Vulnerabilidades em NixOS
26 resultadosCVE-2026-25137CRITICALNixOs Odoo database and filestore publicly accessible with default odoo configurationEPSS 10.1%CVE-2024-45049HIGHNix Hydra Missing authentication when triggering evaluationsEPSS 0.6%CVE-2024-27297MEDIUMNix Corruption of fixed-output derivationsEPSS 0.6%CVE-2026-44029MEDIUMAn issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-fiEPSS 0.6%CVE-2024-45593CRITICALNix affected by unsafe NAR unpackingEPSS 0.6%CVE-2024-32657MEDIUMHydra has persistent XSS vulnerability serving HTML build outputsEPSS 0.5%CVE-2026-23838HIGHTandoor Recipes module allows SQLite database to be externally accessible with the default settingsEPSS 0.4%CVE-2025-54864MEDIUMHydra missing authentication when triggering evaluations through GitHub and Gitea pluginsEPSS 0.4%CVE-2024-47174MEDIUMCredential leak when credentials are used with `<nix/fetchurl.nix>`EPSS 0.3%CVE-2025-32435LOWHydra no restricted eval after nix-eval-jobs migrationEPSS 0.3%CVE-2023-36476HIGH`calamares-nixos-extensions` LUKS keyfile exposureEPSS 0.2%CVE-2025-64766MEDIUMNixOS has hardcoded credentials in Onlyoffice moduleEPSS 0.2%CVE-2026-39860CRITICALNix sandbox escape: file write via symlink at FOD `.tmp` copy destinationEPSS 0.2%CVE-2025-54800HIGHHydra persistent XSS in build metricsEPSS 0.2%CVE-2026-44028HIGHAn issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stacEPSS 0.2%CVE-2024-51481LOWNix allows macOS sandbox escape via built-in buildersEPSS 0.2%CVE-2025-46416LOWThe Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user accEPSS 0.2%CVE-2025-32438HIGHLocal privilege escalation in make-initrd-ngEPSS 0.2%CVE-2026-25740MEDIUMPrivilege escalation to the `CAP_NET_RAW` capability via the `programs.captive-browser` NixOS moduleEPSS 0.1%CVE-2025-52991LOWThe Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This aEPSS 0.1%