mitigation
calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write mode, even when it points outside the conversion extraction directory. This vulnerability is fixed in 9.2.0.
Source : NVD
## 7.8
Score
Published February 6, 2026
Severity HIGH
CNA Score 8.2
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS)
Wiz
CVE-2026-5124 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-5124 [MEDIUM] CVE-2026-5124 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5124 :
NixOS vulnerability analysis and mitigation
A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP Header Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high complexity. The exploitability is told to be difficult. The identifier of the patch is f0f24a2a901cbf159260698211ab15c583ced131. To fix this issue, it is recommended to deploy a patch.
Source : NVD
## 6.3
Score
Published March 30, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due
Wiz
CVE-2025-15339 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-15339 [MEDIUM] CVE-2025-15339 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15339 :
NixOS vulnerability analysis and mitigation
Tanium addressed an incorrect default permissions vulnerability in Discover.
Source : NVD
## 6.5
Score
Published February 5, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
discover
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Feb 11, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV
Wiz
CVE-2026-2780 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2780 [CRITICAL] CVE-2026-2780 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2780 :
NixOS vulnerability analysis and mitigation
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaFirefox-devel
MozillaThunderbird-translations-other
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13, 14 Severity CRITI
Wiz
CVE-2026-2447 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-2447 [HIGH] CVE-2026-2447 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2447 :
NixOS vulnerability analysis and mitigation
Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.
Source : NVD
## 8.8
Score
Published February 16, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaThunderbird-openpgp-librnp
MozillaThunderbird-translations-common
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Chaing
Wiz
CVE-2026-3086 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-3086 [HIGH] CVE-2026-3086 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3086 :
NixOS vulnerability analysis and mitigation
GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the processing of APS units. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28911.
Source : NVD
## 7.8
Score
Published March 16, 2026
Severity HIGH
CNA Score 7.8
Wiz
CVE-2026-26031 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.3
CVE-2026-26031 [LOW] CVE-2026-26031 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26031 :
NixOS vulnerability analysis and mitigation
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students (by email) in batches. This vulnerability is fixed in 2.44.0.
Source : NVD
## 1.3
Score
Published February 11, 2026
Severity LOW
CNA Score 1.3
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
learning
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Feb 15, 2026
## Get a
Wiz
CVE-2025-57783 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-57783 [MEDIUM] CVE-2025-57783 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-57783 :
NixOS vulnerability analysis and mitigation
Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver.
Source : NVD
## 5.3
Score
Published January 26, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
hiawatha
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Feb 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's explo
Wiz
CVE-2026-4700 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4700 [HIGH] CVE-2026-4700 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4700 :
NixOS vulnerability analysis and mitigation
Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 9.8
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
thunderbird
MozillaThunderbird-translations-common
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix Added at: Mar 29, 2026
Wiz
CVE-2026-33869 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33869 [MEDIUM] CVE-2026-33869 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33869 :
NixOS vulnerability analysis and mitigation
Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x branch prior to 4.5.8 and on the 4.4.x branch prior to 4.4.15, an attacker that knows of a quote before it has reached a server can prevent it from being correctly processed on that server. The vulnerability has been patched in Mastodon 4.5.8 and 4.4.15. Mastodon 4.3 and earlier are not affected because they do not support quotes.
Source : NVD
## 4.8
Score
Published March 27, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Mastodon
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.3
Exploitation Probabilit
Wiz
CVE-2026-20443 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2026-20443 [MEDIUM] CVE-2026-20443 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20443 :
NixOS vulnerability analysis and mitigation
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5722.
Source : NVD
## 6.7
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioriti
Wiz
CVE-2026-1175 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-1175 [MEDIUM] CVE-2026-1175 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1175 :
NixOS vulnerability analysis and mitigation
A vulnerability was identified in birkir prime up to 0.4.0.beta.0. This impacts an unknown function of the file /graphql of the component GraphQL Directive Handler. Such manipulation leads to information exposure through error message. The attack may be performed from remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Source : NVD
## 5.5
Score
Published January 19, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.3
Exploitation Probability (EPSS) 0.1
A
Wiz
CVE-2026-4707 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4707 [HIGH] CVE-2026-4707 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4707 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 7.5
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaThunderbird-translations-other
firefox-x11
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard
Wiz
CVE-2026-27973 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.0
CVE-2026-27973 [MEDIUM] CVE-2026-27973 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27973 :
NixOS vulnerability analysis and mitigation
Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification privileges can execute code in victim users' browsers/WebViews, potentially leading to session hijacking, data exfiltration, and unauthorized access to native device APIs. The issue is fixed in audiobookshelf-app version 0.12.0-beta, corresponding to audiobookshelf version 2.12.0.
Source : NVD
## 4.8
Score
Published February 26, 2026
Severity MEDIUM
CNA Score 4.0
Affected Technologies
NixOS
Has Public Exploit No
Wiz
CVE-2026-33218 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33218 [MEDIUM] CVE-2026-33218 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33218 :
NixOS vulnerability analysis and mitigation
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nats-server with a certain malformed message pre-authentication. Versions 2.11.15 and 2.12.6 contain a fix. As a workaround, disable leafnode support if not needed or restrict network connections to the leafnode port, if plausible without compromising the service offered.
Source : NVD
## 7.5
Score
Published March 25, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS)
Wiz
CVE-2025-14331 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-14331 [MEDIUM] CVE-2025-14331 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14331 :
NixOS vulnerability analysis and mitigation
Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
Source : NVD
## 6.5
Score
Published December 9, 2025
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firefox
rhel10::thunderbird-flatpak.src
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Dec 12, 2025
AlmaLinux 9 Severity HIGH Has Fix Added at: Dec 12, 2025
Debian 11, 12, 13, 14
Wiz
CVE-2026-4711 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4711 [HIGH] CVE-2026-4711 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4711 :
NixOS vulnerability analysis and mitigation
Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 9.8
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firefox
MozillaFirefox
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix Added at: Mar 29, 2026
Debian 11, 12, 13, 14 Severity CRIT
Wiz
CVE-2026-33251 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33251 [MEDIUM] CVE-2026-33251 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33251 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass vulnerability in hidden Solved topics may allow unauthorized users to accept or unaccept solutions. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, ensure only trusted users are part of the Site Setting for accept_all_solutions_allowed_groups.
Source : NVD
## 5.4
Score
Published March 20, 2026
Severity MEDIUM
CNA Score 5.4
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.1
Exploitation Probability (EPSS) N/A
Affe
Wiz
CVE-2026-2259 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-2259 [MEDIUM] CVE-2026-2259 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2259 :
NixOS vulnerability analysis and mitigation
A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Parsing. The manipulation leads to memory corruption. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2f45fe860d00990e79e13250251c1dde633f1f89. Applying a patch is the recommended action to fix this issue.
Source : NVD
## 4.8
Score
Published February 10, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploita
Wiz
CVE-2026-2784 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2784 [CRITICAL] CVE-2026-2784 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2784 :
NixOS vulnerability analysis and mitigation
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
MozillaThunderbird-translations-other
MozillaThunderbird-openpgp-librnp
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13, 1
Wiz
CVE-2025-67268 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-67268 [CRITICAL] CVE-2025-67268 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67268 :
NixOS vulnerability analysis and mitigation
gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution.
Source : NVD
## 9.8
Score
Published January 2, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
Wiz
CVE-2026-25051 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.5
CVE-2026-25051 [HIGH] CVE-2026-25051 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25051 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. Prior to version 1.123.2, a Cross-Site Scripting (XSS) vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Security Policy (CSP) sandbox protection intended to isolate HTML responses may not be applied correctly. An authenticated user with permission to create or modify workflows could abuse this to execute malicious scripts with same-origin privileges when other users interact with the crafted workflow. This could lead to session hijacking and account takeover. This issue has been patched in version 1.123.2.
Source : NVD
## 8.5
Score
Published February 4, 2026
Severity HIGH
CNA Sco
Wiz
CVE-2025-68382 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-68382 [MEDIUM] CVE-2025-68382 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68382 :
NixOS vulnerability analysis and mitigation
Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages.
Source : NVD
## 6.5
Score
Published December 18, 2025
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
packetbeat
Sources
NVD
Homebrew Severity MEDIUM Has Fix Added at: Dec 26, 2025
Nix Severity MEDIUM Has Fix Added at:
Wiz
CVE-2026-4708 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4708 [HIGH] CVE-2026-4708 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4708 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 7.5
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mozilla:firefox
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix Adde
Wiz
CVE-2025-65834 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-65834 [CRITICAL] CVE-2025-65834 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-65834 :
NixOS vulnerability analysis and mitigation
Meltytech Shotcut 25.10.31 is vulnerable to Buffer Overflow. A memory access violation occurs when processing MLT project files with manipulated width and height parameters. By setting these values to extremely large numbers, the application attempts to allocate excessive memory during image processing, triggering a buffer overflow in the mlt_image_fill_white function.
Source : NVD
## 9.8
Score
Published December 16, 2025
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
shotcut
S
Wiz
CVE-2026-20442 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.4
CVE-2026-20442 [MEDIUM] CVE-2026-20442 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20442 :
NixOS vulnerability analysis and mitigation
In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5723.
Source : NVD
## 4.4
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 4.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of
Wiz
CVE-2026-0025 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2026-0025 [HIGH] CVE-2026-0025 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0025 :
NixOS vulnerability analysis and mitigation
In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 8.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs
Wiz
CVE-2026-25627 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-25627 [MEDIUM] CVE-2026-25627 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25627 :
NixOS vulnerability analysis and mitigation
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual payload. The code path copies Remaining Length bytes without verifying that the current receive buffer contains that many bytes, resulting in an out-of-bounds read (ASAN reports OOB / crash). This is remotely triggerable over the WebSocket listener. This issue has been patched in version 0.24.8.
Source : NVD
## 7.5
Score
Published March 30, 2026
Severity HIGH
CNA Score 6.5
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploi
Wiz
CVE-2025-69647 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.2
CVE-2025-69647 [MEDIUM] CVE-2025-69647 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69647 :
NixOS vulnerability analysis and mitigation
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an unbounded output loop that never terminates unless externally interrupted. A local attacker can trigger this behavior by supplying a malicious input file, causing excessive CPU and I/O usage and preventing readelf from completing its analysis.
Source : NVD
## 6.2
Score
Published March 9, 2026
Severity MEDIUM
CNA Score 6.2
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date
Wiz
CVE-2025-68381 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-68381 [MEDIUM] CVE-2025-68381 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68381 :
NixOS vulnerability analysis and mitigation
Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (CAPEC-100) and reliably crash the application or cause significant resource exhaustion via a single crafted UDP packet with an invalid fragment sequence number.
Source : NVD
## 6.5
Score
Published December 18, 2025
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
packetbeat
Sources
NVD
Homebrew Severity MEDIUM Has Fix Added at: Dec 26, 2025
Nix Severity MEDIUM
Wiz
CVE-2025-20797 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-20797 [HIGH] CVE-2025-20797 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20797 :
NixOS vulnerability analysis and mitigation
In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315812; Issue ID: MSV-5534.
Source : NVD
## 7.8
Score
Published January 6, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a
Wiz
CVE-2026-26973 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-26973 [MEDIUM] CVE-2026-26973 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26973 :
NixOS vulnerability analysis and mitigation
ReviewableNotesController
enable_category_group_moderation
Reviewable.find
ensure_can_see
enable_category_group_moderation
Reviewable.viewable_by(current_user)
enable_category_group_moderation
Source : NVD
## 4.3
Score
Published February 26, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
discourse
cpe:2.3:a:discourse:discourse
Sources
Nix Severity MEDIUM No Fix Added at: Mar 03, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 02, 2026
Linux Severity MEDIUM Has Fi
Wiz
CVE-2026-33433 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33433 [MEDIUM] CVE-2026-33433 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33433 :
NixOS vulnerability analysis and mitigation
headerField
x-auth-user
X-Auth-User
Source : NVD
## 5.1
Score
Published March 27, 2026
Severity MEDIUM
CNA Score 5.1
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
traefik-fips-3
github.com/traefik/traefik/v2
Sources
NVD
Chainguard Has Fix Added at: Mar 29, 2026
GoLang Severity MEDIUM Has Fix Added at: Mar 29, 2026
Homebrew Severity HIGH Has Fix Added at: Apr 06, 2026
MinimOS Severity HIGH Has Fix Added at: Mar 29, 2026
Nix Severity HIGH Has Fix Added at: Apr 06, 2026
Wolfi Has Fix Added at: Mar 29, 20
Wiz
CVE-2026-23530 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2026-23530 [HIGH] CVE-2026-23530 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23530 :
NixOS vulnerability analysis and mitigation
freerdp_bitmap_decompress_planar
nSrcWidth
nSrcHeight
planar->maxWidth
maxHeight
Source : NVD
## 7.7
Score
Published January 19, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 36.1
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
libfreerdp3-3
uwac0-devel
Sources
NVD
AlmaLinux 8 Severity HIGH Has Fix Added at: Feb 08, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Feb 11, 2026
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23 Severity CRITICAL Has Fix Added at: Jan 29, 2026
Wiz
CVE-2026-32303 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32303 [MEDIUM] CVE-2026-32303 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32303 :
NixOS vulnerability analysis and mitigation
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted endpoints from the vault config without host authenticity checks, which could allow token exfiltration by mixing a legitimate auth endpoint with a malicious API endpoint. Impacted are users unlocking Hub-backed vaults with affected client versions in environments where an attacker can alter the vault.cryptomator file. This issue has been patched in version 1.19.1.
Source : NVD
## 5.9
Score
Published March 20, 2026
Severity MEDI
Wiz
CVE-2025-69279 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-69279 [HIGH] CVE-2025-69279 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69279 :
NixOS vulnerability analysis and mitigation
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Source : NVD
## 7.5
Score
Published March 9, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 42.2
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 10, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Ni
Wiz
CVE-2025-68699 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-68699 [MEDIUM] CVE-2025-68699 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68699 :
NixOS vulnerability analysis and mitigation
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions ($share/). A malformed SUBSCRIBE topic such as $share/ab (missing the second /) is not strictly validated during the subscription stage, so the invalid Topic Filter is stored into the subscription table. Later, when any PUBLISH matches this subscription, the broker send path (nmq_pipe_send_start_v4/v5) performs a second $share/ parsing using strchr() and increments the returned pointer without NULL checks. If the second strchr() returns NULL, sub_topic++ turns the pointer into an invalid address (e.g. 0x1). This invalid pointer is then passed into
Wiz
CVE-2025-15272 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-15272 [HIGH] CVE-2025-15272 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15272 :
NixOS vulnerability analysis and mitigation
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SFD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28547.
Source : NVD
## 8.8
Score
Published December 31, 2025
Severity HIGH
CNA Score 8.8
Affe
Wiz
CVE-2025-56225 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-56225 [HIGH] CVE-2025-56225 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-56225 :
NixOS vulnerability analysis and mitigation
fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.
Source : NVD
## 7.5
Score
Published January 9, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libfluidsynth3
mscorebc-fonts
Sources
NVD
Alpine 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21 Severity HIGH No Fix Added at: Jan 23, 2026
Alpine 3.22 Severity HIGH No Fix Added at: Jan 28, 2026
Debian
Wiz
CVE-2025-68120 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2025-68120 [MEDIUM] CVE-2025-68120 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68120 :
NixOS vulnerability analysis and mitigation
To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.
Source : NVD
## 5.4
Score
Published December 30, 2025
Severity MEDIUM
CNA Score 5.4
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10
Exploitation Probability (EPSS) N/A
Affected packages and libraries
go
github.com/golang/vscode-go
Sources
NVD
GoLang Severity MEDIUM Has Fix Added at: Jan 01, 2026
Homebrew Severity MEDIUM Has Fix Added at: Jan 08, 2026
Nix Severity MEDIUM Has Fix Added at: Jan 08, 2026
## Get a CVE risk assessment
Get a prioritized view
Wiz
CVE-2025-49010 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.8
CVE-2025-49010 [LOW] CVE-2025-49010 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-49010 :
NixOS vulnerability analysis and mitigation
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.
Source : NVD
## 6.8
Score
Published March 30, 2026
Severity MEDIUM
CNA Score 3.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4
Exploitation Probability (EPSS) N/A
Affected p
Wiz
CVE-2026-2785 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2785 [CRITICAL] CVE-2026-2785 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2785 :
NixOS vulnerability analysis and mitigation
Invalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaThunderbird
MozillaThunderbird-translations-other
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13, 14 Severity CRIT
Wiz
CVE-2026-1437 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-1437 [MEDIUM] CVE-2026-1437 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1437 :
NixOS vulnerability analysis and mitigation
Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the '/system/authentication/users/edit/' endpoint.
Source : NVD
## 5.3
Score
Published February 18, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Has Public
Wiz
CVE-2023-53941 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2023-53941 [CRITICAL] CVE-2023-53941 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-53941 :
NixOS vulnerability analysis and mitigation
EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the app_service_control parameter. Attackers can send POST requests to /index.php?zone=settings with crafted app_service_control values to execute commands with administrative privileges.
Source : NVD
## 9.3
Score
Published December 18, 2025
Severity CRITICAL
CNA Score 9.3
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 98.6
Exploitation Probability (EPSS) 68.6
Affected packages and libraries
webserver
Source
Wiz
CVE-2025-58946 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2025-58946 [HIGH] CVE-2025-58946 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-58946 :
NixOS vulnerability analysis and mitigation
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Vocal vocal allows PHP Local File Inclusion.This issue affects Vocal: from n/a through <= 1.12.
Source : NVD
## 8.2
Score
Published December 18, 2025
Severity HIGH
CNA Score 8.2
Affected Technologies
NixOS
WordPress
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
vocal
Sources
NVD
Nix Severity HIGH No Fix Added at: Dec 26, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you ca
Wiz
CVE-2026-27577 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-27577 [CRITICAL] CVE-2026-27577 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27577 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate all known vulnerabilities. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions
Wiz
CVE-2026-2947 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-2947 [MEDIUM] CVE-2026-2947 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2947 :
NixOS vulnerability analysis and mitigation
A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Source : NVD
## 5.1
Score
Published February 22, 2026
Severity MEDIUM
CNA Score 5.1
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.8
Exploitation Probability (EPS
Wiz
CVE-2026-30785 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2026-30785 [HIGH] CVE-2026-30785 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30785 :
NixOS vulnerability analysis and mitigation
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb_common on Windows, MacOS, Linux (Password security module, config encryption, machine UID modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files hbb_common/src/password_security.Rs, hbb_common/src/config.Rs, hbb_common/src/lib.Rs (get_uuid), machine-uid/src/lib.Rs and program routines symmetric_crypt(), encrypt_str_or_original(), decrypt_str_or_original(), get_uuid(), get_machine_id().
This issue affects RustDesk Client: through 1.4.5.
