9588 matches found
CVE-2026-6105
A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component doInstall Interface. The manipulation leads to improper authorization. The attack may be initiate...
Malicious code in robase-fallback (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a90a9e6e638fef782e18c99b5ab69341776385c7c7e6000af01a6b0fd2c3b0b6 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-2562 Malicious code in robase-fallback (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a90a9e6e638fef782e18c99b5ab69341776385c7c7e6000af01a6b0fd2c3b0b6 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in robase-installer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1edd96cface7dcae9f445d94982ffc19a27e557fae7030e77e6e5646dfdd5c98 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-2547 Malicious code in ixosmonitoring (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cfca4d7a38a0805f56b3bddcef1b421a8584a4d52df7a1a22676369679347bf5 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in ixosmonitoring (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cfca4d7a38a0805f56b3bddcef1b421a8584a4d52df7a1a22676369679347bf5 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2548 Malicious code in ks-hex2pcap (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 90b58f7aa303c563186a1d1c2a89d13caec4e0c04a48f6838fcba294b7846e96 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in python-aickerso (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d1d7d33d48c083d0e17d3a3698d815f66dffb070f743e030278059a558c5e6fd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2549 Malicious code in python-aickerso (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d1d7d33d48c083d0e17d3a3698d815f66dffb070f743e030278059a558c5e6fd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in hex2pcap (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e634909fd8dcb36401b0272dad2f87486457c32c1283145dfb76d402fff41c2c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
PT-2026-32126
A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component doInstall Interface. The manipulation leads to improper authorization. The attack may be initiate...
CVE-2026-33698
Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals...
Malicious code in bogus-nydus-op (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 dc5b423ccd6e29bde31dc5123f2e888f3eaedc3fddf020aab581d2b8e64cc8a8 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2540 Malicious code in gd-auth (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 baa9851d66a8d40c23baf029f186e4f8f5366381dadb2d3ecc8cb9420e5e3997 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in gd-auth-sso (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8f23b8545f85df66640646272b028ab4db1032fcb4fd5bbd745971b3438cc4f1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in customer-local-ops (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ef5d282201c89a99b3d50d086b0c6916792744bff406f01b7920533e43562212 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2539 Malicious code in customer-local-ops (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ef5d282201c89a99b3d50d086b0c6916792744bff406f01b7920533e43562212 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
CVE-2026-33698
Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals...
CVE-2026-33698 Chamilo LMS affected by unauthenticated RCE in main/install folder
Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals...
EUVD-2026-21539
Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals...