CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

ATTACKERKB•added 2026/05/05 12:30 a.m.•0 views

CVE-2026-44028

An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR Nix Archive parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite...

7.5CVSS6.4AI score0.00006EPSS

Exploits0References5Affected Software2

CVE•added 2026/05/05 12:30 a.m.•19 views

CVE-2026-44028

CVE-2026-44028 affects Nix and Lix: unbounded recursion in the NAR (Nix Archive) parser can cause a stack-to-heap overflow when parsing on a coroutine stack. The stack lacks a guard page, enabling a stack overflow to overwrite heap memory and potentially execute arbitrary code as the Nix daemon (...

7.5CVSS6.4AI score0.00006EPSS

Exploits0References5

Positive Technologies•added 2026/05/05 12:0 a.m.•2 views

PT-2026-36940

Name of the Vulnerable Software and Affected Versions Nix versions 2.24.4 through 2.34.6 Lix versions 2.93.0 through 2.95.1 Description Unbounded recursion in the NAR Nix Archive parser can lead to a stack-to-heap overflow when the parser operates on a coroutine stack. Because the stack is...

7.5CVSS6.4AI score0.00006EPSS

Exploits0References22

CNNVD•added 2026/04/08 12:0 a.m.•5 views

Nix 安全漏洞

Nix is a package manager developed by Nix itself. There were security vulnerabilities in versions of Nix prior to 2.34.5, as well as versions before 2.33.4, 2.32.7, 2.31.4, 2.30.4, 2.29.3, and 2.28.6. These vulnerabilities stemmed from improper handling of symbolic links, which could lead to...

9CVSS5.9AI score0.00013EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2025-19410

Malicious code in bioql PyPI...

2.9CVSS6.3AI score0.00082EPSS

Exploits0References6

Tenable Nessus•added 2025/08/27 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-46415

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28....

3.2CVSS5.9AI score0.00072EPSS

Exploits0References3

OSV•added 2025/06/27 2:15 p.m.•1 views

DEBIAN-CVE-2025-46415

A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b...

3.2CVSS5.5AI score0.00072EPSS

Exploits0References1

OSV•added 2025/06/27 2:15 p.m.•1 views

UBUNTU-CVE-2025-52993

A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user e.g., nixbld or guixbuild. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before...

5.6CVSS5.9AI score0.00072EPSS

Exploits0References10

Positive Technologies•added 2024/10/31 12:0 a.m.•2 views

PT-2024-34646 · Nix · Nix

Name of the Vulnerable Software and Affected Versions: Nix versions prior to 2.18.9 Nix versions prior to 2.19.7 Nix versions prior to 2.20.9 Nix versions prior to 2.21.5 Nix versions prior to 2.22.4 Nix versions prior to 2.23.4 Nix versions prior to 2.24.10 Description: The issue concerns the Ni...

1CVSS6.9AI score0.00079EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by