MAL-2025-2957 Malicious code in enquiry-exam (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 590114fe4174abb1ff72c06bf128aef53bd76a67eaeca5d5e891be001f6b0c17 Package contains a reverse shell. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-03-certifications...

MAL-2025-2152 Malicious code in certifications (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7d51c9defecdd382c5048eb6f92b32558355b8457b2b5cd63f3d86e12e8ed35b Package contains a reverse shell. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-03-certifications...

MAL-2025-2993 Malicious code in pythonhttp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3ed5759c2260c5467724f053f3d59eac62f5491fc2d03350fef0a6f832652e3b Installing the package starts a heavily obfuscated Powershell Script that attempts to at least overwrite copied crypto wallets --- Category: MALICIOUS - The...

GHSA-VR75-HJH9-7FR6 Duplicate Advisory: Remote Code Execution via Malicious Pickle File Bypassing Static Analysis

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-655q-fx9r-782v. This link is maintained to preserve external references. Original Description picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that use...

MAL-2025-2013 Malicious code in xuiniadb (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-2007 Malicious code in useragents (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-2003 Malicious code in tronwebpy (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-2002 Malicious code in tronpyweb (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-2001 Malicious code in tronpynet (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-1999 Malicious code in tronlinkpy (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-2000 Malicious code in tronnetpy (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-1998 Malicious code in trongridpy (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-1988 Malicious code in ransomware (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-1987 Malicious code in randomuseragent (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-1979 Malicious code in maliciouspkg (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-1967 Malicious code in aurm-python-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-2975 Malicious code in mirage-rce (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f9ba7e438828f3bcacd252bc54f00732b129fe6fc8f6a9909d964720ac1e6420 Setup.py contains a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-02-mirage-rce Reasons...

MAL-2025-2952 Malicious code in ctf-aio-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1641f444ea0056686d1421b67d63c1a6fd944999ed4dff175924de88f1d5182a Installing the package starts a reverse shell. The remote server is, however, set as a local IP, so it's most probably testing --- Category: PROBABLYPENTEST -...

CVE-2025-1716

picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...

CVE-2025-1716 picklescan - Security scanning bypass via 'pip main'

picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...