Source : NVD
## 8.2
Score
Wiz
CVE-2025-70302 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-70302 [MEDIUM] CVE-2025-70302 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-70302 :
NixOS vulnerability analysis and mitigation
A heap overflow in the ghi_dmx_declare_opid_bin() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
Source : NVD
## 5.5
Score
Published January 15, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gpac
Sources
NVD
Debian 11 Severity MEDIUM No Fix Added at: Jan 18, 2026
Homebrew Severity MEDIUM No Fix Added at: Jan 26, 2026
Nix Severity MEDIUM No Fix Added at: Jan 26, 2026
## Get a CVE risk assessment
Get a prioritized view
Wiz
CVE-2026-25140 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-25140 [HIGH] CVE-2026-25140 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25140 :
NixOS vulnerability analysis and mitigation
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in pkg/apk/expandapk/expandapk.go expands .apk streams without enforcing decompression limits, allowing a malicious repository to serve a small, highly-compressed .apk that inflates into a large tar stream, consuming excessive disk space and CPU time, causing build failures or denial of service. This issue has been patched in version 1.1.1.
Source : NVD
## 7.5
Score
Published February 4, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Wolf
Wiz
CVE-2025-15289 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.1
CVE-2025-15289 [LOW] CVE-2025-15289 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15289 :
NixOS vulnerability analysis and mitigation
Tanium addressed an improper access controls vulnerability in Interact.
Source : NVD
## 3.1
Score
Published February 5, 2026
Severity LOW
CNA Score 3.1
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
interact
Sources
NVD
Nix Severity LOW Has Fix Added at: Feb 11, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Ha
Wiz
CVE-2026-3085 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-3085 [HIGH] CVE-2026-3085 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3085 :
NixOS vulnerability analysis and mitigation
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the processing of X-QDM RTP payloads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28851.
Source : NVD
## 8.8
Score
Published March 16, 2026
Severity HIGH
CNA Score 8
Wiz
CVE-2025-58225 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2025-58225 [HIGH] CVE-2025-58225 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-58225 :
NixOS vulnerability analysis and mitigation
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Paragon paragon allows PHP Local File Inclusion.This issue affects Paragon: from n/a through <= 1.1.
Source : NVD
## 8.1
Score
Published December 18, 2025
Severity HIGH
CNA Score 8.1
Affected Technologies
NixOS
WordPress
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 38.5
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
paragon
Sources
NVD
Nix Severity HIGH No Fix Added at: Jan 06, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so
Wiz
CVE-2026-26740 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2026-26740 [HIGH] CVE-2026-26740 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26740 :
NixOS vulnerability analysis and mitigation
Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.
Wiz Threat Research note: This vulnerability's CVSS vector has been overridden to Integrity NONE by the Wiz Research team, as it's a Denial-of-Service vulnerability and does not allow code execution.
Source : NVD
## 8.2
Score
Published March 18, 2026
Severity HIGH
CNA Score 8.2
Affected Technologies
NixOS
OpenJDK JDK
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 34
Exploitation Probability (EPSS)
Wiz
CVE-2025-56005 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-56005 [CRITICAL] CVE-2025-56005 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-56005 :
NixOS vulnerability analysis and mitigation
picklefile
yacc()
.pkl
pickle.load()
pickle
__reduce__()
Wiz Threat Research note: This vulnerability's CVSS vector has been overridden to Attack Vector LOCAL by the Wiz Research team, as pickle files must be loaded on the host itself.
Source : NVD
## 9.8
Score
Published January 20, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 76.3
Exploitation Probability (EPSS) 0.9
Affected packages and libraries
pypy3.10-libs-debuginfo
pypy3.11-test
Sources
NVD
Debian 11, 12, 13, 14 Severity LOW No Fix Added at: Jan 26, 2026
Echo Severity CR
Wiz
CVE-2026-33525 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33525 [MEDIUM] CVE-2026-33525 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33525 :
NixOS vulnerability analysis and mitigation
script-src
connect-src
langauge
Source : NVD
## 0.5
Score
Published March 26, 2026
Severity LOW
CNA Score 0.5
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
github.com/authelia/authelia/v4
authelia
Sources
NVD
GoLang Severity LOW Has Fix Added at: Mar 24, 2026
Nix Severity MEDIUM No Fix Added at: Apr 05, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
T
Wiz
CVE-2026-33996 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33996 [MEDIUM] CVE-2026-33996 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33996 :
NixOS vulnerability analysis and mitigation
jwk2key
Source : NVD
## 5.8
Score
Published March 27, 2026
Severity MEDIUM
CNA Score 5.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libjwt
libjwt3
Sources
NVD
Debian 14 Severity MEDIUM Has Fix Added at: Mar 29, 2026
Homebrew Severity MEDIUM Has Fix Added at: Apr 05, 2026
Nix Severity MEDIUM Has Fix Added at: Apr 05, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE
Wiz
CVE-2026-32240 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32240 [MEDIUM] CVE-2026-32240 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32240 :
NixOS vulnerability analysis and mitigation
Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in 1.4.0.
Source : NVD
## 6.3
Score
Published March 12, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 23
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
capnproto
Sources
NVD
Alpine 3.14, 3.15, 3.16, 3.17
Wiz
CVE-2026-33665 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-33665 [HIGH] CVE-2026-33665 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33665 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could control their own LDAP email attribute could set it to match another user's email — including an administrator's — and upon login gain full access to that account. The account linkage persisted even if the LDAP email was later reverted, resulting in a permanent account takeover. LDAP authentication must be configured and active (non-default). The issue has been fixed in n8n versions 2.4.0 and 1.121.0. Users should upgrade to one of t
Wiz
CVE-2026-27152 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.3
CVE-2026-27152 [LOW] CVE-2026-27152 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27152 :
NixOS vulnerability analysis and mitigation
Chat::AddUsersToChannel
Source : NVD
## 1.3
Score
Published February 26, 2026
Severity LOW
CNA Score 1.3
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discourse
Sources
Nix Severity LOW No Fix Added at: Mar 03, 2026
Linux Severity LOW Has Fix Added at: Mar 02, 2026
Linux Severity LOW Has Fix Added at: Mar 03, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vu
Wiz
CVE-2026-33395 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33395 [MEDIUM] CVE-2026-33395 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33395 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the discourse-graphviz plugin contains a stored cross-site scripting (XSS) vulnerability that allows authenticated users to inject malicious JavaScript code through DOT graph definitions. For instances with CSP disabled only. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, disable the graphviz plugin, upgrade to a patched version, or enable a content security policy.
Source : NVD
## 5.4
Score
Published March 19, 2026
Severity MEDIUM
CNA Score 4.4
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Du
Wiz
CVE-2026-33248 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33248 [MEDIUM] CVE-2026-33248 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33248 :
NixOS vulnerability analysis and mitigation
verify_and_map
DN
DN
Source : NVD
## 4.2
Score
Published March 25, 2026
Severity MEDIUM
CNA Score 4.2
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
k3s
telegraf-1.38
Sources
NVD
Chainguard Has Fix Added at: Mar 26, 2026
Debian 12, 13 Severity MEDIUM No Fix Added at: Mar 29, 2026
Debian 14 Severity MEDIUM Has Fix Added at: Mar 29, 2026
Echo Severity MEDIUM No Fix Added at: Mar 29, 2026
GoLang Severity MEDIUM Has Fix Added at: Mar 25, 2026
Homebrew Severity MEDIUM Has Fix Added at: Mar 29, 2026
MinimOS
Wiz
CVE-2026-4693 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4693 [HIGH] CVE-2026-4693 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4693 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 7.5
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaThunderbird-translations-other
rhel10::thunderbird-flatpak
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31
Wiz
CVE-2026-2788 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2788 [CRITICAL] CVE-2026-2788 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2788 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
firefox-x11
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Wiz
CVE-2025-32313 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2025-32313 [HIGH] CVE-2025-32313 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-32313 :
NixOS vulnerability analysis and mitigation
In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 8.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cl
Wiz
CVE-2025-65410 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.2
CVE-2025-65410 [MEDIUM] CVE-2025-65410 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-65410 :
NixOS vulnerability analysis and mitigation
A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted input into the filename parameter.
Source : NVD
## 6.2
Score
Published December 23, 2025
Severity MEDIUM
CNA Score 6.2
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
unrtf
Sources
NVD
Alpine 3.19, 3.20, 3.21, edge Severity MEDIUM No Fix Added at: Jan 07, 2026
Alpine 3.22, 3.23 Severity MEDIUM No Fix Added at: Jan 28, 2026
Debian 11, 12, 13, 14 Severity LOW No Fix A
Wiz
CVE-2025-61646 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.2
CVE-2025-61646 [LOW] CVE-2025-61646 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61646 :
NixOS vulnerability analysis and mitigation
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
Source : NVD
## 1.2
Score
Published February 3, 2026
Severity LOW
CNA Score 1.2
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM Has Fix Added at: Oct 03, 2025
Echo Severity MEDIUM Has Fix Added at: Nov 18, 2025
Nix Severity MEDIU
Wiz
CVE-2026-2039 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2039 [CRITICAL] CVE-2026-2039 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2039 :
NixOS vulnerability analysis and mitigation
GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of the MArc.Store.Remoting.exe process, which listens on port 8018. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-28597.
Source : NVD
## 9.8
Score
Published February 20, 2026
Severity CRITICAL
CNA Score 7.3
Affected Technologies
NixOS
Homebrew
Wiz
CVE-2025-52603 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.5
CVE-2025-52603 [LOW] CVE-2025-52603 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-52603 :
NixOS vulnerability analysis and mitigation
HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata is returned in the browser.
Source : NVD
## 3.5
Score
Published February 20, 2026
Severity LOW
CNA Score 3.5
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
connections
Sources
NVD
Nix Severity LOW No Fix Added at: Feb 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on w
Wiz
CVE-2025-20787 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2025-20787 [MEDIUM] CVE-2025-20787 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20787 :
NixOS vulnerability analysis and mitigation
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149879; Issue ID: MSV-4658.
Source : NVD
## 6.7
Score
Published January 6, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a priori
Wiz
CVE-2026-20415 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-20415 [MEDIUM] CVE-2026-20415 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20415 :
NixOS vulnerability analysis and mitigation
In imgsys, there is a possible memory corruption due to improper locking. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363254; Issue ID: MSV-5617.
Source : NVD
## 5.5
Score
Published February 2, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Feb 04, 2026
## Get a CVE risk assessment
Get a prioritize
Wiz
CVE-2026-23740 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-23740 [MEDIUM] CVE-2026-23740 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23740 :
NixOS vulnerability analysis and mitigation
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.
Source : NVD
## 7.8
Score
Published February 6, 2026
Severity HIGH
CNA Score N/A
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Ex
Wiz
CVE-2026-2923 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-2923 [HIGH] CVE-2026-2923 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2923 :
NixOS vulnerability analysis and mitigation
GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the handling of coordinates. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28838.
Source : NVD
## 7.8
Score
Published March 16, 2026
Severity HIGH
CNA Score 7.8
Aff
Wiz
CVE-2026-33537 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33537 [MEDIUM] CVE-2026-33537 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33537 :
NixOS vulnerability analysis and mitigation
Photo::fromUrl
Source : NVD
## 5.3
Score
Published March 26, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
lychee
Sources
NVD
Chainguard Has Fix Added at: Mar 29, 2026
Homebrew Severity MEDIUM Has Fix Added at: Apr 05, 2026
Nix Severity MEDIUM Has Fix Added at: Apr 05, 2026
Wolfi Has Fix Added at: Mar 29, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vul
Wiz
CVE-2025-67082 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-67082 [MEDIUM] CVE-2025-67082 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67082 :
NixOS vulnerability analysis and mitigation
An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises from insufficient sanitizing of single quotes.
Source : NVD
## 6.5
Score
Published January 15, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
invoiceplane
Sources
N
Wiz
CVE-2026-32317 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32317 [MEDIUM] CVE-2026-32317 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32317 :
NixOS vulnerability analysis and mitigation
Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 1.12.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted endpoints from the vault config without host authenticity checks, which could allow token exfiltration by mixing a legitimate auth endpoint with a malicious API endpoint. Impacted are users unlocking Hub-backed vaults with affected client versions in environments where an attacker can alter the vault.cryptomator file. This issue has been patched in version 1.12.3.
Source : NVD
## 5.9
Score
P
Wiz
CVE-2026-25959 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-25959 [MEDIUM] CVE-2026-25959 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25959 :
NixOS vulnerability analysis and mitigation
xf_cliprdr_provide_data_
pDstData
XChangeProperty
xf_cliprdr_server_format_data_response
xf_cliprdr_clear_cached_data
HashTable_Clear
xf_cached_data_free
Source : NVD
## 5.5
Score
Published February 25, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 29.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
freerdp-libs-debuginfo
libwinpr-devel
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23, edge Severity CRITICAL Has Fix Added at: Mar 02, 2026
Chainguard Has Fix Added a
Wiz
CVE-2026-25596 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-25596 [MEDIUM] CVE-2026-25596 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25596 :
NixOS vulnerability analysis and mitigation
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability exists in InvoicePlane 1.7.0 via the Product Unit Name fields. An authenticated administrator can inject malicious JavaScript that executes when any administrator views an invoice containing a product with the malicious unit. Version 1.7.1 patches the issue.
Source : NVD
## 4.8
Score
Published February 18, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.3
Exploitation Probability (EPSS) N/A
Affected packages
Wiz
CVE-2025-50681 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-50681 [HIGH] CVE-2025-50681 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-50681 :
NixOS vulnerability analysis and mitigation
recv_igmp()
inet_fmtsrc()
Source : NVD
## 7.5
Score
Published December 19, 2025
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 47.6
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
igmpproxy
Sources
NVD
Alpine 3.18, 3.19, 3.20, 3.21, edge Severity HIGH No Fix Added at: Jan 03, 2026
Alpine 3.22, 3.23 Severity HIGH No Fix Added at: Jan 28, 2026
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Dec 22, 2025
Echo Severity HIGH No Fix Added at: Dec 22, 2025
Nix Severity HIGH No Fix Added at: Jan 04, 2026
## Get a CVE risk as
Wiz
CVE-2025-66864 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-66864 [HIGH] CVE-2025-66864 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66864 :
NixOS vulnerability analysis and mitigation
An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
Source : NVD
## 7.5
Score
Published December 29, 2025
Severity HIGH
CNA Score 5.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gcc-toolset-14-binutils-devel
gcc-toolset-14-gdb
Sources
NVD
Chainguard No Fix Added at: Jan 15, 2026
Debian 11, 12, 13, 14 Severity LOW No Fix Added at: Dec 30, 2025
Echo Severity HIGH Has Fix Added at: Dec 30, 2025
Hom
Wiz
CVE-2026-25061 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-25061 [MEDIUM] CVE-2026-25061 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25061 :
NixOS vulnerability analysis and mitigation
tim.bitmap[251]
handle_beacon()
Source : NVD
## 5.5
Score
Published January 29, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
tcpflow
tcpflow-debuginfo
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23, edge Severity HIGH No Fix Added at: Mar 02, 2026
Debian 11 Severity HIGH Has Fix Added at: Jan 30, 2026
Debian 12, 13 Severity MEDIUM No Fix Added at: Jan 30, 2026
Debian 14 Severity HIGH No Fix Added at: Jan 30, 20
Wiz
CVE-2026-27889 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-27889 [HIGH] CVE-2026-27889 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27889 :
NixOS vulnerability analysis and mitigation
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity check on a WebSockets frame could trigger a server panic in the nats-server. This happens before authentication, and so is exposed to anyone who can connect to the websockets port. Versions 2.11.14 and 2.12.5 contains a fix. A workaround is available. The vulnerability only affects deployments which use WebSockets and which expose the network port to untrusted end-points. If one is able to do so, a defense in depth of restricting either of these will mitigate the attack.
Source : NVD
## 7.5
Score
Published March 25, 2026
Severity HIGH
CNA
Wiz
CVE-2025-14326 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-14326 [CRITICAL] CVE-2025-14326 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14326 :
NixOS vulnerability analysis and mitigation
Use-after-free in the Audio/Video: GMP component. This vulnerability affects Firefox < 146 and Thunderbird < 146.
Source : NVD
## 9.8
Score
Published December 9, 2025
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:mozilla:firefox
cpe:2.3:a:mozilla:thunderbird
Sources
Homebrew Severity CRITICAL Has Fix Added at: Dec 12, 2025
Nix Severity CRITICAL Has Fix Added at: Dec 12, 2025
Ubuntu 22.04 Severity MEDIUM No Fix Added at: Dec 11, 2025
Linux Severity CRITICA
Wiz
CVE-2026-31965 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-31965 [MEDIUM] CVE-2026-31965 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31965 :
NixOS vulnerability analysis and mitigation
cram_decode_slice()
Source : NVD
## 6.9
Score
Published March 18, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
htslib
htslib-debuginfo
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Mar 19, 2026
Echo Severity HIGH No Fix Added at: Mar 19, 2026
Homebrew Severity HIGH Has Fix Added at: Mar 20, 2026
Nix Severity HIGH Has Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's e
Wiz
CVE-2026-30888 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.2
CVE-2026-30888 [LOW] CVE-2026-30888 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30888 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allow a moderator to edit site policy documents (ToS, guidelines, privacy policy) that they are explicitly prohibited from modifying. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.
Source : NVD
## 5.5
Score
Published March 20, 2026
Severity MEDIUM
CNA Score 2.2
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
discourse
cpe:2.3:a:discourse:discourse
Wiz
CVE-2026-2762 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2762 [CRITICAL] CVE-2026-2762 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2762 :
NixOS vulnerability analysis and mitigation
Integer overflow in the JavaScript: Standard Library component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
MozillaFirefox-translations-common
MozillaThunderbird-openpgp-librnp
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11,
Wiz
CVE-2026-20971 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.3
CVE-2026-20971 [HIGH] CVE-2026-20971 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20971 :
NixOS vulnerability analysis and mitigation
Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code.
Source : NVD
## 7.3
Score
Published January 9, 2026
Severity HIGH
CNA Score 7.3
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Jan 19, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Wiz
CVE-2025-14019 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.4
CVE-2025-14019 [LOW] CVE-2025-14019 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14019 :
NixOS vulnerability analysis and mitigation
LINE client for Android versions from 13.8 to 15.5 is vulnerable to UI spoofing in the in-app browser where a specific layout could obscure the full-screen warning prompt, potentially allowing attackers to conduct phishing attacks.
Source : NVD
## 4.7
Score
Published December 15, 2025
Severity MEDIUM
CNA Score 3.4
Affected Technologies
NixOS
Line
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
line
cpe:2.3:a:linecorp:line
Sources
Nix Severity MEDIUM No Fix Added at: Dec 22, 2025
Windows Severity MEDIUM Has Fix Added at: Dec 21, 2025
Windows Se
Wiz
CVE-2026-33640 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33640 [MEDIUM] CVE-2026-33640 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33640 :
NixOS vulnerability analysis and mitigation
Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users not associated with an Identity Provider. Starting in version 0.86.0 and prior to version 1.6.0, Outline does not invalidate OTP codes based on amount or frequency of invalid submissions, rather it relies on the rate limiter to restrict attempts. Consequently, identified bypasses in the rate limiter permit unrestricted OTP code submissions within the codes lifetime. This allows attackers to perform brute force attacks which enable account takeover. Version 1.6.0 fixes the issue.
