1923 matches found
EUVD-2022-52713
RabbitMQ has predictable credential obfuscation seed value used in Shovel and Federation plugins...
XWiki < 4.10.15 - Email Disclosure
The Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email using XWiki's regular search interface. id: CVE-2023-50720 info: name: XWiki 4.10.15 - Email Disclosure author:...
MAL-2026-6549 Malicious code in discord-token-generator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebd016cfcb52b59c0141268099b96c1336a15ca1d0afce46f367c7fe376f57de discordtokengenerator/init.py imports tokens.py, which instantiates TokenManager at module load. The constructor calls notin, which concatenates eigh...
MAL-2026-6515 Malicious code in sqligen (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de59ac5884f286d69e42a71ba0cb7b99aa06d2b1f0e28a279a84d3db86eb3196 setup.py contains an obfuscated install-time dropper that fires on Windows. Two functions with diagnostic-sounding names 'GetDefaultSystemPolicy' /...
Malicious code in sqligen (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de59ac5884f286d69e42a71ba0cb7b99aa06d2b1f0e28a279a84d3db86eb3196 setup.py contains an obfuscated install-time dropper that fires on Windows. Two functions with diagnostic-sounding names 'GetDefaultSystemPolicy' /...
Malicious code in @outmarket/utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cd90f0d706cda01a5740f120f6e8d22ae57d907a5000854439c201b3c53a8c0 package.json declares a postinstall lifecycle script that fires automatically on npm install. The inline node -e payload uses hex-encoded property...
MAL-2026-6247 Malicious code in requests-enhancer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0f61f1a905e0ec1bb593f7b20d4f9a8a9e72deeb16440f72acbcaf00aeab1cd On import requestsenhancer, the package's init.py spawns a daemon thread that runs pip install...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in the WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI through a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI through a malicious file. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Medium...
MAL-2026-6083 Malicious code in syncagents (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...
Malicious code in syncagents (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...
MAL-2026-5876 Malicious code in temp-development-package-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5cdc1d94dd0cfb62a4a0267ae52bf1a72dfa31a6854196b4bb220759b7c6e878 Starting with version 0.4, package installs a sitecustomize.py that executes during Python engine initialization. The embeded code uses mshta to download...
Malicious code in myfirstpackagetestaaa (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c05b4934471efac919453e87b37a94a9a92c930455283c0bfb85b535c61f4a6b During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...
Malicious code in aaaazzzzaz (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c1698c50a4706300296a442bbb0ae57280e870d8c83575d68218143e4ffd6645 During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...
MAL-2026-5874 Malicious code in aaaazzzzaz (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c1698c50a4706300296a442bbb0ae57280e870d8c83575d68218143e4ffd6645 During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...
Malicious code in testpackagemanyhttpsgo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 336f39e218fe5b5a09ef8ee7757efa7a0ca73c0fe6571bc232d735448499a950 At install time, setup.py fetches https://tmpfiles.org/dl/wawHVGgfydD7/6a306c5f03a52.exe via urllib, writes the response to disk, and executes it wit...
MAL-2026-5840 Malicious code in testpackagemanyhttpsgo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 336f39e218fe5b5a09ef8ee7757efa7a0ca73c0fe6571bc232d735448499a950 At install time, setup.py fetches https://tmpfiles.org/dl/wawHVGgfydD7/6a306c5f03a52.exe via urllib, writes the response to disk, and executes it wit...
Malicious code in pyptllm (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fa41ae2f65e7cb8e2acbf3c242271656f489b615a11473d00b48dd83e69633f4 During installation, the code attempts to download and start a malicious executable. Likely related to 2025-08-raknet-testing-package. --- Category: MALICIOUS ...