Lucene search
K

9178 matches found

NVD
NVD
added yesterday8 views

CVE-2026-15519

A vulnerability was found in usestrix strix up to 1.0.2. This affects an unknown function of the file systemprompt.jinja of the component PyPI Handler. Performing a manipulation results in inclusion of functionality from untrusted control sphere. The attack is possible to be carried out remotely...

5.1CVSS0.00238EPSS
Exploits0References5
EUVD
EUVD
added yesterday9 views

EUVD-2026-43262

A vulnerability was found in usestrix strix up to 1.0.2. This affects an unknown function of the file systemprompt.jinja of the component PyPI Handler. Performing a manipulation results in inclusion of functionality from untrusted control sphere. The attack is possible to be carried out remotely...

5.1CVSS5.4AI score0.00238EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday14 views

CVE-2026-15519 usestrix PyPI system_prompt.jinja inclusion of functionality from untrusted control sphere

A vulnerability was found in usestrix strix up to 1.0.2. This affects an unknown function of the file systemprompt.jinja of the component PyPI Handler. Performing a manipulation results in inclusion of functionality from untrusted control sphere. The attack is possible to be carried out remotely...

5.1CVSS0.00238EPSS
Exploits0References5
CVE
CVE
added yesterday17 views

CVE-2026-15519

The CVE-2026-15519 entry affects usestrix strix up to 1.0.2, specifically the PyPI Handler’s file system_prompt.jinja. A manipulation can cause inclusion of functionality from an untrusted control sphere. The vulnerability is exploitable remotely with network impact and a high attack complexity; ...

5.1CVSS5.4AI score0.00238EPSS
Exploits0References5
OSV
OSV
added 4 days ago63 views

ROOT-APP-PYPI-CVE-2026-28684 CVE-2026-28684 in rootio-python-dotenv - Patched by Root

Root has patched CVE-2026-28684 in the rootio-python-dotenv package for Root:PyPI. Multiple fixed versions available...

6.6CVSS5.2AI score0.00236EPSS
Exploits1
OSV
OSV
added 4 days ago12 views

ROOT-APP-PYPI-CVE-2026-34993 CVE-2026-34993 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-34993 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

7.3CVSS7.8AI score0.00128EPSS
Exploits0
OSV
OSV
added 4 days ago5 views

ROOT-APP-PYPI-CVE-2023-49082 CVE-2023-49082 in rootio-aiohttp - Patched by Root

Root has patched CVE-2023-49082 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

5.3CVSS6.5AI score0.0094EPSS
Exploits1
OSV
OSV
added 4 days ago7 views

ROOT-APP-PYPI-CVE-2024-5569 CVE-2024-5569 in rootio-zipp - Patched by Root

Root has patched CVE-2024-5569 in the rootio-zipp package for Root:PyPI. Multiple fixed versions available...

6.2CVSS7.9AI score0.00236EPSS
Exploits0
OSV
OSV
added 6 days ago3 views

ROOT-APP-PYPI-GHSA-W235-7P84-XX57 GHSA-w235-7p84-xx57 in rootio-tornado - Patched by Root

Root has patched GHSA-w235-7p84-xx57 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

6.5CVSS5.9AI score
Exploits0
OSV
OSV
added 6 days ago5 views

ROOT-APP-PYPI-CVE-2023-28370 CVE-2023-28370 in rootio-tornado - Patched by Root

Root has patched CVE-2023-28370 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

6.1CVSS6.6AI score0.01132EPSS
Exploits0
OSV
OSV
added 6 days ago5 views

ROOT-APP-PYPI-CVE-2026-31958 CVE-2026-31958 in rootio-tornado - Patched by Root

Root has patched CVE-2026-31958 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.9AI score0.00375EPSS
Exploits0
OSV
OSV
added 6 days ago7 views

ROOT-APP-PYPI-CVE-2025-4565 CVE-2025-4565 in rootio-protobuf - Patched by Root

Root has patched CVE-2025-4565 in the rootio-protobuf package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.4AI score0.00281EPSS
Exploits0
OSV
OSV
added 6 days ago10 views

ROOT-APP-PYPI-CVE-2023-44271 CVE-2023-44271 in rootio-pillow - Patched by Root

Root has patched CVE-2023-44271 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.4AI score0.01038EPSS
Exploits0
OSV
OSV
added last week21 views

ROOT-APP-PYPI-CVE-2026-41182 CVE-2026-41182 in rootio-langsmith - Patched by Root

Root has patched CVE-2026-41182 in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.8AI score0.00214EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/03 11:44 p.m.11 views

Malicious code in confighub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 805d9b5848999d2ba85368446cb12d90bf350b8201a78dd475079c04f180dd81 confighub 7.0.1 declares installrequires='procwire' and imports procwire at package load in init.py under a version gate that silently swallows...

6.1AI score
Exploits0References4
OSV
OSV
added 2026/06/28 4:55 p.m.9 views

MAL-2026-6560 Malicious code in tdata-grabber (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b4c3b37df5e3d08d7bc6ad736e0231ed0dc655640ffdf0dc403f4029ace2787 Package name explicitly declares its purpose as harvesting Telegram Desktop session data tdata directory. The tdata folder contains live authenticate...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/26 2:23 p.m.3 views

PYSEC-2026-235 Malicious code in ppkt2synergy (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, malicious phantom releases of ppkt2synergy were published to PyPI using stolen credentials. The package executes a bundled JavaScript payload via the Bun runtime on import that harvests and exfiltrates credentials an...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/26 2:17 p.m.4 views

PYSEC-2026-234 Malicious code in phenopacket-store-toolkit (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, malicious phantom releases of phenopacket-store-toolkit were published to PyPI using stolen credentials. The package executes a bundled JavaScript payload via the Bun runtime on import that harvests and exfiltrates...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/25 2:59 p.m.4 views

PYSEC-2026-233 Malicious code in gpsea (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, malicious phantom releases of gpsea were published to PyPI using stolen credentials. The package executes a bundled JavaScript payload via the Bun runtime on import that harvests and exfiltrates credentials and...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/24 2:1 p.m.5 views

PYSEC-2026-232 Malicious code in ensmallen (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, malicious phantom releases of ensmallen were published to PyPI using stolen credentials. The package executes a bundled JavaScript payload via the Bun runtime on import that harvests and exfiltrates credentials and...

5.8AI score
Exploits0References3
Rows per page
Query Builder