MAL-2025-191749 Malicious code in hashstation (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c4f136247c8a57eee83a1a36ee355c982d900b5f5b570a0936dc1df68db6d5f2 When using methods from the package, it downloads an obfuscated code from Github and puts it in multiple localisation. While it appears that this code is used ...

MAL-2025-23252 Malicious code in installments (npm)

The package installments was found to contain malicious code...

MAL-2025-12477 Malicious code in @zalastax/nolb-muw (npm)

The package @zalastax/nolb-muw was found to contain malicious code...

MAL-2025-191832 Malicious code in pycrackhash (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b3323afe460298d80a354497acdd641752c5fb6bce2dce3d7e7625d7a46f1d7c When using methods from the package, it downloads an obfuscated code from Github and puts it in multiple localisation. While it appears that this code is used ...

MAL-2025-191723 Malicious code in fastertelethon (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3ccfc281c2541df7e1354e6de8c64624fdc75dcc229d33962b171b0a95087edf Clone of Telethon package that exfiltrates credentials. See client/telegrambaseclient.py L608-626 exfiltration function and client/auth.py L163 usage. ---...

MAL-2025-191724 Malicious code in fastgram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bbc47050a01cdb07bbf87c6a6f47028545200c85d553a4952b686a705a6d7d3c Clone of Telethon package that exfiltrates credentials. See client/telegrambaseclient.py L608-626 exfiltration function and client/auth.py L163 usage. ---...

Malicious code in piepunk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 40c9660a52e99412daf32818f5263ad562bf43281984b9676aa93874912132be This is a clone of "pymunk" package. In the space.py file there is a code that attempts to exfiltrate data from the Discord client during initialization...

Malicious code in spiderai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cfee8e74f278d45135c11ee4ff3f18180cb2423e333934a8ba994f5e8ec48b9a Every time the user sends a message to the AI, the user IP, message as well as the response are exfiltrated to a hardcoded telegram channel. This behaviour is...

MAL-2024-12351 Malicious code in spy-ai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d71096c3aa8cb143ba7fab208ab313a240e8f1f9846b17b947a01f729fc1864a Every time the user sends a message to the AI, the user IP, message as well as the response are exfiltrated to a hardcoded telegram channel. This behaviour is...

Race condition

PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of service vulnerability. An attacker may trigger the denial of service condition by providing crafted data to the DecodeFromBytes or other decoding mechanisms in PeterO.Cbor. Depending on the usage of the library, an...

USN-6449-2 ffmpeg regression

USN-6449-1 fixed vulnerabilities in FFmpeg. Unfortunately that update could introduce a regression in tools using an FFmpeg library, like VLC. This updated fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that FFmpeg incorrectly managed memory...

BELL-CVE-2023-24532 CVE-2023-24532 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2020-8621 CVE-2020-8621 does not affect BellSoft software

Bulletin has no description...

Unvalidated External Library Usage in RSASHA256Algorithm

Lines of code Vulnerability details Impact A hacker could exploit this vulnerability to inject malicious code into the contract, potentially allowing them to steal user funds or take control of the contract. Proof of Concept To demonstrate the attack vector, lets deploy a malicious version of the...

CVE-2022-47508

Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos...

PYSEC-2023-17

IPython Interactive Python is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requir...

UBUNTU-CVE-2022-23935

lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file = /|$/ check, leading to command injection...

Driftwood - Private Key Usage Verification

Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user. Driftwood performs lookups with the computed public key, so the private key never leaves where you run the tool. Additionally it supports some basic password...

BELL-CVE-2021-43976 CVE-2021-43976 does not affect BellSoft software

Bulletin has no description...

GHSA-C38G-469G-CMGX Improper Neutralization of Special Elements in Output in helm.sh/helm/v3

Since Helm 2 was released, a well-documented aspect of Helm is that the Helm chart's version number MUST follow the SemVer2 specification. In the past, Helm would not permit charts with malformed versions. At some point, a patch was merged that changed this - On a version parse error, the version...