Source : NVD
## 9.1
Score
Published March 26, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
NixOS
Homebrew
Wiz
CVE-2026-27578 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.5
CVE-2026-27578 [HIGH] CVE-2026-27578 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27578 :
NixOS vulnerability analysis and mitigation
n8n-nodes-base.webhook
NODES_EXCLUDE
Source : NVD
## 8.5
Score
Published February 25, 2026
Severity HIGH
CNA Score 8.5
Affected Technologies
NixOS
n8n
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
n8n
Sources
NVD
npm Severity HIGH Has Fix Added at: Mar 02, 2026
Nix Severity MEDIUM Has Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
Wiz
CVE-2025-20778 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-20778 [HIGH] CVE-2025-20778 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20778 :
NixOS vulnerability analysis and mitigation
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4729.
Source : NVD
## 7.8
Score
Published January 6, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a
Wiz
CVE-2025-48634 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.3
CVE-2025-48634 [HIGH] CVE-2025-48634 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48634 :
NixOS vulnerability analysis and mitigation
In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 7.3
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in
Wiz
CVE-2026-33868 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33868 [MEDIUM] CVE-2026-33868 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33868 :
NixOS vulnerability analysis and mitigation
/web/*
%2F
Source : NVD
## 6.1
Score
Published March 27, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
NixOS
Mastodon
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 76.1
Exploitation Probability (EPSS) 0.9
Affected packages and libraries
cpe:2.3:a:joinmastodon:mastodon
mastodon
Sources
Nix Severity MEDIUM Has Fix Added at: Apr 02, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 29, 2026
Linux Severity MEDIUM Has Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vu
Wiz
CVE-2026-29775 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-29775 [MEDIUM] CVE-2026-29775 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-29775 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmap_cache_put. A malicious server can send a CACHE_BITMAP_ORDER (Rev1) with cacheId equal to maxCells, bypassing the guard and accessing cells[] one element past the allocated array. This vulnerability is fixed in 3.24.0.
Source : NVD
## 8.2
Score
Published March 13, 2026
Severity HIGH
CNA Score 5.3
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.3
Exploitation Probability (EP
Wiz
CVE-2026-4684 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4684 [HIGH] CVE-2026-4684 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4684 :
NixOS vulnerability analysis and mitigation
Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 7.5
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firefox-esr
MozillaFirefox
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix Added at: Mar
Wiz
CVE-2026-3889 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-3889 [MEDIUM] CVE-2026-3889 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3889 :
NixOS vulnerability analysis and mitigation
Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9.
Source : NVD
## 6.5
Score
Published March 24, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Mozilla Thunderbird
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
rhel10::thunderbird-flatpak.src
MozillaThunderbird
Sources
AlmaLinux 9 Severity HIGH Has Fix Added at: Apr 02, 2026
Debian 11, 12, 13, 14 Severity MEDIUM Has Fix Added at: Mar 25, 2026
Echo Severity MEDIUM Has Fix Added at: Mar 25, 2026
Homebrew Severity MEDIUM Has Fix A
Wiz
CVE-2026-2045 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-2045 [HIGH] CVE-2026-2045 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2045 :
NixOS vulnerability analysis and mitigation
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28265.
Source : NVD
## 7.8
Score
Published February 20, 2026
Severity HIGH
CNA Score 7.8
Affected Te
Wiz
CVE-2026-3731 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-3731 [MEDIUM] CVE-2026-3731 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3731 :
NixOS vulnerability analysis and mitigation
A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may be performed from remote. Upgrading to version 0.11.4 and 0.12.0 is sufficient to resolve this issue. This patch is called 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60. You should upgrade the affected component.
Source : NVD
## 6.9
Score
Published March 8, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Alma Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date
Wiz
CVE-2026-2272 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-2272 [MEDIUM] CVE-2026-2272 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2272 :
NixOS vulnerability analysis and mitigation
ico_read_info
ico_read_icon
Source : NVD
## 6.5
Score
Published March 26, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 24.2
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
gimp-devel-tools
gimp:2.8::gimp-libs
Sources
Debian 11, 12, 13, 14 Severity MEDIUM Has Fix Added at: Feb 11, 2026
Echo Severity MEDIUM Has Fix Added at: Feb 12, 2026
Homebrew Severity MEDIUM No Fix Added at: Apr 06, 2026
Nix Severity MEDIUM No Fix Added at: Apr 06, 2026
Red Hat 6, 7, 8, 9 Severity MEDIUM No Fix Added at: Feb 11, 2026
Windows Severi
Wiz
CVE-2026-22772 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.8
CVE-2026-22772 [MEDIUM] CVE-2026-22772 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22772 :
NixOS vulnerability analysis and mitigation
Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio's metaRegex() function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the caller so data exfiltration is not possible. A malicious actor could attempt to probe an internal network through Blind SSRF. This vulnerability is fixed in 1.8.5.
Source : NVD
## 5.3
Score
Published January 12, 2026
Severity MEDIUM
CNA Score 5.8
Affected Technologies
NixOS
Podman
Has Public Exploit Y
Wiz
CVE-2026-23497 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.3
CVE-2026-23497 [LOW] CVE-2026-23497 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23497 :
NixOS vulnerability analysis and mitigation
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In 2.44.0 and earlier, there is a stored XSS vulnerability where a specially crafted image filename could execute malicious JavaScript when rendered on course or jobs pages.
Source : NVD
## 1.3
Score
Published January 14, 2026
Severity LOW
CNA Score 1.3
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
learning
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Jan 19, 2026
## Get a CVE risk assessment
Get a priorit
Wiz
CVE-2026-20989 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-20989 [MEDIUM] CVE-2026-20989 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20989 :
NixOS vulnerability analysis and mitigation
Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font.
Source : NVD
## 5.1
Score
Published March 16, 2026
Severity MEDIUM
CNA Score 5.1
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity LOW No Fix Added at: Mar 22, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Wiz
CVE-2026-33247 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33247 [MEDIUM] CVE-2026-33247 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33247 :
NixOS vulnerability analysis and mitigation
/debug/vars
Source : NVD
## 5.3
Score
Published March 25, 2026
Severity MEDIUM
CNA Score 7.4
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
nats-top-fips
prometheus-nats-exporter-fips
Sources
NVD
Chainguard Has Fix Added at: Mar 26, 2026
Debian 12, 13 Severity MEDIUM No Fix Added at: Mar 29, 2026
Debian 14 Severity MEDIUM Has Fix Added at: Mar 29, 2026
Echo Severity MEDIUM No Fix Added at: Mar 29, 2026
GoLang Severity HIGH Has Fix Added at: Mar 25, 2026
Homebrew Severity MEDIUM Has Fix Added at: Mar 29, 2
Wiz
CVE-2026-32942 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32942 [MEDIUM] CVE-2026-32942 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32942 :
NixOS vulnerability analysis and mitigation
PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17.
Source : NVD
## 8
Score
Published March 20, 2026
Severity HIGH
CNA Score 8.0
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
pjsip
Sources
NVD
Nix Severity HIGH Has Fix Added at: Mar 24, 2026
## Get a CVE risk assessment
Wiz
CVE-2025-20799 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-20799 [HIGH] CVE-2025-20799 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20799 :
NixOS vulnerability analysis and mitigation
In c2ps, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10274607; Issue ID: MSV-5049.
Source : NVD
## 7.8
Score
Published January 6, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a prioritized v
Wiz
CVE-2025-71276 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.4
CVE-2025-71276 [MEDIUM] CVE-2025-71276 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71276 :
NixOS vulnerability analysis and mitigation
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.
Source : NVD
## 6.1
Score
Published March 22, 2026
Severity MEDIUM
CNA Score 6.4
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
sogo
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Mar 22, 2026
Debian 14 Severity MEDIUM Has Fix Added at: Mar 22, 2026
Echo Severity MEDIUM No Fix Added at: Mar 22, 2026
Nix Severity MEDIUM Has Fix Added at: Mar 24, 2026
## Get a CVE risk assessment
Get a pri
Wiz
CVE-2026-4717 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4717 [HIGH] CVE-2026-4717 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4717 :
NixOS vulnerability analysis and mitigation
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 9.8
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
firefox
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix Added at: Mar 29, 2026
Deb
Wiz
CVE-2026-33722 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33722 [MEDIUM] CVE-2026-33722 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33722 :
NixOS vulnerability analysis and mitigation
externalSecret:list
Source : NVD
## 7.3
Score
Published March 25, 2026
Severity HIGH
CNA Score 7.3
Affected Technologies
NixOS
n8n
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
n8n
Sources
NVD
npm Severity HIGH Has Fix Added at: Mar 26, 2026
Nix Severity MEDIUM Has Fix Added at: Mar 29, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Ha
Wiz
CVE-2025-66037 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.9
CVE-2025-66037 [LOW] CVE-2025-66037 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66037 :
NixOS vulnerability analysis and mitigation
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length buffer and then reads one byte past the end of that allocation. This issue has been patched in version 0.27.0.
Source : NVD
## 6.8
Score
Published March 30, 2026
Severity MEDIUM
CNA Score 3.9
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.5
Exploitation Probability (EPSS) N/A
Affected
Wiz
CVE-2026-27497 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.4
CVE-2026-27497 [CRITICAL] CVE-2026-27497 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27497 :
NixOS vulnerability analysis and mitigation
n8n-nodes-base.merge
NODES_EXCLUDE
Source : NVD
## 9.4
Score
Published February 25, 2026
Severity CRITICAL
CNA Score 9.4
Affected Technologies
NixOS
n8n
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 22.7
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
n8n
Sources
NVD
npm Severity CRITICAL Has Fix Added at: Mar 02, 2026
Nix Severity HIGH Has Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component
Wiz
CVE-2026-25049 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.4
CVE-2026-25049 [CRITICAL] CVE-2026-25049 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25049 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue has been patched in versions 1.123.17 and 2.5.2.
Source : NVD
## 9.4
Score
Published February 4, 2026
Severity CRITICAL
CNA Score 9.4
Affected Technologies
NixOS
n8n
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
n8n
Sources
NVD
npm Severity CRITICAL H
Wiz
CVE-2025-64487 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.6
CVE-2025-64487 [HIGH] CVE-2025-64487 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-64487 :
NixOS vulnerability analysis and mitigation
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in 1.1.0.
Source : NVD
## 7.6
Score
Published February 11, 2026
Severity HIGH
CNA Score 7.6
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
outline
Sources
NVD
Homebrew Severity HIGH Has Fix Added at: Feb 24, 2026
Nix Se
Wiz
CVE-2026-2795 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2795 [CRITICAL] CVE-2026-2795 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2795 :
NixOS vulnerability analysis and mitigation
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firefox
thunderbird
Sources
Homebrew Severity CRITICAL Has Fix Added at: Mar 03, 2026
Nix Severity CRITICAL Has Fix Added at: Mar 03, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added at: Mar 02, 2026
Linux Severity CRITICAL Has Fix Added at: Feb 24, 2026
Wind
Wiz
CVE-2025-48587 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.2
CVE-2025-48587 [MEDIUM] CVE-2025-48587 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48587 :
NixOS vulnerability analysis and mitigation
In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 6.2
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 6.2
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view
Wiz
CVE-2026-29194 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2026-29194 [HIGH] CVE-2026-29194 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-29194 :
NixOS vulnerability analysis and mitigation
Netmaker makes networks with WireGuard. Prior to version 1.5.0, the Authorize middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication (hostAllowed=true), a valid host token bypasses all subsequent authorization checks without verifying that the host is authorized to access the specific requested resource. Any entity possessing knowledge of object identifiers (node IDs, host IDs) can craft a request with an arbitrary valid host token to access, modify, or delete resources belonging to other hosts. Affected endpoints include node info retrieval, host deletion, MQTT signal transmission, fallback host updates, and failover operations. This issue has been patched in version 1.5.0.
S
Wiz
CVE-2026-0035 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2026-0035 [HIGH] CVE-2026-0035 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0035 :
NixOS vulnerability analysis and mitigation
In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 8.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessme
Wiz
CVE-2026-0006 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-0006 [CRITICAL] CVE-2026-0006 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0006 :
NixOS vulnerability analysis and mitigation
In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 9.8
Score
Published March 2, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity CRITICAL No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so
Wiz
CVE-2025-70307 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-70307 [HIGH] CVE-2025-70307 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-70307 :
NixOS vulnerability analysis and mitigation
A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.
Source : NVD
## 7.5
Score
Published January 15, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gpac
Sources
NVD
Debian 11 Severity HIGH No Fix Added at: Jan 18, 2026
Homebrew Severity HIGH No Fix Added at: Feb 02, 2026
Nix Severity HIGH No Fix Added at: Feb 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your
Wiz
CVE-2025-14327 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-14327 [HIGH] CVE-2025-14327 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14327 :
NixOS vulnerability analysis and mitigation
Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird < 146, Firefox ESR < 140.7, and Thunderbird < 140.7.
Source : NVD
## 7.5
Score
Published December 9, 2025
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
rhel10::firefox-flatpak.src
firefox-debuginfo
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Feb 11, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Jan 20, 2026
Debian 11, 12, 13, 14 Severity HIGH Has Fix Added at
Wiz
CVE-2026-25954 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-25954 [MEDIUM] CVE-2026-25954 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25954 :
NixOS vulnerability analysis and mitigation
xf_rail_server_local_move_size
xfAppWindow
xf_rail_get_window
railWindows
Source : NVD
## 5.5
Score
Published February 25, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
freerdp-plugins
freerdp-debuginfo
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23, edge Severity HIGH Has Fix Added at: Mar 02, 2026
Chainguard Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13 Severity HIGH No Fix Added at: Mar 02, 2026
Debian 14 S
Wiz
CVE-2026-33165 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33165 [MEDIUM] CVE-2026-33165 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33165 :
NixOS vulnerability analysis and mitigation
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctb_info.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay constant but Log2CtbSizeY changes, causing set_SliceHeaderIndex to index past the allocated image metadata array and write 2 bytes past the end of a heap allocation. This issue has been patched in version 1.0.17.
Source : NVD
## 5
Score
Published March 20, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/
Wiz
CVE-2026-2803 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-2803 [HIGH] CVE-2026-2803 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2803 :
NixOS vulnerability analysis and mitigation
Information disclosure, mitigation bypass in the Settings UI component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
Source : NVD
## 7.5
Score
Published February 24, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:mozilla:firefox
cpe:2.3:a:mozilla:thunderbird
Sources
Homebrew Severity HIGH Has Fix Added at: Mar 03, 2026
Nix Severity HIGH Has Fix Added at: Mar 03, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added at: Mar 02, 2026
Linux Severi
Wiz
CVE-2026-33725 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33725 [MEDIUM] CVE-2026-33725 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33725 :
NixOS vulnerability analysis and mitigation
POST /api/ee/serialization/import
INIT
Source : NVD
## 7.2
Score
Published March 27, 2026
Severity HIGH
CNA Score 7.2
Affected Technologies
NixOS
Metabase
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 57.3
Exploitation Probability (EPSS) 0.3
Affected packages and libraries
cpe:2.3:a:metabase:metabase
metabase
Sources
Homebrew Severity HIGH Has Fix Added at: Apr 05, 2026
Nix Severity HIGH Has Fix Added at: Apr 05, 2026
Linux Severity HIGH Has Fix Added at: Mar 29, 2026
Windows Severity HIGH Has Fix Added at: Mar 29, 2026
Linux Severity HIGH Has Fix Added at: Apr 05, 2026
Windows Severity HIGH Has Fix Added at
Wiz
CVE-2026-2806 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2026-2806 [CRITICAL] CVE-2026-2806 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2806 :
NixOS vulnerability analysis and mitigation
Uninitialized memory in the Graphics: Text component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
Source : NVD
## 9.1
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:mozilla:firefox
cpe:2.3:a:mozilla:thunderbird
Sources
Homebrew Severity CRITICAL Has Fix Added at: Mar 03, 2026
Nix Severity CRITICAL Has Fix Added at: Mar 03, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added at: Mar 02, 2026
Linux Severity CRITI
Wiz
CVE-2026-20988 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2026-20988 [MEDIUM] CVE-2026-20988 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20988 :
NixOS vulnerability analysis and mitigation
Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability.
Source : NVD
## 6.8
Score
Published March 16, 2026
Severity MEDIUM
CNA Score 6.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 22, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you ca
Wiz
CVE-2026-22857 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2026-22857 [MEDIUM] CVE-2026-22857 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22857 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on the error path. This vulnerability is fixed in 3.20.1.
Source : NVD
## 6.8
Score
Published January 14, 2026
Severity MEDIUM
CNA Score 6.8
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 24.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
libfreerdp2
freerdp2
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21 Severity CRITICA
Wiz
CVE-2026-24742 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-24742 [MEDIUM] CVE-2026-24742 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24742 :
NixOS vulnerability analysis and mitigation
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and secrets, API key details, site setting changes, private message content, restricted category names and structures, and private chat channel titles. This allows moderators to bypass intended access controls and extract confidential data by monitoring the staff action logs. With leaked webhook secrets, an attacker could potentially spoof webhook events to integrated services. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1,
Wiz
CVE-2026-21894 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-21894 [MEDIUM] CVE-2026-21894 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21894 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stripe webhook signing secret when registering the webhook endpoint, but incoming webhook requests were not verified against this secret. As a result, any HTTP client that knows the webhook URL could send a POST request containing a matching event type, causing the workflow to execute as if a legitimate Stripe event had been received. This issue affects n8n users who have active workflows using the Stripe Trigger node. An attacker could
Wiz
CVE-2026-26747 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2026-26747 [CRITICAL] CVE-2026-26747 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26747 :
NixOS vulnerability analysis and mitigation
A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, combined with the default misconfiguration where the "app.force_url" is not set and default is "false". The application generates absolute URLs (such as those used in password reset emails) using the user-supplied Host header. This allows remote attackers to poison the password reset link sent to a victim,
Source : NVD
## 9.1
Score
Published February 20, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 23
Expl
Wiz
CVE-2026-30792 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2026-30792 [CRITICAL] CVE-2026-30792 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30792 :
NixOS vulnerability analysis and mitigation
A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files src/hbbs_http/sync.Rs, hbb_common/src/config.Rs and program routines Strategy merge loop in sync.Rs, Config::set_options().
This issue affects RustDesk Client: through 1.4.5.
Source : NVD
## 9.1
Score
Published March 5, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Per
Wiz
CVE-2025-33249 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-33249 [HIGH] CVE-2025-33249 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-33249 :
NixOS vulnerability analysis and mitigation
NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Source : NVD
## 7.8
Score
Published February 18, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
nemo
Sources
NVD
Nix Severity HIGH Has Fix Added at: Feb 24, 2026
## Get a C
Wiz
CVE-2026-31962 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-31962 [HIGH] CVE-2026-31962 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31962 :
NixOS vulnerability analysis and mitigation
cram_decode_seq()
Source : NVD
## 8.8
Score
Published March 18, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
bcftools
bcftools-debugsource
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Mar 19, 2026
Echo Severity HIGH No Fix Added at: Mar 19, 2026
Homebrew Severity HIGH Has Fix Added at: Mar 20, 2026
Nix Severity HIGH Has Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's
Wiz
CVE-2025-20803 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2025-20803 [MEDIUM] CVE-2025-20803 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20803 :
NixOS vulnerability analysis and mitigation
In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10199779; Issue ID: MSV-4504.
