All 5 CVE vulnerabilities found in nixpkgs, with AI-generated Chinese analysis, references, and POCs.
Vendor: NixOS
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25740 | Privilege escalation to the `CAP_NET_RAW` capability via the `programs.captive-browser` NixOS module CWE-250 | 8.8AI | HighAI | 2026-02-09 |
| CVE-2026-25137 | NixOs Odoo database and filestore publicly accessible with default odoo configuration CWE-552 | 9.1 | Critical | 2026-02-02 |
| CVE-2026-23838 | Tandoor Recipes module allows SQLite database to be externally accessible with the default settings CWE-538 | 7.5AI | HighAI | 2026-01-19 |
| CVE-2025-64766 | NixOS has hardcoded credentials in Onlyoffice module CWE-798 | 5.3 | Medium | 2025-11-17 |
| CVE-2025-32438 | Local privilege escalation in make-initrd-ng CWE-378 | 8.8 | High | 2025-04-15 |
All 5 known CVE vulnerabilities affecting nixpkgs with full Chinese analysis, references, and POCs where available.