1682 matches found
[SECURITY] Fedora 43 Update: proftpd-1.3.9a-1.fc43
ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...
Malicious code in justinleaguekems (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 039b35e6547b64dd3e28ba9e178b9716447f88d6bd9558766c9ffe8850262d99 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2026-3380 Malicious code in justinleaguekems (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 039b35e6547b64dd3e28ba9e178b9716447f88d6bd9558766c9ffe8850262d99 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Malicious code in yeahmankema (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e82095096c026f9ea1f8a44e7b94b0f9def1346ef887a8a6bb4e11aedc5abd63 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization through the PUT /api/echo/like/:id endpoint, which lacks authentication and rate limiting. An attacker can manipulate the favcount of any echo, including private ones, by sending repeated requests without...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization through the PUT /api/echo/like/:id endpoint, which lacks authentication and rate limiting. An attacker can manipulate the favcount of any echo, including private ones, by sending repeated requests without...
Ech0 allows PUT /api/echo/like/:id unauthenticated: anonymous callers to modify any echo's fav_count
Summary PUT /api/echo/like/:id at internal/router/echo.go:12 is registered on PublicRouterGroup with no authentication and no rate limit. Anonymous callers increment the favcount counter on any echo including private echoes by UUID, repeat the request without deduplication, and trigger a database...
GHSA-PJ6Q-4VQ4-R8CG Ech0 allows PUT /api/echo/like/:id unauthenticated: anonymous callers to modify any echo's fav_count
Summary PUT /api/echo/like/:id at internal/router/echo.go:12 is registered on PublicRouterGroup with no authentication and no rate limit. Anonymous callers increment the favcount counter on any echo including private echoes by UUID, repeat the request without deduplication, and trigger a database...
Ech0's Unauthenticated Like Endpoint Enables Arbitrary Engagement Metric Inflation
Summary No authentication is required to invoke PUT /api/echo/like/:id. The handler is registered on the public router group. The service increments favcount for the given echo without checking identity, without a per-user limit, and without CSRF tokens. A remote client can arbitrarily inflate li...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the PUT /api/echo/like/:id endpoint. An attacker can manipulate engagement metrics by sending repeated unauthenticated requests to the like endpoint, resulting in arbitrary inflation of the favcount value...
GHSA-RGJ7-VG8V-J4WR Ech0's Unauthenticated Like Endpoint Enables Arbitrary Engagement Metric Inflation
Summary No authentication is required to invoke PUT /api/echo/like/:id. The handler is registered on the public router group. The service increments favcount for the given echo without checking identity, without a per-user limit, and without CSRF tokens. A remote client can arbitrarily inflate li...
MAL-2026-3367 Malicious code in crayrandomiz (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 70d147758fe5288bee2adc712e45b7836211b83ce0b209fd42a31e4b3696bbf2 Package exfiltrates screenshots and network information to a hardcoded target. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Malicious code in quicklytookerv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 eeb02e3ddf9f61661d72bac1e244227aa8b6a8a88ab1226a521cc7aa48d5da37 The package silently exfiltrates screenshots and basic data. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
MAL-2026-3364 Malicious code in quicklytookerv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 eeb02e3ddf9f61661d72bac1e244227aa8b6a8a88ab1226a521cc7aa48d5da37 The package silently exfiltrates screenshots and basic data. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
CVE-2026-43103
In the Linux kernel, the following vulnerability has been resolved: net: lapbether: handle NETDEVPRETYPECHANGE lapbethdatatransmit expects the underlying device type to be ARPHRDETHER. Returning NOTIFYBAD from lapbethdeviceevent makes sure bonding driver can not break this expectation...
Malicious code in randomchoicemas (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0dc4c38310ad4ec9a939abd09fa48fce4f2f2e91e02389d59f3fefc30eda4c2c The package silently exfiltrates screenshots and basic data. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
MAL-2026-3237 Malicious code in protocol-stub-generator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8ad6f31dc6bdf35ca55cf2a55e9124e07131de068c8ff945e62716637b6e06d1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-3230 Malicious code in currenttimerpy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ccd5c81889e68b6ae8a0e8ef90b7c3a4dc447b08872ad6ac48ce94804985379d During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...
MAL-2026-3217 Malicious code in aocl-sparse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2f6149e96819a7800ef567eb459fdf9fc6cfc6ba1e6458c8e29e3aa7a50a8968 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in my-pipeline-watcher-poc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 78f513e5eabf5ee549e85154e86f71885e76bb0052ec815bbbb8c090bb2cf2b1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...