Source : NVD
## 6.7
Score
Published January 6, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a prioritiz
Wiz
CVE-2026-26999 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-26999 [HIGH] CVE-2026-26999 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26999 :
NixOS vulnerability analysis and mitigation
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing TLS handshake on TCP routers. When Traefik processes a TLS connection on a TCP router, the read deadline used to bound protocol sniffing is cleared before the TLS handshake is completed. When a TLS handshake read error occurs, the code attempts a second handshake with different connection parameters, silently ignoring the initial error. A remote unauthenticated client can exploit this by sending an incomplete TLS record and stopping further data transmission, causing the TLS handshake to stall indefinitely and holding connections open. By opening many such stalled connections in para
Wiz
CVE-2019-25355 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2019-25355 [HIGH] CVE-2019-25355 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2019-25355 :
NixOS vulnerability analysis and mitigation
gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal sequences.
Source : NVD
## 8.7
Score
Published February 18, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 84.3
Exploitation Probability (EPSS) 2.2
Affected packages and libraries
gsoap
Sources
NVD
Echo Severity HIGH No Fix Added at: Feb 21, 2026
Homebrew Se
Wiz
CVE-2026-20973 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-20973 [MEDIUM] CVE-2026-20973 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20973 :
NixOS vulnerability analysis and mitigation
Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory.
Source : NVD
## 9.1
Score
Published January 9, 2026
Severity CRITICAL
CNA Score 5.3
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity CRITICAL No Fix Added at: Feb 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Wiz
CVE-2026-24745 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.7
CVE-2026-24745 [MEDIUM] CVE-2026-24745 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24745 :
NixOS vulnerability analysis and mitigation
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the upload Login Logo functions of InvoicePlane version 1.7.0. In the Upload Login Logo, the application allows uploading svg files. Although administrator privileges are required to exploit it, this is still considered a critical vulnerability as it can cause actions such as unauthorized modification of application data, creation of persistent backdoors through stored malicious scripts, and full compromise of the application's integrity. Version 1.7.1 patches the issue.
Source : NVD
## 7.5
Score
Published February 18, 2026
Severity HIGH
CNA Score 5.7
Affecte
Wiz
CVE-2025-15534 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2025-15534 [MEDIUM] CVE-2025-15534 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15534 :
NixOS vulnerability analysis and mitigation
A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. The manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The identifier of the patch is 5a3391fdce046bc5473e52afbd835dd2dc127146. It is suggested to install a patch to address this issue.
Source : NVD
## 4.8
Score
Published January 18, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.9
Exploitation Probability (E
Wiz
CVE-2026-23738 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.5
CVE-2026-23738 [LOW] CVE-2026-23738 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23738 :
NixOS vulnerability analysis and mitigation
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. The endpoint at GET /httpstatus is the potential vulnerable endpoint relating to asterisk/main /http.c. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.
Source : NVD
## 6.1
Score
Published February 6, 2026
Severity MEDIUM
CNA Score 3.5
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation
Wiz
CVE-2026-2350 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-2350 [MEDIUM] CVE-2026-2350 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2350 :
NixOS vulnerability analysis and mitigation
Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.
Source : NVD
## 6.5
Score
Published February 20, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
interact
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Mar 03, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologie
Wiz
CVE-2026-20440 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2026-20440 [MEDIUM] CVE-2026-20440 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20440 :
NixOS vulnerability analysis and mitigation
In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431968; Issue ID: MSV-5824.
Source : NVD
## 6.7
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a pr
Wiz
CVE-2026-4723 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-4723 [MEDIUM] CVE-2026-4723 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4723 :
NixOS vulnerability analysis and mitigation
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
Source : NVD
## 9.8
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firefox
thunderbird
Sources
Chainguard Has Fix Added at: Mar 29, 2026
Homebrew Severity CRITICAL Has Fix Added at: Mar 26, 2026
Nix Severity CRITICAL Has Fix Added at: Mar 26, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added at: Mar 29, 2026
Linux Severity CRI
Wiz
CVE-2026-25595 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-25595 [MEDIUM] CVE-2026-25595 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25595 :
NixOS vulnerability analysis and mitigation
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject malicious JavaScript that executes when any administrator views the affected invoice or visits the dashboard. Version 1.7.1 patches the issue.
Source : NVD
## 4.8
Score
Published February 18, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
Wiz
CVE-2026-3054 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-3054 [MEDIUM] CVE-2026-3054 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3054 :
NixOS vulnerability analysis and mitigation
A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Source : NVD
## 5.3
Score
Published February 24, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
sogo
Sources
NVD
Debian 11, 12, 13 Seve
Wiz
CVE-2026-22852 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2026-22852 [MEDIUM] CVE-2026-22852 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22852 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input (AUDIN) format lists. audin_process_formats reuses callback->formats_count across multiple MSG_SNDIN_FORMATS PDUs and writes past the newly allocated formats array, causing memory corruption and a crash. This vulnerability is fixed in 3.20.1.
Source : NVD
## 6.8
Score
Published January 14, 2026
Severity MEDIUM
CNA Score 6.8
Affected Technologies
NixOS
Alma Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 24.8
Exploitation
Wiz
CVE-2026-26271 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-26271 [MEDIUM] CVE-2026-26271 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26271 :
NixOS vulnerability analysis and mitigation
freerdp_image_copy_from_icon_data()
Source : NVD
## 5.5
Score
Published February 25, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
libwinpr-debuginfo
libwinpr-devel
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23, edge Severity MEDIUM Has Fix Added at: Mar 02, 2026
Chainguard Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Mar 02, 2026
Debian 14 Severity MEDIUM Has Fix Added at: Mar 0
Wiz
CVE-2026-4692 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4692 [HIGH] CVE-2026-4692 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4692 :
NixOS vulnerability analysis and mitigation
Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 10
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.6
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firefox
firefox-x11
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix Added at: Mar 29, 2026
Debian 1
Wiz
CVE-2026-33644 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33644 [MEDIUM] CVE-2026-33644 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33644 :
NixOS vulnerability analysis and mitigation
PhotoUrlRule.php
filter_var($host, FILTER_VALIDATE_IP)
false
Source : NVD
## 2.3
Score
Published March 26, 2026
Severity LOW
CNA Score 2.3
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
lychee
Sources
NVD
Chainguard Has Fix Added at: Mar 29, 2026
Homebrew Severity MEDIUM Has Fix Added at: Apr 02, 2026
Nix Severity MEDIUM Has Fix Added at: Apr 02, 2026
Wolfi Has Fix Added at: Mar 29, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, n
Wiz
CVE-2024-43766 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2024-43766 [MEDIUM] CVE-2024-43766 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2024-43766 :
NixOS vulnerability analysis and mitigation
In multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to Invalid error handling. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 6.5
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 05, 2026
## Get a CVE risk assessment
Get a pr
Wiz
CVE-2026-33427 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33427 [MEDIUM] CVE-2026-33427 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33427 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an unauthenticated attacker can cause a legitimate Discourse authorization page to display an attacker-controlled domain, facilitating social engineering attacks against users. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.
Source : NVD
## 2.7
Score
Published March 21, 2026
Severity LOW
CNA Score 2.7
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
Wiz
CVE-2026-26265 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-26265 [HIGH] CVE-2026-26265 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26265 :
NixOS vulnerability analysis and mitigation
user_field_ids
DirectoryItemsController#index
show_on_profile
show_on_user_card
UserCardSerializer
Guardian#allowed_user_field_ids
GET /directory_items.json?period=all&user_field_ids=
user_field_ids
UserField.public_fields
enable_user_directory
Source : NVD
## 7.5
Score
Published February 26, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discourse
Sources
Nix Severity HIGH No Fix Added at: Mar 03, 2026
Linux Severity HIGH Has Fix Add
Wiz
CVE-2026-2032 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-2032 [MEDIUM] CVE-2026-2032 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2032 :
NixOS vulnerability analysis and mitigation
Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability affects Firefox for iOS < 147.2.1.
Source : NVD
## 4.3
Score
Published February 16, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firefox
cpe:2.3:a:mozilla:firefox
Sources
Alpine 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23, edge
Wiz
CVE-2026-25643 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2026-25643 [CRITICAL] CVE-2026-25643 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25643 :
NixOS vulnerability analysis and mitigation
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution (RCE) vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream configuration (config.yaml), allowing direct injection of system commands via the exec: directive. The go2rtc service executes these commands without restrictions. This vulnerability is only exploitable by an administrator or users who have exposed their Frigate install to the open internet with no authentication which allows anyone full administrative control. This vulnerability is fixed in 0.16.4.
Source : NVD
## 9.1
Score
Publis
Wiz
CVE-2026-0887 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-0887 [MEDIUM] CVE-2026-0887 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0887 :
NixOS vulnerability analysis and mitigation
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
Source : NVD
## 4.3
Score
Published January 13, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
rhel10::firefox-flatpak.src
firefox-debuginfo
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Feb 11, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Jan 20, 2026
Debian 11, 12, 13, 14 Severi
Wiz
CVE-2026-28364 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.9
CVE-2026-28364 [HIGH] CVE-2026-28364 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28364 :
NixOS vulnerability analysis and mitigation
In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.
Source : NVD
## 7.8
Score
Published February 27, 2026
Severity HIGH
CNA Score 7.9
Affected Technologies
NixOS
CBL Mariner
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
ocaml-runtime-deb
Wiz
CVE-2023-53937 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.5
CVE-2023-53937 [HIGH] CVE-2023-53937 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-53937 :
NixOS vulnerability analysis and mitigation
Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL using Metasploit and place it in the system32 directory to obtain a reverse shell during application startup.
Source : NVD
## 8.5
Score
Published December 18, 2025
Severity HIGH
CNA Score 8.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
hubstaff
Sources
NVD
Homebrew Severity HIGH No Fix Added at: Jan 18, 2026
Nix
Wiz
CVE-2025-15538 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2025-15538 [MEDIUM] CVE-2025-15538 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15538 :
NixOS vulnerability analysis and mitigation
A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. This and similar defects are tracked and handled via issue #6128.
Source : NVD
## 4.8
Score
Published January 18, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.3
Exploitation
Wiz
CVE-2026-0017 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2026-0017 [HIGH] CVE-2026-0017 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0017 :
NixOS vulnerability analysis and mitigation
In onChange of BiometricService.java, there is a possible way to enable fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 7.7
Score
Published March 2, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of C
Wiz
CVE-2026-32113 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32113 [MEDIUM] CVE-2026-32113 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32113 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the enter action in StaticController reads the sso_destination_url cookie and redirects to it with allow_other_host: true without validating the destination URL. While this cookie is normally set during legitimate DiscourseConnect Provider flows with cryptographically validated SSO payloads, cookies are client-controlled and can be set by attackers. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.
Source : NVD
## 5.1
Score
Published March 31, 2026
Severity MEDIUM
CNA Score 5.1
Affected Technologies
NixOS
Discourse
Ha
Wiz
CVE-2026-33423 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33423 [MEDIUM] CVE-2026-33423 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33423 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, staff can modify any user's group notification level. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.
Source : NVD
## 1.3
Score
Published March 20, 2026
Severity LOW
CNA Score 1.3
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
discourse
cpe:2.3:a:discourse:discourse
Sources
Nix Severity MEDIUM No Fix Added at: Mar 29, 2026
Linux Severity MEDIU
Wiz
CVE-2025-66646 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.7
CVE-2025-66646 [LOW] CVE-2025-66646 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66646 :
NixOS vulnerability analysis and mitigation
gnrc_ipv6_ext_frag
Source : NVD
## 1.7
Score
Published December 17, 2025
Severity LOW
CNA Score 1.7
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 45.5
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
riot
Sources
NVD
Nix Severity HIGH No Fix Added at: Jan 23, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published date
CVE-2026-4370
CRITICAL
10
Ni
Wiz
CVE-2026-33636 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.6
CVE-2026-33636 [HIGH] CVE-2026-33636 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33636 :
NixOS vulnerability analysis and mitigation
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Ne
Wiz
CVE-2026-31869 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-31869 [MEDIUM] CVE-2026-31869 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31869 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerController#mentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying allowed_names referencing a hidden-membership group and probing arbitrary usernames, an attacker can infer membership based on whether user_reasons returns "private" for a given user. This bypasses group member-visibility controls. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. To work around this issue, restrict the messageable policy of any hidden-membership group to staff or group members only, so untrusted users cannot reach the vulnerable code path.
Sour
Wiz
CVE-2025-56333 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-56333 [CRITICAL] CVE-2025-56333 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-56333 :
NixOS vulnerability analysis and mitigation
An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component
Source : NVD
## 9.8
Score
Published December 29, 2025
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 47.6
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
pangolin
Sources
NVD
Homebrew Severity CRITICAL Has Fix Added at: Feb 21, 2026
Nix Severity CRITICAL Has Fix Added at: Jan 11, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, n
Wiz
CVE-2025-61146 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.0
CVE-2025-61146 [MEDIUM] CVE-2025-61146 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61146 :
NixOS vulnerability analysis and mitigation
saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c.
Source : NVD
## 4
Score
Published February 23, 2026
Severity MEDIUM
CNA Score 4.0
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libsixel
libsixel-debuginfo
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM No Fix Added at: Feb 24, 2026
Echo Severity MEDIUM No Fix Added at: Feb 24, 2026
Homebrew Severity MEDIUM Has Fix Added at: Mar 03, 2026
Nix Severity MEDIUM Has Fix Added at: Mar 03, 2026
## Get a
Wiz
CVE-2025-67500 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.7
CVE-2025-67500 [LOW] CVE-2025-67500 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67500 :
NixOS vulnerability analysis and mitigation
Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a given status exists by sending a request with a non-English Accept-Language header. Using this behavior, an attacker who knows the identifier of a particular status they are not allowed to see can confirm whether this status exists or not. This cannot be used to learn the contents of the status or any other property besides its existence. This issue is fixed in versions 4.2.28, 4.3.15, 4.4.10 and 4.5.3.
Source : NVD
## 3.7
Score
Published December 10, 2025
Severity LO
Wiz
CVE-2026-27950 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-27950 [HIGH] CVE-2026-27950 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27950 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the SDL2 implementation, the fix appears to have been applied only to the SDL3 code path. In the SDL2 implementation, the pointer is not nulled after free. This creates a situation where the advisory suggests the vulnerability is fully resolved, while builds or environments still using SDL2 may retain the vulnerable logic. A complete fix is available in version 3.23.0.
Source : NVD
## 5.5
Score
Published February 25, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixO
Wiz
CVE-2026-23739 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.0
CVE-2026-23739 [LOW] CVE-2026-23739 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23739 :
NixOS vulnerability analysis and mitigation
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the ast_xml_open() function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing. Specifically, it invokes xmlReadFile() with the XML_PARSE_NOENT flag and later processes XIncludes via xmlXIncludeProcess().If any untrusted or user-supplied XML file is passed to this function, it can allow an attacker to trigger XML External Entity (XXE) or XInclude-based local file disclosure, potentially exposing sensitive files from the host system. This can also be triggered in other cases in which the user is able to supply inpu
Wiz
CVE-2025-48602 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2025-48602 [HIGH] CVE-2025-48602 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48602 :
NixOS vulnerability analysis and mitigation
In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 8.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessmen
Wiz
CVE-2025-20779 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.0
CVE-2025-20779 [HIGH] CVE-2025-20779 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20779 :
NixOS vulnerability analysis and mitigation
In display, there is a possible use after free due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184084; Issue ID: MSV-4720.
Source : NVD
## 7
Score
Published January 6, 2026
Severity HIGH
CNA Score 7.0
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a prioritized v
Wiz
CVE-2025-15031 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2025-15031 [CRITICAL] CVE-2025-15031 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15031 :
NixOS vulnerability analysis and mitigation
tarfile.extractall
..
Source : NVD
## 9.1
Score
Published March 18, 2026
Severity CRITICAL
CNA Score 8.1
Affected Technologies
NixOS
MLflow
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 30.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
mlflow
Sources
NVD
pip Severity HIGH Has Fix Added at: Mar 20, 2026
Nix Severity CRITICAL No Fix Added at: Mar 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA
Wiz
CVE-2025-11261 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2025-11261 [MEDIUM] CVE-2025-11261 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-11261 :
NixOS vulnerability analysis and mitigation
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Language/mediawiki.Language.Js.
This issue affects MediaWiki: from * before 1.39.15, 1.43.5, 1.44.2.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM Has Fix Added at: N
Wiz
CVE-2025-66720 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-66720 [HIGH] CVE-2025-66720 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66720 :
NixOS vulnerability analysis and mitigation
Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/ampolicy.go in function HandleDeletePoliciesPolAssoId.
Source : NVD
## 7.5
Score
Published January 23, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
pcf
Sources
NVD
Nix Severity HIGH No Fix Added at: Feb 12, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Wiz
CVE-2026-0020 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2026-0020 [HIGH] CVE-2026-0020 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0020 :
NixOS vulnerability analysis and mitigation
In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent dialog to obtain permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 8.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessme
Wiz
CVE-2026-20969 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.3
CVE-2026-20969 [LOW] CVE-2026-20969 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20969 :
NixOS vulnerability analysis and mitigation
Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability.
Source : NVD
## 2.3
Score
Published January 9, 2026
Severity LOW
CNA Score 2.3
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Jan 19, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just wha
Wiz
CVE-2025-14323 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-14323 [HIGH] CVE-2025-14323 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14323 :
NixOS vulnerability analysis and mitigation
Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
Source : NVD
## 8.8
Score
Published December 9, 2025
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.7
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
MozillaThunderbird-translations-other
rhel10::thunderbird-flatpak
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Dec 12, 2025
AlmaLinux 9 Severity HIGH Has Fix Added at: Dec 12, 2025
Wiz
CVE-2025-62166 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-62166 [HIGH] CVE-2025-62166 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-62166 :
NixOS vulnerability analysis and mitigation
FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is bypassed. Usually only the default user's feed should be viewable if anonymous viewing is enabled, and feeds of other users should be private. This vulnerability is fixed in 1.28.0.
Source : NVD
## 7.5
Score
Published March 9, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 35.6
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
freshrss
Sources
NVD
Nix Severity HIGH Has Fix Added at: Mar 16,
Wiz
CVE-2025-15269 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-15269 [HIGH] CVE-2025-15269 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15269 :
NixOS vulnerability analysis and mitigation
FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SFD files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28564.
Source : NVD
## 8.8
Score
Published December 31, 2025
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Wiz
CVE-2025-15059 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-15059 [HIGH] CVE-2025-15059 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15059 :
NixOS vulnerability analysis and mitigation
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28232.
Source : NVD
## 7.8
Score
Published January 23, 2026
Severity HIGH
CNA Score 7.8
Affected Tec
Wiz
CVE-2025-69278 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-69278 [HIGH] CVE-2025-69278 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69278 :
NixOS vulnerability analysis and mitigation
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Source : NVD
## 7.5
Score
Published March 9, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 42.2
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 10, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Ni
Wiz
CVE-2026-33952 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-33952 [MEDIUM] CVE-2026-33952 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33952 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated auth_length field read from the network triggers a WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks(), causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABRT. This is a pre-authentication denial of service affecting all FreeRDP clients using RPC-over-HTTP gateway transport. The assertion is active in default release builds (WITH_VERBOSE_WINPR_ASSERT=ON). This issue has been patched in version 3.24.2.
Source : NVD
## 6
Score
Published March 30, 2026
Severity MEDIUM
CNA Score 6.0
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA
Wiz
CVE-2025-12840 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-12840 [HIGH] CVE-2025-12840 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-12840 :
NixOS vulnerability analysis and mitigation
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of EXR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27948.
Source : NVD
## 7.8
Score
Publishe
Wiz
CVE-2025-60538 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-60538 [MEDIUM] CVE-2025-60538 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-60538 :
NixOS vulnerability analysis and mitigation
A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack.
Source : NVD
## 6.5
Score
Published January 9, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
shiori
github.com/go-shiori/shiori
Sources
NVD
GoLang Severity MEDIUM No Fix Added at: Jan 13, 2026
Homebrew Severity MEDIUM No Fix Added at: Jan 23, 2026
Nix Severity MEDIUM No Fix Added at: Jan 23, 2026
## Get a CVE risk assessment
Get a
Wiz
CVE-2026-27976 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-27976 [HIGH] CVE-2026-27976 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27976 :
NixOS vulnerability analysis and mitigation
async_tar::Archive::unpack
writeable_path_from_extension
escape -> /
Source : NVD
## 8.8
Score
Published February 26, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
zed
Sources
NVD
Chainguard Has Fix Added at: Mar 02, 2026
Homebrew Severity HIGH Has Fix Added at: Mar 09, 2026
Nix Severity HIGH Has Fix Added at: Mar 09, 2026
Wolfi Has Fix Added at: Mar 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploita
Wiz
CVE-2026-26984 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-26984 [HIGH] CVE-2026-26984 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26984 :
NixOS vulnerability analysis and mitigation
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with sufficient privileges can exploit a path traversal vulnerability to upload a malicious file to an arbitrary location on the server. Once uploaded, the file can be used to achieve remote code execution (RCE). An attacker must be authenticated and have the appropriate permissions to exploit this issue. If the server is configured as read-only, remote code execution (RCE) is not possible; however, the malicious file upload may still be achievable. This problem is fixed in LORIS v26.0.5 and above, v27
Wiz
CVE-2026-31966 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-31966 [MEDIUM] CVE-2026-31966 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31966 :
NixOS vulnerability analysis and mitigation
cram_decode_seq()
MD
Source : NVD
## 6.9
Score
Published March 18, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
htslib
Sources
NVD
Debian 11, 12, 13, 14 Severity CRITICAL No Fix Added at: Mar 19, 2026
Echo Severity CRITICAL No Fix Added at: Mar 19, 2026
Homebrew Severity CRITICAL Has Fix Added at: Mar 20, 2026
Nix Severity CRITICAL Has Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's ex
Wiz
CVE-2025-62224 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-62224 [MEDIUM] CVE-2025-62224 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-62224 :
NixOS vulnerability analysis and mitigation
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network.
Source : NVD
## 3.5
Score
Published January 7, 2026
Severity LOW
CNA Score 5.5
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.7
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
edge
Sources
NVD
Nix Severity LOW Has Fix Added at: Feb 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilit
Wiz
CVE-2026-31969 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2026-31969 [HIGH] CVE-2026-31969 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31969 :
NixOS vulnerability analysis and mitigation
BYTE_ARRAY_STOP
cram_byte_array_stop_decode_char()
Source : NVD
## 7.1
Score
Published March 18, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
htslib
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Mar 19, 2026
Echo Severity HIGH No Fix Added at: Mar 19, 2026
Homebrew Severity HIGH Has Fix Added at: Mar 20, 2026
Nix Severity HIGH Has Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus
Wiz
CVE-2026-27935 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-27935 [MEDIUM] CVE-2026-27935 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27935 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a vulnerability in an API endpoint that discloses private topic metadata of admin users to moderator users even if the moderators do not have access to the private topics. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.
Source : NVD
## 6.9
Score
Published March 19, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.3
Exploitation Probability (EPSS) N/A
Affected packages and librarie
Wiz
CVE-2026-22780 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.4
CVE-2026-22780 [MEDIUM] CVE-2026-22780 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22780 :
NixOS vulnerability analysis and mitigation
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2.
Source : NVD
## 6.1
Score
Published February 2, 2026
Severity MEDIUM
CNA Score 4.4
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
rizin
Sources
NVD
Homebrew Severity MEDIUM Has Fix Added at: Feb 24, 2026
Nix Severity MEDIUM Has Fix Added at: Feb 2
Wiz
CVE-2025-61638 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2025-61638 [MEDIUM] CVE-2025-61638 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61638 :
NixOS vulnerability analysis and mitigation
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, src/Core/Sanitizer.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Parsoid: from * before 0.16.6, 0.20.4, 0.21.1.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
NixOS
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediaw
Wiz
CVE-2025-33252 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-33252 [HIGH] CVE-2025-33252 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-33252 :
NixOS vulnerability analysis and mitigation
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Source : NVD
## 7.8
Score
Published February 18, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 42.2
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
nemo
Sources
NVD
Nix Severity HIGH Has Fix Added at: Feb 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can fo
Wiz
CVE-2026-31801 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2026-31801 [HIGH] CVE-2026-31801 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31801 :
NixOS vulnerability analysis and mitigation
zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot’s dist-spec authorization middleware infers the required action for PUT /v2/{name}/manifests/{reference} as create by default, and only switches to update when the tag already exists and reference != "latest". As a result, when latest already exists, a user who is allowed to create (but not allowed to update) can still pass the authorization check for an overwrite attempt of latest. This vulnerability is fixed in 2.1.15.
Source : NVD
## 7.7
Score
Published March 10, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
Wiz
CVE-2026-1417 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-1417 [MEDIUM] CVE-2026-1417 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1417 :
NixOS vulnerability analysis and mitigation
A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: f96bd57c3ccdcde4335a0be28cd3e8fe296993de. Applying a patch is the recommended action to fix this issue.
Source : NVD
## 4.8
Score
Published January 26, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.4
Exploitation Proba
Wiz
CVE-2026-30853 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-30853 [CRITICAL] CVE-2026-30853 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30853 :
NixOS vulnerability analysis and mitigation
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook (.rb) input plugin (src/calibre/ebooks/rb/reader.py) allows an attacker to write arbitrary files to any path writable by the calibre process when a user opens or converts a crafted .rb file. This is the same bug class fixed in CVE-2026-26065 for the PDB readers, but the fix was never applied to the RB reader. This vulnerability is fixed in 9.5.0.
Source : NVD
## 8.2
Score
Published March 13, 2026
Severity HIGH
CNA Score 5.0
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Da
Wiz
CVE-2026-4727 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-4727 [MEDIUM] CVE-2026-4727 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4727 :
NixOS vulnerability analysis and mitigation
Denial-of-service in the Libraries component in NSS. This vulnerability affects Firefox < 149 and Thunderbird < 149.
Source : NVD
## 7.5
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mozilla:thunderbird
firefox
Sources
Chainguard Has Fix Added at: Mar 29, 2026
Homebrew Severity HIGH Has Fix Added at: Mar 29, 2026
Nix Severity HIGH Has Fix Added at: Mar 29, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added at: Mar 29, 2026
Linux Severi
Wiz
CVE-2026-26986 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-26986 [MEDIUM] CVE-2026-26986 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26986 :
NixOS vulnerability analysis and mitigation
rail_window_free
xfAppWindow
HashTable_Free
xf_rail_window_common
free(appWindow)
railWindows
Source : NVD
## 5.5
Score
Published February 25, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 22.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
freerdp3
freerdp2
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22 Severity HIGH No Fix Added at: Mar 02, 2026
Chainguard Has Fix Added at: Mar 02, 2026
Debian 11 Severity HIGH No Fix Added at: Mar 02, 2026
Debian 12, 13 Severity MED
Wiz
CVE-2025-14423 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-14423 [HIGH] CVE-2025-14423 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14423 :
NixOS vulnerability analysis and mitigation
GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of LBM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28311.
Source : NVD
## 7.8
Score
Published December 23, 2025
Severity HIGH
CNA Score 7.8
Affected
Wiz
CVE-2025-14556 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2025-14556 [MEDIUM] CVE-2025-14556 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14556 :
NixOS vulnerability analysis and mitigation
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Flag allows Cross-Site Scripting (XSS).This issue affects Flag: from 7.X-3.0 through 7.X-3.9.
Source : NVD
## 4.8
Score
Published January 14, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
flag
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Jan 26, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitab
Wiz
CVE-2026-0879 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-0879 [CRITICAL] CVE-2026-0879 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0879 :
NixOS vulnerability analysis and mitigation
Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
Source : NVD
## 9.8
Score
Published January 13, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
rhel10::thunderbird-flatpak
MozillaThunderbird-openpgp-librnp
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Feb 11, 2026
AlmaLinux 9 Severity HIGH Has Fix Added
Wiz
CVE-2026-32694 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32694 [MEDIUM] CVE-2026-32694 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32694 :
NixOS vulnerability analysis and mitigation
In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the same secret owner to different grantees, allowing them to use the resources granted by those past secrets. Successful exploitation relies on a very specific configuration, specific data semantic, and the administrator having the need to deploy at least two different applications, one of them controlled by the attacker.
Source : NVD
## 6.6
Score
Published March 18, 2026
Severity MEDIUM
CNA Score 6.6
Affected Technologies
Nix
Wiz
CVE-2025-53443 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2025-53443 [HIGH] CVE-2025-53443 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-53443 :
NixOS vulnerability analysis and mitigation
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Smash smash allows PHP Local File Inclusion.This issue affects Smash: from n/a through <= 1.7.
Source : NVD
## 8.1
Score
Published December 18, 2025
Severity HIGH
CNA Score 8.1
Affected Technologies
NixOS
WordPress
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 38.5
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
smash
Sources
NVD
Nix Severity HIGH No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can
Wiz
CVE-2026-2920 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-2920 [HIGH] CVE-2026-2920 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2920 :
NixOS vulnerability analysis and mitigation
GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the processing of stream headers within ASF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28843.
Source : NVD
## 7.8
Score
Published March 16, 2026
S
Wiz
CVE-2026-27112 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.4
CVE-2026-27112 [CRITICAL] CVE-2026-27112 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27112 :
NixOS vulnerability analysis and mitigation
Kargo manages and automates the promotion of software artifacts. From 1.7.0 to before v1.7.8, v1.8.11, and v1.9.3, the batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST API accept multi-document YAML payloads. Specially crafted payloads can manifest a bug present in the logic of both endpoints to inject arbitrary resources (of specific types only) into the underlying namespace of an existing Project using the API server's own permissions when that behavior was not intended. Critically, an attacker may exploit this as a vector for elevating their own permissions, which can then be leveraged to achieve remote code execution or secret exfiltration. Exfiltrated artifact repository credentials can b
Wiz
CVE-2025-66647 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.7
CVE-2025-66647 [LOW] CVE-2025-66647 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66647 :
NixOS vulnerability analysis and mitigation
gnrc_ipv6_ext_frag
Source : NVD
## 1.7
Score
Published December 17, 2025
Severity LOW
CNA Score 1.7
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 67.7
Exploitation Probability (EPSS) 0.5
Affected packages and libraries
riot
Sources
NVD
Nix Severity CRITICAL No Fix Added at: Jan 23, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published date
CVE-2026-4370
CRITICAL
10
Wiz
CVE-2026-1466 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.1
CVE-2026-1466 [MEDIUM] CVE-2026-1466 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1466 :
NixOS vulnerability analysis and mitigation
Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image (except for image/svg+xml, see CVE-2022-30110, CVE-2024-12326 and CVE-2025-7066), video and audio. However, it was possible to bypass this check by sending a manipulated HTTP request with an invalid MIME type like image. When doing the preview, the browser tries to automatically detect the MIME type resulting in detecting SVG and possibly executing JavaScript code. To prevent this, MIME sniffing is disabled by sending the HTTP header X-Content-Ty
Wiz
CVE-2025-15273 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-15273 [HIGH] CVE-2025-15273 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15273 :
NixOS vulnerability analysis and mitigation
FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PFB files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-28546.
Source : NVD
## 8.8
Score
Published December 31, 2025
Severity HIGH
CNA
Wiz
CVE-2026-4720 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-4720 [CRITICAL] CVE-2026-4720 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4720 :
NixOS vulnerability analysis and mitigation
Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 9.8
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mo
Wiz
CVE-2026-1979 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-1979 [MEDIUM] CVE-2026-1979 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1979 :
NixOS vulnerability analysis and mitigation
A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been published and may be used. This patch is called e50f15c1c6e131fa7934355eb02b8173b13df415. It is advisable to implement a patch to correct this issue.
Source : NVD
## 4.8
Score
Published February 6, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.1
Exploitation Probability (EPSS) N/A
Affe
Wiz
CVE-2026-27596 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.7
CVE-2026-27596 [LOW] CVE-2026-27596 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27596 :
NixOS vulnerability analysis and mitigation
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8.
Source : NVD
## 2.7
Score
Published March 2, 2026
Severity LOW
CNA Score 2.7
Affected Technologies
NixOS
Alma Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.3
Expl
Wiz
CVE-2026-1440 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-1440 [MEDIUM] CVE-2026-1440 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1440 :
NixOS vulnerability analysis and mitigation
Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the '/system/pipelines/' endpoint.
Source : NVD
## 5.3
Score
Published February 18, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Has Public Exploit No
Has
Wiz
CVE-2026-27153 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.3
CVE-2026-27153 [LOW] CVE-2026-27153 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27153 :
NixOS vulnerability analysis and mitigation
can_export_entity?
Source : NVD
## 1.3
Score
Published February 26, 2026
Severity LOW
CNA Score 1.3
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
discourse
cpe:2.3:a:discourse:discourse
Sources
Nix Severity LOW No Fix Added at: Mar 03, 2026
Linux Severity LOW Has Fix Added at: Mar 02, 2026
Linux Severity LOW Has Fix Added at: Mar 03, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnera
Wiz
CVE-2025-64528 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
CVE-2025-64528 [MEDIUM] CVE-2025-64528 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-64528 :
NixOS vulnerability analysis and mitigation
enable_names
Source : NVD
## 6.3
Score
Published December 30, 2025
Severity MEDIUM
CNA Score 6.3
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discourse
Sources
Nix Severity MEDIUM No Fix Added at: Feb 24, 2026
Linux Severity MEDIUM Has Fix Added at: Dec 31, 2025
Linux Severity MEDIUM Has Fix Added at: Feb 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS
Wiz
CVE-2026-32811 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2026-32811 [HIGH] CVE-2026-32811 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32811 :
NixOS vulnerability analysis and mitigation
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. When using Heimdall in envoy gRPC decision API mode with versions 0.7.0-alpha through 0.17.10, wrong encoding of the query URL string allows rules with non-wildcard path expressions to be bypassed. Envoy splits the requested URL into parts, and sends the parts individually to Heimdall. Although query and path are present in the API, the query field is documented to be always empty and the URL query is included in the path field. The implementation uses go's url library to reconstruct the url which automatically encodes special characters in the path. As a consequence, a parameter like /mypath?foo=bar to Path is escaped into /mypath%3Ffoo=bar
Wiz
CVE-2026-33320 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33320 [MEDIUM] CVE-2026-33320 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33320 :
NixOS vulnerability analysis and mitigation
UnmarshalYAML
yaml.Node.Alias
Source : NVD
## 6.2
Score
Published March 24, 2026
Severity MEDIUM
CNA Score 6.2
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
vale
dasel
Sources
NVD
Chainguard Has Fix Added at: Mar 20, 2026
GoLang Severity MEDIUM Has Fix Added at: Mar 20, 2026
Homebrew Severity MEDIUM Has Fix Added at: Mar 29, 2026
Nix Severity MEDIUM Has Fix Added at: Mar 29, 2026
Wolfi Has Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can
Wiz
CVE-2026-0535 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2026-0535 [HIGH] CVE-2026-0535 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0535 :
NixOS vulnerability analysis and mitigation
A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
Source : NVD
## 8.1
Score
Published January 22, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
fusion
Sources
NVD
Nix Severity HIGH Has Fix Added at: Feb 0
Wiz
CVE-2026-25848 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2026-25848 [CRITICAL] CVE-2026-25848 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25848 :
NixOS vulnerability analysis and mitigation
In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
Source : NVD
## 9.8
Score
Published February 9, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
NixOS
JetBrains Hub
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:jetbrains:hub
hub
Sources
Homebrew Severity CRITICAL Has Fix Added at: Feb 20, 2026
Nix Severity CRITICAL Has Fix Added at: Feb 20, 2026
Windows Severity CRITICAL Has Fix Added at: Feb 10, 2026
Windows Severity CRITICAL Has Fix Added at: Feb 20, 2026
## Ge
Wiz
CVE-2026-30891 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-30891 [MEDIUM] CVE-2026-30891 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30891 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a user could access another user's private activity due to insufficient authorization checks in the user actions endpoint. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch.
Source : NVD
## 5.3
Score
Published March 20, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discourse
Sources
Nix Severity MEDIUM No Fix Added a
Wiz
CVE-2026-32691 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32691 [MEDIUM] CVE-2026-32691 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32691 :
NixOS vulnerability analysis and mitigation
A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated as another unit agent can claim ownership of a known secret. This leads to the attacking unit being able to read the content of the initial secret revision.
Source : NVD
## 5.3
Score
Published March 18, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.6
Exploitation Probabil
Wiz
CVE-2026-29072 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2026-29072 [HIGH] CVE-2026-29072 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-29072 :
NixOS vulnerability analysis and mitigation
policy_enabled
Source : NVD
## 8.2
Score
Published March 19, 2026
Severity HIGH
CNA Score 8.2
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
discourse
cpe:2.3:a:discourse:discourse
Sources
Nix Severity HIGH No Fix Added at: Mar 24, 2026
Linux Severity HIGH Has Fix Added at: Mar 20, 2026
Linux Severity HIGH Has Fix Added at: Mar 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabil
Wiz
CVE-2026-0968 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-0968 [CRITICAL] CVE-2026-0968 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0968 :
NixOS vulnerability analysis and mitigation
SSH_FXP_NAME
Source : NVD
## 9.8
Score
Published March 26, 2026
Severity CRITICAL
CNA Score 3.1
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.1
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
libssh
libssh4
Sources
NVD
Chainguard No Fix Added at: Apr 05, 2026
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Feb 12, 2026
Debian 14 Severity CRITICAL Has Fix Added at: Feb 12, 2026
Echo Severity CRITICAL No Fix Added at: Feb 12, 2026
Homebrew Severity CRITICAL No Fix Added at: Apr 06, 2026
MinimOS Severity CRITICAL Has Fix Added at: Apr 05, 2026
Nix Seve
Wiz
CVE-2025-34468 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2025-34468 [HIGH] CVE-2025-34468 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-34468 :
NixOS vulnerability analysis and mitigation
libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentially achieve remote code execution depending on compiler options and runtime memory protections. Exploitation requires the proxy logic to be enabled (i.e., the proxy request handling code path in an application using libcoap).
Source : NVD
## 8.2
Score
Published December 31, 2025
Severity HIGH
CNA Score 8.2
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KE
Wiz
CVE-2025-69646 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-69646 [MEDIUM] CVE-2025-69646 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69646 :
NixOS vulnerability analysis and mitigation
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.
