CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10269 matches found

Nvidia•added 2025/12/16 12:0 a.m.•7 views

Security Bulletin: NVIDIA NeMo Framework - December 2025

NVIDIA has released a software update for NVIDIA® NeMo Framework. To protect your system, clone or update this software to version 2.5.3 or later from NVIDIA/NeMo Framework on NVIDIA GitHub and pypi. Go to NVIDIA Product Security...

7.8CVSS7AI score0.00296EPSS

Exploits0Affected Software1

OSSF Malicious Packages•added 2025/12/08 11:54 p.m.•4 views

Malicious code in helloharry123p (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6e199ebf30ba4e39d4e6bd9fc4d31ffa9f0a7687e21f67e2e6e8c01e3f24717a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.3AI score

Exploits0References1

OSV•added 2025/12/06 2:11 p.m.•1 views

MAL-2025-192351 Malicious code in evil-rce (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 74a74a4133ed8082eba8452bb59a82dcf6975e1e8c4d6630a47088c17d6b6cca Running the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-12-evil-rce...

7.5AI score

Exploits0References1

OSV•added 2025/12/02 8:19 a.m.•1 views

MAL-2025-191761 Malicious code in hooktest3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3d1104ab742749c40acd3c4c989dba15890db64fd22f688dea72727fbc5b9d23 During installation, the package starts a code to retrieve and execute commands from Discord --- Category: MALICIOUS - The campaign has clearly malicious inten...

7.7AI score

Exploits0References1

OSSF Malicious Packages•added 2025/11/26 11:58 p.m.•3 views

Malicious code in discordhelper-ecr (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 689b1c190dc23f0188a57cac218b8dd66c56ecb77478d9bdac584a8cd111bb9b Package exftrates discord credentials to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

7AI score

Exploits0References1

Veracode•added 2025/11/26 2:27 p.m.•3 views

Remote Command Execution

scio-pypi is vulnerable to Remote Command Execution. The vulnerability is due to torch.load executing unsafe deserialization even when weightsonly=True, which allows an attacker to craft malicious model files that trigger arbitrary code execution during loading...

8.2AI score

Exploits0

OSSF Malicious Packages•added 2025/11/26 5:30 a.m.•6 views

Malicious code in atlassian-praz (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 06798e3c48471c4e66160030618f78c51d71d2a7660c5545648cf7902b3eecd4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.3AI score

Exploits0References1

OSSF Malicious Packages•added 2025/11/23 4:18 p.m.•4 views

Malicious code in speed-testing-vps (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 227b3ee25e084b57a160b7287f80a8ab8da0559184c81b5e9cae1d03941ca51b The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

7.1AI score

Exploits0References2

OSSF Malicious Packages•added 2025/11/22 5:1 p.m.•3 views

Malicious code in mzip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cfa6ef3ee944ed5eef4429c7c9ec9488d9c2c70be6435ee1019851527272a9e4 During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

7.3AI score

Exploits0References4

OSV•added 2025/11/19 1:6 p.m.•1 views

MAL-2025-191870 Malicious code in sitoogether (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 09dd85c25ad8d35e40f8afc89c4a7f0322beb48a72db826b13c2142810460ac9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.2AI score

Exploits0References1

Fedora•added 2025/11/15 1:35 a.m.•3 views

[SECURITY] Fedora 42 Update: uv-0.9.7-2.fc42

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

6.6AI score

Exploits0

OSSF Malicious Packages•added 2025/11/14 5:22 p.m.•5 views

Malicious code in minemeld-core (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dfe7b8c00b3748b3fe38ffdf3bd69558abb58091ee3347d47003929976ceb457 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.3AI score

Exploits0References1

Nvidia•added 2025/11/11 12:0 a.m.•4 views

Security Bulletin: NVIDIA NeMo Framework - November 2025

NVIDIA has released a software update for NVIDIA® NeMo Framework. To protect your system, clone or update this software to version 2.5.0 or later from NVIDIA/NeMo Framework from NVIDIA Github and pypi. Go to NVIDIA Product Security...

7.8CVSS6.7AI score0.00022EPSS

Exploits0Affected Software1

OSV•added 2025/11/05 9:16 p.m.•3 views

MAL-2025-191927 Malicious code in wayspiritmcp-weather (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3dbe830c7b2364daef2e4634c16062b86b0b26b88f95533e9413aa91bc646fd Package seems to provide an MCP server, but in fact contains attempts to make an LLM agent break safeguards. As the request is about leaves just a flag, it see...

6.7AI score

Exploits0References1

OSV•added 2025/10/28 7:23 p.m.•1 views

MAL-2025-191876 Malicious code in speedd-testing-bot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2aaec37a58d7717b510aa569770af696e33ae7f9a59e733af3d6341d712f0d66 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

7AI score

Exploits0References2

OSSF Malicious Packages•added 2025/10/28 7:23 p.m.•3 views

Malicious code in speedd-testing-bot (PyPI)

7.1AI score

Exploits0References2

OSSF Malicious Packages•added 2025/10/22 4:22 p.m.•3 views

Malicious code in requests-os (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c944343070e83d2eab122e862b5c7349722ee7ceae5ae21e428926480681d24f Package contains capabilities for remote control of the user's computer and exfiltrating data --- Category: MALICIOUS - The campaign has clearly malicious...

7.1AI score

Exploits0References1

OSV•added 2025/10/19 4:42 p.m.•2 views

MAL-2025-191642 Malicious code in kirux189894 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f147ce226cffa7d6f6b34db801242958dc198c8d18c01cef735b65439dae8678 Package simulates malicious activity during installation and has no other purpose --- Category: PROBABLYPENTEST - Packages looking like typical pentest package...

7.5AI score

Exploits0References1

OSV•added 2025/10/19 4:35 p.m.•1 views

MAL-2025-191670 Malicious code in abhamzufu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7ef1806d244274823ed462cd27dc9ec91a4c26d7bc7141bd652ecf05cb40c2dc Package simulates malicious activity during installation and has no other purpose --- Category: PROBABLYPENTEST - Packages looking like typical pentest package...

7.5AI score

Exploits0References1