9546 matches found
Why Unofficial Download Sources Are Still a Security Risk in 2026
Security Risk in 2026: why unofficial download sources still put users at risk, and how to verify safe, official install paths before installing software...
GHSA-JP4C-XJXW-MGF9 pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...
CVE-2026-6357
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...
CVE-2026-6357
CVE-2026-6357 affects pip prior to 26.1, where a self-update check would run after wheel installation and could import recently installed Python modules. The root cause is that imports of certain well-known module names were deferred to speed up CLI startup, allowing a wheel install to trigger im...
Malicious code in bytedaaa (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fedb317c49dbeddcfa00503c821197919801ee034dd6713e6a1c45ea68ebd7dc Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-3090 Malicious code in bytedecs (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 33034832d7823023eca4d7640030b040b26d4d5274e222bf294b7cf0be28430c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in bytedark (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b1b29d53129e34fa2f09eacd9218f1bf87711e4a88587ee9c5f4453cfb6974ac Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-3086 Malicious code in bytedai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6453b603ad8bfd1ff4463c1bd86e1930757b08239ec949b01fbc95ca0c5486a6 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in bytedmlp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 747ac5ba3db3b0d1cc24dcec3ffa5c068394edf57bf11d5f28b03526a4eda95d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-3093 Malicious code in bytedmlp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 747ac5ba3db3b0d1cc24dcec3ffa5c068394edf57bf11d5f28b03526a4eda95d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in bytedclaw (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 222fec842fbce5c57d9ab98166abc5a0b555076048a153f00dd34b7a1ceec072 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-3099 Malicious code in bytedvod (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c2b90eec61e5e2a472f910011acc1e66e407b4a240e907ac74289221e1a5e83f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-3088 Malicious code in bytedbackground (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ab2e307770a6b144edad3254d316375ed3cdad0a56f21438b28bcc0f1a17fcb9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in bytedtccc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3ffa89455e2b287319982cda83447a21535ba442b7532714ca2867a935712bcb Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in bytedmem (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 410777f44f683eff2ab28c9dc499058d36f39204f834dd2040ed9b5bbf628174 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
PT-2026-36922
Name of the Vulnerable Software and Affected Versions Nginx UI version 2.3.5 Description Nginx UI, a web user interface for the Nginx web server, contains a flaw allowing an unauthenticated bootstrap takeover. This occurs during the initial installation window via the 'POST /api/install' endpoint...
MAL-2026-3050 Malicious code in robase-fast-install (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 eb36bd6222d998fae305e6200dff6413fec375765d7b81876e8041b72101c7ef During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in robase-fast-install (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 eb36bd6222d998fae305e6200dff6413fec375765d7b81876e8041b72101c7ef During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-3048 Malicious code in robase-gui-api (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6c53f61007a9e23f2c47112de5225aa8e364f5aeb45c99d22084d6fb08b2179e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-3047 Malicious code in robase-gui (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ffbeda05758af4fb3c32de434df674102718336d499124f08b158271e4a08f7e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...