Source : NVD
## 5.5
Score
Published March 6, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Ex
Wiz
CVE-2025-66038 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.9
CVE-2025-66038 [LOW] CVE-2025-66038 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66038 :
NixOS vulnerability analysis and mitigation
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag (high nibble) and value length (low nibble). With a 1-byte buffer {0x0A}, the encoded element claims tag=0 and length=10 but no value bytes follow. Calling sc_compacttlv_find_tag with search tag 0x00 returns a pointer equal to buf+1 and outlen=10 without verifying that the claimed value length fits within the remaining buffer. In cases where the sc_compacttlv_find_tag is provided untrusted data (such as being read from cards/files), attackers may be able to influence it to return out-of-bounds pointers leading to downstream memor
Wiz
CVE-2026-25884 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.7
CVE-2026-25884 [LOW] CVE-2026-25884 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25884 :
NixOS vulnerability analysis and mitigation
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8.
Source : NVD
## 2.7
Score
Published March 2, 2026
Severity LOW
CNA Score 2.7
Affected Technologies
NixOS
Alma Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
exiv2-debugsource
media-gfx/exiv2
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.
Wiz
CVE-2026-23743 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-23743 [MEDIUM] CVE-2026-23743 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23743 :
NixOS vulnerability analysis and mitigation
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources (private topics, categories, posts, or hidden tags) were redirecting users to URLs containing the resource slug, even when the user didn't have access to view the resource. This leaked potentially sensitive information (e.g., private topic titles) via the redirect Location header and the 404 page's search box. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds are available.
Source : NVD
## 6.9
Score
Published January 28, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Discourse
Has Public E
Wiz
CVE-2026-2769 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-2769 [HIGH] CVE-2026-2769 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2769 :
NixOS vulnerability analysis and mitigation
Use-after-free in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 8.8
Score
Published February 24, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
firefox
rhel10::firefox-flatpak
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13, 14 Severity HIGH Has
Wiz
CVE-2026-33416 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33416 [MEDIUM] CVE-2026-33416 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33416 :
NixOS vulnerability analysis and mitigation
png_set_tRNS
png_set_PLTE
png_struct
png_info
trans_alpha
palette
png_set_tRNS
png_ptr->trans_alpha = info_ptr->trans_alpha
png_set_PLTE
info_ptr->palette = png_ptr->palette
png_free_data
PNG_FREE_TRNS
PNG_FREE_PLTE
info_ptr
png_ptr
png_set_tRNS
png_set_PLTE
png_free_data
info_ptr
Source : NVD
## 7.5
Score
Published March 26, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
OpenJDK JDK
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
java-1.8.0-openjdk-src-slowdebug
java-17-openjdk-headless
Sources
NVD
Alpine 3.20
Wiz
CVE-2026-25805 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.4
CVE-2026-25805 [MEDIUM] CVE-2026-25805 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25805 :
NixOS vulnerability analysis and mitigation
Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used without the user having a chance to notice it. Patched in Zed Editor 0.219.4 which includes expandable tool call details.
Source : NVD
## 8
Score
Published February 10, 2026
Severity HIGH
CNA Score 6.4
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.1
Exploitation Probability (EPSS) 0.1
Affected p
Wiz
CVE-2026-31900 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-31900 [HIGH] CVE-2026-31900 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31900 :
NixOS vulnerability analysis and mitigation
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, use_pyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct URL reference to a malicious repository. This could lead to arbitrary code execution in the context of the GitHub Action. Attackers could then gain access to secrets or permissions available in the context of the action. Version 26.3.0 fixes this vulnerability.
Source : NVD
## 8.7
Score
Published March 11, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit
Wiz
CVE-2025-20801 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.0
CVE-2025-20801 [HIGH] CVE-2025-20801 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20801 :
NixOS vulnerability analysis and mitigation
In seninf, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10251210; Issue ID: MSV-4926.
Source : NVD
## 7
Score
Published January 6, 2026
Severity HIGH
CNA Score 7.0
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a prioritized
Wiz
CVE-2026-23961 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23961 [MEDIUM] CVE-2026-23961 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23961 :
NixOS vulnerability analysis and mitigation
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows server administrators to suspend remote users to prevent interactions. However, some logic errors allow already-known posts from such suspended users to appear in timelines if boosted. Furthermore, under certain circumstances, previously-unknown posts from suspended users can be processed. This issue allows old posts from suspended users to occasionally end up on timelines on all Mastodon versions. Additionally, on Mastodon versions from v4.5.0 to v4.5.4, v4.4.5 to v4.4.11, v4.3.13 to v4.3.17, and v4.2.26 to v4.2.29, remote suspended users can partially bypass the suspension to get new posts in. Mastodon versions v4.5.5, v4.4.12, v4.3
Wiz
CVE-2025-14921 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-14921 [HIGH] CVE-2025-14921 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14921 :
NixOS vulnerability analysis and mitigation
Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25424.
Source : NVD
## 7.8
Score
Published December 2
Wiz
CVE-2025-68663 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2025-68663 [MEDIUM] CVE-2025-68663 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68663 :
NixOS vulnerability analysis and mitigation
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates after their account has been suspended. This vulnerability is fixed in 1.1.0.
Source : NVD
## 6.9
Score
Published February 11, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.2
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
outline
Sou
Wiz
CVE-2026-3847 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-3847 [MEDIUM] CVE-2026-3847 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3847 :
NixOS vulnerability analysis and mitigation
Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148.0.2.
Source : NVD
## 8.8
Score
Published March 10, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firefox
cpe:2.3:a:mozilla:firefox
Sources
Alpine 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23, edge Sev
Wiz
CVE-2026-27590 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.9
CVE-2026-27590 [HIGH] CVE-2026-27590 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27590 :
NixOS vulnerability analysis and mitigation
strings.ToLower()
SCRIPT_NAME
SCRIPT_FILENAME
PATH_INFO
.php
Source : NVD
## 8.9
Score
Published February 24, 2026
Severity HIGH
CNA Score 8.9
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 52
Exploitation Probability (EPSS) 0.3
Affected packages and libraries
caddy
github.com/caddyserver/caddy/v2
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23, edge Severity CRITICAL Has Fix Added at: Mar 02, 2026
Chainguard Has Fix Added at: Feb 24, 2026
Debian 12, 13 Severity CRITICAL No Fix Added at: Feb 24, 2026
Echo Severity CRITI
Wiz
CVE-2026-32309 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32309 [MEDIUM] CVE-2026-32309 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32309 :
NixOS vulnerability analysis and mitigation
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over plaintext HTTP or other insecure endpoint combinations. An active network attacker can tamper with or observe this traffic. Even when the vault key is encrypted for the device, bearer tokens and endpoint-level trust decisions are still exposed to downgrade and interception. This issue has been patched in version 1.19.1.
Source : NVD
## 8.7
Score
Published March 20, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Wiz
CVE-2026-25766 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-25766 [MEDIUM] CVE-2026-25766 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25766 :
NixOS vulnerability analysis and mitigation
middleware.Static
middleware/static.go
path.Clean
path.Clean
\
..\
currentFS.Open(...)
defaultFS
os.Open
echo.go:792
os.Open
\
..\
Source : NVD
## 5.3
Score
Published February 19, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
github.com/labstack/echo/v5
github.com/labstack/echo
Sources
NVD
GoLang Severity MEDIUM Has Fix Added at: Feb 18, 2026
Nix Severity MEDIUM Has Fix Added at: Feb 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud
Wiz
CVE-2025-14021 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2025-14021 [MEDIUM] CVE-2025-14021 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14021 :
NixOS vulnerability analysis and mitigation
The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content.
Source : NVD
## 4.3
Score
Published December 15, 2025
Severity MEDIUM
CNA Score 4.3
Affected Technologies
NixOS
Line
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
line
cpe:2.3:a:linecorp:line
Sources
Nix Severity MEDIUM Has Fix Added at: Dec 21, 2025
Windows Severity MEDIUM
Wiz
CVE-2026-22859 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.6
CVE-2026-22859 [MEDIUM] CVE-2026-22859 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22859 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, causing an out‑of‑bounds read. This vulnerability is fixed in 3.20.1.
Source : NVD
## 5.6
Score
Published January 14, 2026
Severity MEDIUM
CNA Score 5.6
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 24.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
uwac0-devel
libwinpr
Sources
NVD
AlmaLinux 8 Severity HI
Wiz
CVE-2026-24845 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-24845 [MEDIUM] CVE-2026-24845 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24845 :
NixOS vulnerability analysis and mitigation
WWW-Authenticate
Source : NVD
## 6.5
Score
Published January 29, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
github.com/chainguard-dev/malcontent
malcontent
Sources
NVD
GoLang Severity MEDIUM Has Fix Added at: Jan 30, 2026
Homebrew Severity MEDIUM Has Fix Added at: Feb 24, 2026
Nix Severity MEDIUM Has Fix Added at: Feb 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
Wiz
CVE-2026-3081 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-3081 [HIGH] CVE-2026-3081 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3081 :
NixOS vulnerability analysis and mitigation
GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of decoding units. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28839.
Source : NVD
## 7.8
Score
Published March 16, 2026
Severity HIG
Wiz
CVE-2026-31972 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-31972 [MEDIUM] CVE-2026-31972 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31972 :
NixOS vulnerability analysis and mitigation
mpileup
Source : NVD
## 6.9
Score
Published March 18, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
samtools
Sources
NVD
Debian 11, 12, 13, 14 Severity LOW No Fix Added at: Mar 19, 2026
Echo Severity CRITICAL No Fix Added at: Mar 19, 2026
Homebrew Severity CRITICAL Has Fix Added at: Mar 20, 2026
Nix Severity CRITICAL Has Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not ju
Wiz
CVE-2026-30892 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-30892 [MEDIUM] CVE-2026-30892 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30892 :
NixOS vulnerability analysis and mitigation
crun exec
-u
--user
1
Source : NVD
## 7.8
Score
Published March 26, 2026
Severity HIGH
CNA Score N/A
Affected Technologies
NixOS
Alma Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
crun-krun
crun-wasm
Sources
NVD
AlmaLinux 9 Severity MEDIUM Has Fix Added at: Apr 06, 2026
Alpine 3.23 Severity HIGH Has Fix Added at: Mar 29, 2026
Alpine edge Severity HIGH Has Fix Added at: Mar 26, 2026
Debian 13 Severity MEDIUM No Fix Added at: Mar 29, 2026
Debian 14 Severity HIGH Has Fix Added at: Mar 29, 2026
Homebrew Severity HIGH Has Fix Added at
Wiz
CVE-2026-3084 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-3084 [HIGH] CVE-2026-3084 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3084 :
NixOS vulnerability analysis and mitigation
GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of picture partitions. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28910.
Source : NVD
## 7.8
Score
Published March 16, 2026
Severity HIGH
CNA Sco
Wiz
CVE-2026-3257 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-3257 [MEDIUM] CVE-2026-3257 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3257 :
NixOS vulnerability analysis and mitigation
UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library.
UnQLite for Perl embeds the UnQLite library. Version 0.06 and earlier of the Perl module uses a version of the library from 2014 that may be vulnerable to a heap-based overflow.
Source : NVD
## 9.8
Score
Published March 5, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.1
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
unqlite
Sources
NVD
Nix Severity CRITICAL Has Fix Added at: Mar 09, 2026
## Get a CVE risk assessment
Get a prio
Wiz
CVE-2025-33243 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-33243 [HIGH] CVE-2025-33243 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-33243 :
NixOS vulnerability analysis and mitigation
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Source : NVD
## 7.8
Score
Published February 18, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 43.9
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
nemo
Sources
NVD
Nix Severity HIGH Has Fix Added at: Feb 24, 2026
## Get a CVE risk assessment
Get a prioritized view
Wiz
CVE-2026-33425 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33425 [MEDIUM] CVE-2026-33425 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33425 :
NixOS vulnerability analysis and mitigation
exclude_groups
Source : NVD
## 6.9
Score
Published March 21, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.2
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discourse
Sources
Nix Severity MEDIUM No Fix Added at: Mar 26, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 21, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 26, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS v
Wiz
CVE-2026-21959 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.9
CVE-2026-21959 [MEDIUM] CVE-2026-21959 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21959 :
NixOS vulnerability analysis and mitigation
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Workflow accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).
Source : NVD
## 4.9
Score
Published January 20, 2026
Severity MEDIUM
CNA Score 4.9
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release
Wiz
CVE-2025-66865 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-66865 [HIGH] CVE-2025-66865 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66865 :
NixOS vulnerability analysis and mitigation
An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
Source : NVD
## 7.5
Score
Published December 29, 2025
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 22.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
binutils
gcc-toolset-14-binutils-gold
Sources
NVD
Chainguard No Fix Added at: Jan 15, 2026
Debian 11, 12, 13, 14 Severity LOW No Fix Added at: Dec 30, 2025
Echo Severity HIGH Has Fix Added at: Dec 30, 2025
Homebrew Sever
Wiz
CVE-2026-2967 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
CVE-2026-2967 [MEDIUM] CVE-2026-2967 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2967 :
NixOS vulnerability analysis and mitigation
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net_builtin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Source : NVD
## 6.3
Score
Published February 23, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Relea
Wiz
CVE-2026-23883 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2026-23883 [HIGH] CVE-2026-23883 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23883 :
NixOS vulnerability analysis and mitigation
xf_Pointer_New
cursorPixels
pointer_free
xf_Pointer_Free
Source : NVD
## 7.7
Score
Published January 19, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 39.2
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
freerdp3
libfreerdp2-2
Sources
NVD
AlmaLinux 8 Severity HIGH Has Fix Added at: Feb 08, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Feb 11, 2026
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23 Severity CRITICAL Has Fix Added at: Jan 29, 2026
Alpine edge Severity CRITICA
Wiz
CVE-2026-20983 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2026-20983 [HIGH] CVE-2026-20983 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20983 :
NixOS vulnerability analysis and mitigation
Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Samsung Dialer privilege.
Source : NVD
## 8.4
Score
Published February 4, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Feb 08, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
Wiz
CVE-2026-31831 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-31831 [HIGH] CVE-2026-31831 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31831 :
NixOS vulnerability analysis and mitigation
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /newsletter/image/images API endpoint is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem. This issue has been patched in version 2.17.0.
Source : NVD
## 8.7
Score
Published March 30, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 22.7
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
tautulli
Sources
NVD
Nix Severity HIGH Has Fix Added at: Apr 05, 202
Wiz
CVE-2025-14329 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-14329 [HIGH] CVE-2025-14329 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14329 :
NixOS vulnerability analysis and mitigation
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
Source : NVD
## 8.8
Score
Published December 9, 2025
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
MozillaFirefox-translations-common
cpe:2.3:a:mozilla:firefox_esr
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Dec 12, 2025
AlmaLinux 9 Severity HIGH Has Fix Added at: Dec 12, 2025
Debian 11, 12, 13, 14 Severity
Wiz
CVE-2026-27969 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-27969 [CRITICAL] CVE-2026-27969 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27969 :
NixOS vulnerability analysis and mitigation
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that files in the manifest — which may be files that they have also added to the manifest and backup contents — are written to any accessible location on restore. This is a common path traversal security issue. This can be used to provide that attacker with unintended/unauthorized access to the production deployment environment — allowing them to access information available in that environment as well as run any additional arbitrary commands there. Versions 23.0.3 and 22.0.4 contain a patch. No kno
Wiz
CVE-2025-68479 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2025-68479 [HIGH] CVE-2025-68479 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68479 :
NixOS vulnerability analysis and mitigation
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription endpoints lack proper checking for ownership before making changes. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds are available.
Source : NVD
## 5.3
Score
Published January 28, 2026
Severity MEDIUM
CNA Score 7.1
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discourse
Sources
Nix Severity MEDIUM H
Wiz
CVE-2026-26065 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-26065 [CRITICAL] CVE-2026-26065 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26065 :
NixOS vulnerability analysis and mitigation
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file writes with arbitrary extension and arbitrary content anywhere the user has write permissions. Files are written in 'wb' mode, silently overwriting existing files. This can lead to potential code execution and Denial of Service through file corruption. This issue has been fixed in version 9.3.0.
Source : NVD
## 9.3
Score
Published February 20, 2026
Severity CRITICAL
CNA Score 9.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CIS
Wiz
CVE-2026-1679 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.3
CVE-2026-1679 [HIGH] CVE-2026-1679 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1679 :
NixOS vulnerability analysis and mitigation
eswifi->buf
Source : NVD
## 7.8
Score
Published March 28, 2026
Severity HIGH
CNA Score 7.3
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
zephyr
Sources
NVD
Nix Severity HIGH No Fix Added at: Apr 05, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published date
CVE-2026-4370
CRITICAL
10
NixOS
juj
Wiz
CVE-2026-23962 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-23962 [HIGH] CVE-2026-23962 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23962 :
NixOS vulnerability analysis and mitigation
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote posts, allowing attackers to create polls with a very large amount of options, greatly increasing resource consumption. Depending on the number of poll options, an attacker can cause disproportionate resource usage in both Mastodon servers and clients, potentially causing Denial of Service either server-side or client-side. Mastodon versions v4.5.5, v4.4.12, v4.3.18 are patched.
Source : NVD
## 7.5
Score
Published January 22, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mastodon
Has Public Exploit No
Wiz
CVE-2025-40898 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.2
CVE-2025-40898 [HIGH] CVE-2025-40898 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40898 :
NixOS vulnerability analysis and mitigation
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary paths, altering the device configuration and/or affecting its availability.
Source : NVD
## 7.2
Score
Published December 18, 2025
Severity HIGH
CNA Score 7.2
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 30.2
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
guardian
Sources
NVD
Nix
Wiz
CVE-2026-27454 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-27454 [MEDIUM] CVE-2026-27454 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27454 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, requesting /posts/:id.json?version=X bypassed authorization checks on post revisions. The display_post method called post.revert_to directly without verifying whether the revision was hidden or if the user had permission to view edit history. This meant hidden revisions (intentionally concealed by staff) could be read by any user by simply enumerating version numbers. Starting in versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, Discourse looks up the PostRevision and call guardian.ensure_can_see! before reverting, consistent with how the /posts/:id/revisions/:revision endpoint already authorizes access. No known w
Wiz
CVE-2026-24491 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2026-24491 [HIGH] CVE-2026-24491 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24491 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, video_timer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. This vulnerability is fixed in 3.22.0.
Source : NVD
## 7.7
Score
Published February 9, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
NixOS
Alma Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libfreerdp-server-proxy3-3
librdtk0-0
Sources
NVD
AlmaLinux 9 Severity HIGH Has Fix Added at: Apr 02, 2026
Alpine 3.1
Wiz
CVE-2025-40892 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2025-40892 [HIGH] CVE-2025-40892 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40892 :
NixOS vulnerability analysis and mitigation
A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a malicious report template. When the victim views or imports the report, the XSS executes in their browser context, allowing the attacker to perform unauthorized actions as the victim, such as modify application data, disrupt application availability, and access limited sensitive information.
Source : NVD
## 7.1
Score
Published December 18, 2025
Severity HIGH
CNA Score 7.1
Affected Technologies
NixOS
Has Public Exploit No
Wiz
CVE-2026-0533 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2026-0533 [HIGH] CVE-2026-0533 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0533 :
NixOS vulnerability analysis and mitigation
A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
Source : NVD
## 8.1
Score
Published January 22, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
fusion
Sources
NVD
Nix Sev
Wiz
CVE-2026-24675 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2026-24675 [HIGH] CVE-2026-24675 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24675 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urb_select_interface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusb_udev_select_interface. This vulnerability is fixed in 3.22.0.
Source : NVD
## 7.7
Score
Published February 9, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
NixOS
Alma Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libwinpr-devel
freerdp2-proxy
Sources
NVD
AlmaLinux 9 Severity HIGH Has Fix Added at: Apr 02, 2026
Wiz
CVE-2026-1174 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-1174 [MEDIUM] CVE-2026-1174 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1174 :
NixOS vulnerability analysis and mitigation
A vulnerability was determined in birkir prime up to 0.4.0.beta.0. This affects an unknown function of the file /graphql of the component GraphQL Alias Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Source : NVD
## 5.5
Score
Published January 19, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 38.6
Exploitation Probability (EPSS) 0.2
Affected pa
Wiz
CVE-2025-20807 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2025-20807 [MEDIUM] CVE-2025-20807 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-20807 :
NixOS vulnerability analysis and mitigation
In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114841; Issue ID: MSV-4451.
Source : NVD
## 6.7
Score
Published January 6, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Jan 12, 2026
## Get a CVE risk assessment
Get a pri
Wiz
CVE-2025-70305 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-70305 [MEDIUM] CVE-2025-70305 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-70305 :
NixOS vulnerability analysis and mitigation
A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .saf file.
Source : NVD
## 5.5
Score
Published January 15, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gpac
Sources
NVD
Debian 11 Severity MEDIUM No Fix Added at: Jan 18, 2026
Homebrew Severity MEDIUM No Fix Added at: Jan 26, 2026
Nix Severity MEDIUM No Fix Added at: Jan 26, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in yo
Wiz
CVE-2026-33410 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33410 [MEDIUM] CVE-2026-33410 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33410 :
NixOS vulnerability analysis and mitigation
target_groups
can_chat?
chat_enabled
last_message
Source : NVD
## 5.4
Score
Published March 19, 2026
Severity MEDIUM
CNA Score 5.4
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
discourse
cpe:2.3:a:discourse:discourse
Sources
Nix Severity MEDIUM No Fix Added at: Mar 26, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 20, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 26, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not jus
Wiz
CVE-2026-2758 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2758 [CRITICAL] CVE-2026-2758 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2758 :
NixOS vulnerability analysis and mitigation
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:mozilla:firefox_esr
rhel10::thunderbird-flatpak
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12,
Wiz
CVE-2026-25955 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-25955 [MEDIUM] CVE-2026-25955 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25955 :
NixOS vulnerability analysis and mitigation
xf_AppUpdateWindowFromSurface
XImage
data
gdi_DeleteSurface
surface->data
appWindow->image
Source : NVD
## 5.5
Score
Published February 25, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 22.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
freerdp-debuginfo
freerdp-debugsource
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23, edge Severity CRITICAL Has Fix Added at: Mar 02, 2026
Chainguard Has Fix Added at: Mar 02, 2026
Debian 11, 13 Severity CRITICAL No Fix Added at
Wiz
CVE-2026-2791 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2791 [CRITICAL] CVE-2026-2791 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2791 :
NixOS vulnerability analysis and mitigation
Mitigation bypass in the Networking: Cache component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
rhel10::firefox-flatpak.src
MozillaThunderbird
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13, 14 Severity CRITICAL Ha
Wiz
CVE-2026-1418 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-1418 [MEDIUM] CVE-2026-1418 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1418 :
NixOS vulnerability analysis and mitigation
A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Such manipulation leads to out-of-bounds write. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The name of the patch is 10c73b82cf0e367383d091db38566a0e4fe71772. It is best practice to apply a patch to resolve this issue.
Source : NVD
## 4.8
Score
Published January 26, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percenti
Wiz
CVE-2026-1224 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.9
CVE-2026-1224 [MEDIUM] CVE-2026-1224 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1224 :
NixOS vulnerability analysis and mitigation
Tanium addressed an uncontrolled resource consumption vulnerability in Discover.
Source : NVD
## 6.5
Score
Published January 26, 2026
Severity MEDIUM
CNA Score 4.9
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
discover
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Mar 10, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV
Wiz
CVE-2026-28219 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.3
CVE-2026-28219 [LOW] CVE-2026-28219 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28219 :
NixOS vulnerability analysis and mitigation
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST request, a regular user can elevate a topic’s status to a site-wide notice or banner, bypassing intended administrative restrictions. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. There are no practical workarounds to prevent this behavior other than applying the security patch. Administrators concerned about unauthorized promotions should audit recent changes to site banners and global notices until the fix is deployed.
S
Wiz
CVE-2025-67083 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-67083 [MEDIUM] CVE-2025-67083 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67083 :
NixOS vulnerability analysis and mitigation
Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration.
Source : NVD
## 5.3
Score
Published January 15, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 22
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
invoiceplane
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Jan 23, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus o
Wiz
CVE-2026-27571 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.9
CVE-2026-27571 [MEDIUM] CVE-2026-27571 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27571 :
NixOS vulnerability analysis and mitigation
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS message but did not independently bound the memory consumption of the memory stream when constructing a NATS message which might then fail validation for size reasons. An attacker can use a compression bomb to cause excessive memory consumption, often resulting in the operating system terminating the server process. The use of compression is negotiated before authentication, so this does not require valid NATS credentials to exploit.
Wiz
CVE-2025-69648 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.2
CVE-2025-69648 [MEDIUM] CVE-2025-69648 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69648 :
NixOS vulnerability analysis and mitigation
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a non-terminating output loop that requires manual interruption. No evidence of memory corruption or code execution was observed.
Source : NVD
## 6.2
Score
Published March 9, 2026
Severity MEDIUM
CNA Score 6.2
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3
Exploitation Probability (EPSS) N/A
Wiz
CVE-2025-14860 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-14860 [CRITICAL] CVE-2025-14860 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14860 :
NixOS vulnerability analysis and mitigation
Use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 146.0.1.
Source : NVD
## 9.8
Score
Published December 18, 2025
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20.7
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
firefox
cpe:2.3:a:mozilla:firefox
Sources
Alpine 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, edge Severity CRITICAL No Fix Added at: Dec 31, 2025
Alpine 3.22, 3.23 Severity CRITICAL No Fix Added at: Jan 28, 2026
Homebrew Severity CRITICAL Has Fix Added
Wiz
CVE-2026-24676 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2026-24676 [HIGH] CVE-2026-24676 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24676 :
NixOS vulnerability analysis and mitigation
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin->format, leading to a use after free in audio_format_compatible. This vulnerability is fixed in 3.22.0.
Source : NVD
## 7.7
Score
Published February 9, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
NixOS
Alma Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
freerdp-libs
freerdp-server-debuginfo
Sources
NVD
AlmaLinux 9 Severity HIGH Has Fix Added at:
Wiz
CVE-2025-66866 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-66866 [HIGH] CVE-2025-66866 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66866 :
NixOS vulnerability analysis and mitigation
An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
Source : NVD
## 7.5
Score
Published December 29, 2025
Severity HIGH
CNA Score 5.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mingw-binutils-generic
gcc-toolset-14-binutils-devel
Sources
NVD
Chainguard No Fix Added at: Jan 15, 2026
Debian 11, 12, 13, 14 Severity LOW No Fix Added at: Dec 30, 2025
Echo Severity HIGH Has Fix Added at: Dec 30, 2025
Homebrew
Wiz
CVE-2026-4694 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4694 [HIGH] CVE-2026-4694 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4694 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 7.5
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
rhel10::thunderbird-flatpak
cpe:2.3:a:mozilla:firefox
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Wiz
CVE-2026-24882 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2026-24882 [HIGH] CVE-2026-24882 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24882 :
NixOS vulnerability analysis and mitigation
In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.
Source : NVD
## 7.8
Score
Published January 27, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
GNU Privacy Guard
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
dirmngr
gpg2-lang
Sources
CBL-Mariner 2.0 Severity HIGH Has Fix Added at: Mar 02, 2026
CBL-Mariner 3.0 Severity HIGH Has Fix Added at: Feb 12, 2026
Chainguard Has Fix Added at: Jan 28, 2026
Debian 11, 14 Severity HIGH No Fi
Wiz
CVE-2026-4688 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4688 [HIGH] CVE-2026-4688 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4688 :
NixOS vulnerability analysis and mitigation
Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 10
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.6
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaFirefox-translations-common
MozillaThunderbird-translations-other
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 20
Wiz
CVE-2026-2766 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2766 [CRITICAL] CVE-2026-2766 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2766 :
NixOS vulnerability analysis and mitigation
Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firefox-x11
rhel10::thunderbird-flatpak.src
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13, 14 Severity CRITICAL Has
Wiz
CVE-2026-33147 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33147 [MEDIUM] CVE-2026-33147 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33147 :
NixOS vulnerability analysis and mitigation
GMT is an open source collection of command-line tools for manipulating geographic and Cartesian data sets. In versions from 6.6.0 and prior, a stack-based buffer overflow vulnerability was identified in the gmt_remote_dataset_id function within src/gmt_remote.c. This issue occurs when a specially crafted long string is passed as a dataset identifier (e.g., via the which module), leading to a crash or potential arbitrary code execution. This issue has been patched via commit 0ad2b49.
Source : NVD
## 7.8
Score
Published March 20, 2026
Severity HIGH
CNA Score 7.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Proba
Wiz
CVE-2026-4722 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-4722 [MEDIUM] CVE-2026-4722 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4722 :
NixOS vulnerability analysis and mitigation
Privilege escalation in the IPC component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
Source : NVD
## 8.8
Score
Published March 24, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
thunderbird
firefox
Sources
Chainguard Has Fix Added at: Mar 29, 2026
Homebrew Severity HIGH Has Fix Added at: Mar 26, 2026
Nix Severity HIGH Has Fix Added at: Mar 26, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added at: Mar 29, 2026
Linux Severity HIGH Has Fix Added at:
Wiz
CVE-2025-15330 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-15330 [HIGH] CVE-2025-15330 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15330 :
NixOS vulnerability analysis and mitigation
Tanium addressed an improper input validation vulnerability in Deploy.
Source : NVD
## 8.8
Score
Published February 5, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
deploy
Sources
NVD
Nix Severity HIGH Has Fix Added at: Feb 11, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has
Wiz
CVE-2026-26104 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-26104 [MEDIUM] CVE-2026-26104 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26104 :
NixOS vulnerability analysis and mitigation
A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.
Source : NVD
## 5.5
Score
Published February 25, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Rocky Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1
Wiz
CVE-2025-48567 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-48567 [HIGH] CVE-2025-48567 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48567 :
NixOS vulnerability analysis and mitigation
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Source : NVD
## 7.8
Score
Published March 2, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk asse
Wiz
CVE-2025-68933 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2025-68933 [MEDIUM] CVE-2025-68933 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68933 :
NixOS vulnerability analysis and mitigation
moderators_change_post_ownership
moderators_change_post_ownership
Source : NVD
## 5.4
Score
Published January 28, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
discourse
cpe:2.3:a:discourse:discourse
Sources
Nix Severity MEDIUM Has Fix Added at: Feb 02, 2026
Linux Severity MEDIUM Has Fix Added at: Jan 29, 2026
Linux Severity MEDIUM Has Fix Added at: Feb 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exp
Wiz
CVE-2026-33408 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33408 [MEDIUM] CVE-2026-33408 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33408 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators were able to see the first 40 characters of post edits in PMs and private categories. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.
Source : NVD
## 2.7
Score
Published March 19, 2026
Severity LOW
CNA Score 2.2
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
discourse
cpe:2.3:a:discourse:discourse
Sources
Nix Severity LOW No Fix Adde
Wiz
CVE-2025-70299 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-70299 [MEDIUM] CVE-2025-70299 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-70299 :
NixOS vulnerability analysis and mitigation
A heap overflow in the avi_parse_input_file() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file.
Source : NVD
## 6.5
Score
Published January 15, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gpac
Sources
NVD
Debian 11 Severity MEDIUM No Fix Added at: Jan 18, 2026
Homebrew Severity MEDIUM No Fix Added at: Feb 02, 2026
Nix Severity MEDIUM No Fix Added at: Feb 02, 2026
## Get a CVE risk assessment
Get a prioritized view of
Wiz
CVE-2026-4691 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4691 [HIGH] CVE-2026-4691 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4691 :
NixOS vulnerability analysis and mitigation
Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 9.8
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
MozillaThunderbird-translations-common
rhel10::thunderbird-flatpak
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2
Wiz
CVE-2026-0011 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2026-0011 [HIGH] CVE-2026-0011 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0011 :
NixOS vulnerability analysis and mitigation
In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from working due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 8.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prio
Wiz
CVE-2026-24476 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-24476 [MEDIUM] CVE-2026-24476 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24476 :
NixOS vulnerability analysis and mitigation
"
Source : NVD
## 5.3
Score
Published January 26, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
shaarli
Sources
NVD
Debian 12, 13, 14 Severity MEDIUM Has Fix Added at: Jan 27, 2026
Echo Severity MEDIUM Has Fix Added at: Jan 27, 2026
Nix Severity MEDIUM Has Fix Added at: Feb 19, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE I
Wiz
CVE-2026-24901 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2026-24901 [HIGH] CVE-2026-24901 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24901 :
NixOS vulnerability analysis and mitigation
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users, including administrators. By bypassing ownership validation during the restore process, an attacker can access sensitive private information and effectively lock the original owner out of their own content. Version 1.4.0 fixes the issue.
Source : NVD
## 8.8
Score
Published March 17, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
Wiz
CVE-2018-25220 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2018-25220 [CRITICAL] CVE-2018-25220 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2018-25220 :
NixOS vulnerability analysis and mitigation
Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malicious payload with 1200 bytes of padding followed by a return-oriented programming chain to overwrite the instruction pointer and execute shell commands with application privileges.
Source : NVD
## 9.3
Score
Published March 28, 2026
Severity CRITICAL
CNA Score 9.3
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 24.9
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
boch
Wiz
CVE-2026-21972 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-21972 [MEDIUM] CVE-2026-21972 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21972 :
NixOS vulnerability analysis and mitigation
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Configurator accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Source : NVD
## 5.3
Score
Published January 20, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Oracle Configurator
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV
Wiz
CVE-2026-26077 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-26077 [MEDIUM] CVE-2026-26077 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26077 :
NixOS vulnerability analysis and mitigation
WebhooksController
sendgrid_verification_key
mailjet_webhook_token
postmark_webhook_token
sparkpost_webhook_token
Source : NVD
## 6.5
Score
Published February 26, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 26.7
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discourse
Sources
Nix Severity MEDIUM No Fix Added at: Mar 03, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 02, 2026
Linux Severity MEDIUM Has Fix Added at: Mar 03, 2026
## Get a CVE risk assessment
Get a prioritized view
Wiz
CVE-2025-67231 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.9
CVE-2025-67231 [MEDIUM] CVE-2025-67231 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67231 :
NixOS vulnerability analysis and mitigation
A reflected cross-site scripting (XSS) vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload.
Source : NVD
## 5.9
Score
Published January 23, 2026
Severity MEDIUM
CNA Score 5.9
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
builder
Sources
NVD
Nix Severity MEDIUM Has Fix Added at: Jan 30, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's liste
Wiz
CVE-2025-60050 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2025-60050 [HIGH] CVE-2025-60050 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-60050 :
NixOS vulnerability analysis and mitigation
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Panda panda allows PHP Local File Inclusion.This issue affects Panda: from n/a through <= 1.21.
Source : NVD
## 8.2
Score
Published December 18, 2025
Severity HIGH
CNA Score 8.2
Affected Technologies
NixOS
WordPress
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
panda
Sources
NVD
Homebrew Severity HIGH No Fix Added at: Jan 18, 2026
Nix Severity HIGH No Fix Added at: Jan 18, 2026
## Get a CVE risk assessment
Wiz
CVE-2026-0861 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2026-0861 [HIGH] CVE-2026-0861 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0861 :
NixOS vulnerability analysis and mitigation
Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.
Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.
Typically the alignment argument passed to such functions is a known cons
Wiz
CVE-2026-1170 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-1170 [MEDIUM] CVE-2026-1170 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1170 :
NixOS vulnerability analysis and mitigation
A vulnerability was detected in birkir prime up to 0.4.0.beta.0. This issue affects some unknown processing of the file /graphql of the component GraphQL API. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Source : NVD
## 5.5
Score
Published January 19, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.2
Exploitation Probability (EPSS) N/A
Affected packages and librarie
Wiz
CVE-2025-61143 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-61143 [MEDIUM] CVE-2025-61143 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61143 :
NixOS vulnerability analysis and mitigation
libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c.
Source : NVD
## 5.5
Score
Published February 23, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
NixOS
Alma Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mingw64-libtiff
compat-libtiff3-debuginfo
Sources
NVD
CBL-Mariner 2.0, 3.0 Severity MEDIUM Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13 Severity LOW No Fix Added at: Feb 24, 2026
Debian 14 Severity LOW Has Fix Added at: Feb 24, 2026
Echo Severity MEDIUM Has Fi
Wiz
CVE-2026-20414 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2026-20414 [MEDIUM] CVE-2026-20414 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20414 :
NixOS vulnerability analysis and mitigation
In imgsys, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362999; Issue ID: MSV-5625.
Source : NVD
## 6.7
Score
Published February 2, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Feb 04, 2026
## Get a CVE risk assessment
Get a
Wiz
CVE-2026-29054 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-29054 [HIGH] CVE-2026-29054 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-29054 :
NixOS vulnerability analysis and mitigation
Traefik is an HTTP reverse proxy and load balancer. From version 2.11.9 to 2.11.37 and from version 3.1.3 to 3.6.8, there is a potential vulnerability in Traefik managing the Connection header with X-Forwarded headers. When Traefik processes HTTP/1.1 requests, the protection put in place to prevent the removal of Traefik-managed X-Forwarded headers (such as X-Real-Ip, X-Forwarded-Host, X-Forwarded-Port, etc.) via the Connection header does not handle case sensitivity correctly. The Connection tokens are compared case-sensitively against the protected header names, but the actual header deletion operates case-insensitively. As a result, a remote unauthenticated client can use lowercase Connection tokens (e.g. Connection: x-re
Wiz
CVE-2026-2241 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-2241 [MEDIUM] CVE-2026-2241 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2241 :
NixOS vulnerability analysis and mitigation
A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function os_strftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is named 0f285855f0e34f9183956be5f16e045f54626bff. To fix this issue, it is recommended to deploy a patch.
Source : NVD
## 4.8
Score
Published February 9, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.1
Exploitation Probability (EPSS) N/A
Affected package
Wiz
CVE-2026-33216 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33216 [MEDIUM] CVE-2026-33216 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33216 :
NixOS vulnerability analysis and mitigation
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating identity statement (JWT) and exposed via monitoring endpoints. Versions 2.11.14 and 2.12.6 contain a fix. As a workaround, ensure monitoring end-points are adequately secured. Best practice remains to not expose the monitoring endpoint to the Internet or other untrusted network users.
Source : NVD
## 7.5
Score
Published March 25, 2026
Severity HIGH
CNA Score 8.6
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
Wiz
CVE-2026-27197 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2026-27197 [CRITICAL] CVE-2026-27197 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27197 :
NixOS vulnerability analysis and mitigation
Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. Self-hosted users are only at risk if the following criteria is met: ore than one organizations are configured (SENTRY_SINGLE_ORGANIZATION = True), or malicious user has existing access and permissions to modify SSO settings for another organization in a multo-organization instance. This issue has been fixed in version 26.2.0. To workaround this issue, implement user account-based two-factor authentication to
Wiz
CVE-2026-27171 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.9
CVE-2026-27171 [LOW] CVE-2026-27171 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27171 :
NixOS vulnerability analysis and mitigation
zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.
Source : NVD
## 5.5
Score
Published February 18, 2026
Severity MEDIUM
CNA Score 2.9
Affected Technologies
NixOS
rsync
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
nodejs:24::nodejs-packaging-bundler
nodejs:24::npm
Sources
NVD
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23, edge Severity MEDIUM Has Fix Added at: Feb 21, 2026
CBL-Ma
Wiz
CVE-2026-20411 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-20411 [HIGH] CVE-2026-20411 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20411 :
NixOS vulnerability analysis and mitigation
In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5737.
Source : NVD
## 7.8
Score
Published February 2, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Feb 08, 2026
## Get a CVE risk assessment
Get a priorit
Wiz
CVE-2025-33251 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-33251 [HIGH] CVE-2025-33251 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-33251 :
NixOS vulnerability analysis and mitigation
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Source : NVD
## 7.8
Score
Published February 18, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 29.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
nemo
Sources
NVD
Nix Severity HIGH Has Fix Added at: Feb 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can fo
Wiz
CVE-2026-33426 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33426 [MEDIUM] CVE-2026-33426 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33426 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with tag-editing permissions could edit and create synonyms for tags hidden in restricted tag groups, even if they lacked visibility into those tags. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.
Source : NVD
## 3.8
Score
Published March 21, 2026
Severity LOW
CNA Score 3.5
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:discourse:
Wiz
CVE-2026-34235 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-34235 [MEDIUM] CVE-2026-34235 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-34235 :
NixOS vulnerability analysis and mitigation
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure (SS) data. Insufficient bounds checking on the payload descriptor length may cause reads beyond the allocated RTP payload buffer. This issue has been patched in version 2.17. A workaround for this issue involves disabling VP9 codec if not needed.
Source : NVD
## 6.9
Score
Published March 31, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Perc
Wiz
CVE-2026-2782 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2782 [CRITICAL] CVE-2026-2782 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2782 :
NixOS vulnerability analysis and mitigation
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:mozilla:firefox_esr
MozillaFirefox-devel
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13, 14 Severity CRITICAL H
Wiz
CVE-2026-30798 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2026-30798 [HIGH] CVE-2026-30798 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30798 :
NixOS vulnerability analysis and mitigation
Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop, strategy processing modules) allows Protocol Manipulation. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines stop-service handler in heartbeat loop.
This issue affects RustDesk Client: through 1.4.5.
Source : NVD
## 8.2
Score
Published March 5, 2026
Severity HIGH
CNA Score 8.2
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6
Wiz
CVE-2026-25941 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-25941 [MEDIUM] CVE-2026-25941 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25941 :
NixOS vulnerability analysis and mitigation
bitmapDataLength
Source : NVD
## 8.1
Score
Published February 25, 2026
Severity HIGH
CNA Score 4.3
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 27.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
freerdp2
freerdp-devel
Sources
NVD
Alpine 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23, edge Severity HIGH Has Fix Added at: Mar 02, 2026
Chainguard No Fix Added at: Mar 02, 2026
Debian 11, 13 Severity HIGH No Fix Added at: Mar 02, 2026
Debian 12 Severity MEDIUM No Fix Added at: Mar 02, 2026
Debian 14 Severity HIGH Has Fix Added
Wiz
CVE-2026-4695 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4695 [HIGH] CVE-2026-4695 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4695 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 7.5
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firefox-esr
firefox-x11
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix Added at: Mar 29, 2026
Debian 11,
Wiz
CVE-2026-1435 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-1435 [CRITICAL] CVE-2026-1435 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1435 :
NixOS vulnerability analysis and mitigation
Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers, which remain valid even after multiple consecutive logins by the same user. As a result, a stolen or leaked 'sessionId' can continue to be used to authenticate valid requests. Exploiting this vulnerability would allow an attacker with access to the web service/API network (port 9000 or HTTP/S endpoint of the server) to reuse an old session token to gain unauthorized access to the application, interact with the API/web, and compromise
Wiz
CVE-2026-21619 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.0
CVE-2026-21619 [LOW] CVE-2026-21619 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21619 :
NixOS vulnerability analysis and mitigation
Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm hex (mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hex_api.erl, src/mix_hex_api.erl, apps/rebar/src/vendored/r3_hex_api.erl and program routines hex_core:request/4, mix_hex_api:request/4, r3_hex_api:request/4.
This issue affects hex_core: from 0.1.0 before 0.12.1; hex: from 2.3.0 before 2.3.2; rebar3: from 3.9.1 before 3.27.0.
Source : NVD
## 2
Score
Published February 27, 2026
Severity LOW
CNA Score 2.0
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV
Wiz
CVE-2025-13151 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-13151 [HIGH] CVE-2025-13151 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-13151 :
NixOS vulnerability analysis and mitigation
Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.
Source : NVD
## 7.5
Score
Published January 7, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
GnuTLS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
libtasn1-debugsource
mingw-libtasn1
Sources
NVD
Alpine 3.18, 3.19 Severity HIGH Has Fix Added at: Feb 04, 2026
Alpine 3.20, 3.21, 3.22, 3.23 Severity HIGH Has Fix Added at: Jan 13, 2026
Alpine edge Severity HIGH
Wiz
CVE-2026-33291 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33291 [MEDIUM] CVE-2026-33291 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33291 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators can create Zendesk tickets for topics they do not have access to view. This affects all forums that use the Zendesk plugin. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.
Source : NVD
## 5.1
Score
Published March 20, 2026
Severity MEDIUM
CNA Score 5.1
Affected Technologies
NixOS
Discourse
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:discourse:discourse
discour
Wiz
CVE-2026-26018 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-26018 [HIGH] CVE-2026-26018 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26018 :
NixOS vulnerability analysis and mitigation
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2.
Source : NVD
## 7.5
Score
Published March 6, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
CBL Mariner
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probabili
Wiz
CVE-2025-61917 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2025-61917 [HIGH] CVE-2025-61917 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61917 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process (for example, data from prior requests, tasks, secrets, or tokens), resulting in potential information disclosure. This issue has been patched in version 1.114.3.
Source : NVD
## 7.7
Score
Published February 4, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
NixOS
n8n
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Per
Wiz
CVE-2026-20424 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.4
CVE-2026-20424 [MEDIUM] CVE-2026-20424 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20424 :
NixOS vulnerability analysis and mitigation
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5540.
Source : NVD
## 4.4
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 4.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity MEDIUM No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a
Wiz
CVE-2026-2799 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2799 [CRITICAL] CVE-2026-2799 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2799 :
NixOS vulnerability analysis and mitigation
Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 8.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firefox
thunderbird
Sources
Homebrew Severity CRITICAL Has Fix Added at: Mar 03, 2026
Nix Severity CRITICAL Has Fix Added at: Mar 03, 2026
Ubuntu 22.04 Severity MEDIUM No Fix Added at: Mar 02, 2026
Linux Severity CRITICAL Has Fix Added at: Feb 24, 2026
Wi
Wiz
CVE-2026-33738 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33738 [MEDIUM] CVE-2026-33738 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33738 :
NixOS vulnerability analysis and mitigation
description
{!! $item->summary !!}
/feed
Source : NVD
## 4.8
Score
Published March 26, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
lychee
Sources
NVD
Chainguard Has Fix Added at: Mar 29, 2026
Homebrew Severity MEDIUM Has Fix Added at: Apr 02, 2026
Nix Severity MEDIUM Has Fix Added at: Apr 02, 2026
Wolfi Has Fix Added at: Mar 29, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's l
Wiz
CVE-2026-1441 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-1441 [MEDIUM] CVE-2026-1441 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1441 :
NixOS vulnerability analysis and mitigation
Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker to inject and execute arbitrary JavaScript code when a user visits a specially crafted URL. Exploitation of this vulnerability may allow script execution in the victim's browser and limited manipulation of the affected user's session context, through the '/system/index_sets/' endpoint.
Source : NVD
## 5.3
Score
Published February 18, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Has Public Exploit No
Has
Wiz
CVE-2026-4712 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4712 [HIGH] CVE-2026-4712 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4712 :
NixOS vulnerability analysis and mitigation
Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
Source : NVD
## 7.5
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
rhel10::thunderbird-flatpak.src
thunderbird
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 31, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 31, 2026
Chainguard Has Fix Added at: Mar 29, 2026
Debian 1
Wiz
CVE-2026-0008 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2026-0008 [HIGH] CVE-2026-0008 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0008 :
NixOS vulnerability analysis and mitigation
In multiple locations, there is a possible privilege escalation due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source : NVD
## 8.4
Score
Published March 2, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
android
Sources
NVD
Nix Severity HIGH No Fix Added at: Mar 04, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus
Wiz
CVE-2025-69652 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.2
CVE-2025-69652 [MEDIUM] CVE-2025-69652 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69652 :
NixOS vulnerability analysis and mitigation
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.
Source : NVD
## 6.2
Score
Published March 6, 2026
Severity MEDIUM
CNA Score 6.2
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA K
Wiz
CVE-2026-27491 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-27491 [MEDIUM] CVE-2026-27491 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27491 :
NixOS vulnerability analysis and mitigation
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a type coercion issue in a post actions API endpoint allowed non-staff users to issue warnings to other users. Warnings are a staff-only moderation feature. The vulnerability required the attacker to be a logged-in user and to send a specifically crafted request. No data exposure or privilege escalation beyond the ability to create unauthorized user warnings was possible. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.
Source : NVD
## 6.9
Score
Published March 19, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Discourse
Has Public Exp
Wiz
CVE-2025-68942 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2025-68942 [MEDIUM] CVE-2025-68942 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68942 :
NixOS vulnerability analysis and mitigation
Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.
Source : NVD
## 5.4
Score
Published December 26, 2025
Severity MEDIUM
CNA Score 5.4
Affected Technologies
NixOS
Gitea
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gitea
code.gitea.io/gitea
Sources
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20 Severity MEDIUM No Fix Added at: Jan 03, 2026
Chainguard Has Fix Added at: Dec 28, 2025
GoLang Severity MEDIUM Has Fix Added at: Dec 28, 2025
Homebrew Sev
Wiz
CVE-2025-58941 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2025-58941 [HIGH] CVE-2025-58941 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-58941 :
NixOS vulnerability analysis and mitigation
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Fabric fabric allows PHP Local File Inclusion.This issue affects Fabric: from n/a through <= 1.5.0.
Source : NVD
## 8.2
Score
Published December 18, 2025
Severity HIGH
CNA Score 8.2
Affected Technologies
NixOS
WordPress
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
fabric
Sources
NVD
Homebrew Severity HIGH No Fix Added at: Dec 26, 2025
Nix Severity HIGH No Fix Added at: Dec 26, 2025
## Get a CVE risk assessme
Wiz
CVE-2026-33246 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-33246 [MEDIUM] CVE-2026-33246 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33246 :
NixOS vulnerability analysis and mitigation
Nats-Request-Info:
Source : NVD
## 5.4
Score
Published March 25, 2026
Severity MEDIUM
CNA Score 6.4
Affected Technologies
NixOS
Wolfi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
rke2-runtime-1.35
rke2-runtime-fips-1.34
Sources
NVD
Chainguard Has Fix Added at: Mar 26, 2026
Debian 12, 13 Severity MEDIUM No Fix Added at: Mar 29, 2026
Debian 14 Severity MEDIUM Has Fix Added at: Mar 29, 2026
Echo Severity MEDIUM No Fix Added at: Mar 29, 2026
GoLang Severity MEDIUM Has Fix Added at: Mar 25, 2026
Homebrew Severity MEDIUM Has Fix Added at: Mar
Wiz
CVE-2026-0818 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-0818 [MEDIUM] CVE-2026-0818 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0818 :
NixOS vulnerability analysis and mitigation
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If the user had additionally allowed loading of the remote content referenced by the outer email message, and the email was crafted by the sender using a combination of CSS rules and fonts and animations, then it was possible to extract the secret contents of the email. This vulnerability affects Thunderbird < 147.0.1 and Thunderbird < 140.7.1.
Source : NVD
## 4.3
Score
Published January 28, 2026
Severity MEDIUM
CNA Score 4.3
A
Wiz
CVE-2026-2773 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-2773 [CRITICAL] CVE-2026-2773 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2773 :
NixOS vulnerability analysis and mitigation
Incorrect boundary conditions in the Web Audio component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 9.8
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firefox
firefox-debuginfo
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12, 13, 14 Severity CRITIC
Wiz
CVE-2026-31973 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-31973 [MEDIUM] CVE-2026-31973 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31973 :
NixOS vulnerability analysis and mitigation
cram_decode_compression_header()
Source : NVD
## 6.9
Score
Published March 18, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
samtools
Sources
NVD
Debian 11, 12, 13, 14 Severity LOW No Fix Added at: Mar 19, 2026
Echo Severity HIGH No Fix Added at: Mar 19, 2026
Homebrew Severity HIGH Has Fix Added at: Mar 20, 2026
Nix Severity HIGH Has Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploi
Wiz
CVE-2026-2761 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 10.0
CVE-2026-2761 [CRITICAL] CVE-2026-2761 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2761 :
NixOS vulnerability analysis and mitigation
Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Source : NVD
## 10
Score
Published February 24, 2026
Severity CRITICAL
CNA Score 10.0
Affected Technologies
NixOS
Mozilla Firefox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 34
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:mozilla:firefox
cpe:2.3:a:mozilla:thunderbird
Sources
AlmaLinux 8 Severity HIGH Has Fix Added at: Mar 03, 2026
AlmaLinux 9 Severity HIGH Has Fix Added at: Mar 02, 2026
Debian 11, 12
Wiz
CVE-2025-40893 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-40893 [MEDIUM] CVE-2025-40893 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40893 :
NixOS vulnerability analysis and mitigation
A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attributes. When a victim views the affected assets in the Asset List (and similar functions), the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
Source : NVD
## 5.3
Score
Published December 18, 2025
Severity MEDIUM
CNA Score 5.3
Affected Technologies
NixOS
Has Public Exploit No
Has CISA K
Wiz
CVE-2025-68949 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68949 [MEDIUM] CVE-2025-68949 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68949 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured whitelist entry as a substring. This issue affected instances where workflow editors relied on IP-based access controls to restrict webhook access. Both IPv4 and IPv6 addresses were impacted. An attacker with a non-whitelisted IP could bypass restrictions if their IP shared a partial prefix with a trusted address, undermining the intended security boundary. This vulnerability is fixed in 2.2.0.
Source : NVD
## 5.3
Score
Publis
Wiz
CVE-2026-27464 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2026-27464 [HIGH] CVE-2026-27464 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27464 :
NixOS vulnerability analysis and mitigation
Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0.58.6, authenticated users are able to retrieve sensitive information from a Metabase instance, including database access credentials. During testing, it was confirmed that a low-privileged user can extract sensitive information including database credentials, into the email body via template evaluation. This issue has been fixed in versions 0.57.13 and 0.58.7. To workaround this issue, users can disable notifications in their Metabase instance to disallow access to the vulnerable endpoints.
Source : NVD
## 6.5
Score
Published February 21, 2026
Severity MEDIUM
CNA Score 7.7
Affected Technologies
NixOS
Meta
Wiz
CVE-2026-32693 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32693 [MEDIUM] CVE-2026-32693 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32693 :
NixOS vulnerability analysis and mitigation
In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret is still updated contrary to expectations, and the new value is visible to both the owner and the grantee.
Source : NVD
## 8.8
Score
Published March 18, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
NixOS
Homebrew
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.9
Exploitation Probability (EPSS) 0.1
Affected package
Wiz
CVE-2025-66863 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-66863 [HIGH] CVE-2025-66863 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66863 :
NixOS vulnerability analysis and mitigation
An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
Source : NVD
## 7.5
Score
Published December 29, 2025
Severity HIGH
CNA Score 7.5
Affected Technologies
NixOS
Wolfi
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 22.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
gcc-toolset-15-binutils
gcc-toolset-15-binutils-devel
Sources
NVD
Chainguard No Fix Added at: Jan 15, 2026
Debian 11, 12, 13, 14 Severity LOW No Fix Added at: Dec 30, 2025
Echo Severity HIGH Has Fix Added at: Dec 30, 2025
H
Wiz
CVE-2026-32318 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32318 [MEDIUM] CVE-2026-32318 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32318 :
NixOS vulnerability analysis and mitigation
Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted endpoints from the vault config without host authenticity checks, which could allow token exfiltration by mixing a legitimate auth endpoint with a malicious API endpoint. Impacted are users unlocking Hub-backed vaults with affected client versions in environments where an attacker can alter the vault.cryptomator file. This issue has been patched in version 2.8.3.
Source : NVD
## 5.9
Score
Publish
Wiz
CVE-2026-30975 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2026-30975 [HIGH] CVE-2026-30975 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30975 :
NixOS vulnerability analysis and mitigation
Disabled for Local Addresses
Enabled
Source : NVD
## 9.8
Score
Published March 25, 2026
Severity CRITICAL
CNA Score 8.1
Affected Technologies
NixOS
Homebrew
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
sonarr
Sources
NVD
Homebrew Severity CRITICAL Has Fix Added at: Apr 02, 2026
Nix Severity CRITICAL Has Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE ID
Severity
Score
Technologi
Wiz
CVE-2026-28406 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2026-28406 [HIGH] CVE-2026-28406 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28406 :
NixOS vulnerability analysis and mitigation
filepath.Join(dest, cleanedName)
dest
../outside.txt
Source : NVD
## 8.2
Score
Published February 27, 2026
Severity HIGH
CNA Score 8.2
Affected Technologies
NixOS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 48.2
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
kaniko
github.com/chainguard-dev/kaniko
Sources
NVD
GoLang Severity HIGH Has Fix Added at: Mar 02, 2026
Nix Severity HIGH Has Fix Added at: Mar 09, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related NixOS vulnerabilities:
CVE
Wiz
CVE-2025-58949 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2025-58949 [HIGH] CVE-2025-58949 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-58949 :
NixOS vulnerability analysis and mitigation
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Spock spock allows PHP Local File Inclusion.This issue affects Spock: from n/a through <= 1.17.
Source : NVD
## 8.1
Score
Published December 18, 2025
Severity HIGH
CNA Score 8.1
Affected Technologies
NixOS
WordPress
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.1
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
spock
Sources
NVD
Nix Severity HIGH No Fix Added at: Dec 26, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you ca
Wiz
CVE-2026-32254 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-32254 [MEDIUM] CVE-2026-32254 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32254 :
NixOS vulnerability analysis and mitigation
Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds include enabling DenyServiceExternalIPs feature gate, deploying admission policy, restricting service creation RBAC, monitoring service changes, and applying BGP prefix filtering.
Source : NVD
## 7.1
Score
Published March 18, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1
2026-04-01
Published