CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/06/11 11:8 p.m.•11 views

Malicious code in bittensor-burn-message (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f574e414f35843b11dbb52cd921ce2f2e57f6292845d4770256bea17b41d86e8 Package targets Bittensor BIP-39 wallet holders. On import, defaults.env loads a hardcoded TELEGRAMBOTTOKEN 8666228137 and TELEGRAMCHATID 8766781014...

5.6AI score

OSV•added 2026/06/11 11:8 p.m.•8 views

MAL-2026-5680 Malicious code in bittensor-burn-message (PyPI)

5.6AI score

EUVD•added 2026/06/11 6:32 p.m.•8 views

EUVD-2026-36282

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

7.3CVSS5.7AI score0.00204EPSS

AlpineLinux•added 2026/06/11 6:32 p.m.•7 views

CVE-2026-52858

7.8CVSS5.5AI score0.00204EPSS

OSSF Malicious Packages•added 2026/06/11 12:2 p.m.•8 views

Malicious code in bibip-bip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2b153c90d83d4653660dd79a5a0935af85bd804fd98163c42995403bca240a6 pyproject.toml declares a PEP 517 build requirement that points to an arbitrary tarball hosted on webhook.site, an anonymous request-inspection /...

6.3AI score

OSSF Malicious Packages•added 2026/06/11 1:46 a.m.•6 views

Malicious code in acme-widget-layout-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff800752007d4e55ddc8172e04c8d75ac04d61b499cc58d97f016cd34d70d6c4 On import, src/acmewidgetlayoututils/init.py executes a textbook reverse-shell pattern: it opens a TCP socket, duplicates the socket file descriptor...

OSV•added 2026/06/11 1:46 a.m.•9 views

MAL-2026-5545 Malicious code in acme-widget-layout-utils (PyPI)

OSV•added 2026/06/11 12:0 a.m.•2 views

OPENSUSE-SU-2026:11003-1 python313-Django6-6.0.6-1.1 on GA media

These are all security issues fixed in the python313-Django6-6.0.6-1.1 package on the GA media of openSUSE Tumbleweed...

5.3CVSS5.2AI score0.00296EPSS

Exploits0References5

OSSF Malicious Packages•added 2026/06/10 10:38 p.m.•7 views

Malicious code in icinga (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbedb312e9cfe0f5cc7783487adc963f142ebcaefa0fb9305a9a535f373b052d PyPI package 'icinga' at version 99.1.0 is a dependency-confusion / typosquat lure against the Icinga monitoring project. It ships no real...

OSV•added 2026/06/10 7:28 p.m.•9 views

MAL-2026-5531 Malicious code in telegramlite (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 be464abbf0e3f375f4865ac2802a6b6d96e7af1ce30984d84f464470cdef17dd Package exfiltrates data from the Telegram application to a remote location, effectively collecting Telegram sessions. --- Category: MALICIOUS - The campaign h...

5.5AI score

Exploits0References1

OSSF Malicious Packages•added 2026/06/10 5:21 p.m.•5 views

Malicious code in hello-dynamic (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 168dd7abca8ed812dcfb0119eaf80a2b05b186ee37a1e0c8f98e88f884a90602 Package attempts to test exploitation via legacy dependencylinks configuration --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages,...

OSV•added 2026/06/10 5:21 p.m.•8 views

Exploits0References1

MAL-2026-5518 Malicious code in hello-dynamic (PyPI)

OSSF Malicious Packages•added 2026/06/10 5:11 p.m.•8 views

Exploits0References1

Malicious code in requests-toolbelt-plus (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38c64ca050de4910f56bc4a652890b0a378082859cb62153762c6ae08b4b8eae The package impersonates the popular requests-toolbelt library but ships an empty requeststoolbeltplus/init.py and places its real logic in setup.py...

6.1AI score

OSV•added 2026/06/10 5:11 p.m.•9 views

MAL-2026-5519 Malicious code in requests-toolbelt-plus (PyPI)

6.1AI score

OSSF Malicious Packages•added 2026/06/09 9:42 p.m.•10 views

Malicious code in bittensor-emission-tracker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca5db94f9840938f43eca692c1176b72bbd94a2f86a694c3293853f39b886a2f The package advertises Bittensor subnet burn-rate monitoring but ships a Cython-compiled darwin.so core.cpython-310-darwin.so containing an...

OSV•added 2026/06/09 4:55 p.m.•10 views

MAL-2026-5457 Malicious code in tao-subnet-metrics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e068049248bc5c0b4fc56cb68f5453aedf6d6cb494df9d8bba82ccc2da3eb3ad Package advertises itself as a Bittensor TAO subnet burn-rate Telegram alert tool, but the compiled extension...

5.5AI score

OSSF Malicious Packages•added 2026/06/09 4:53 p.m.•8 views

Malicious code in ultimate-ai-power (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90499eb8f54fcc67c067ef7d5397153b4abfc5bbca9d96e7deb291152f49ed3f On import ultimateaipower, the package's top-level init.py collects the local username getpass.getuser and resolved host IP socket.gethostbyname and...

OSV•added 2026/06/09 4:53 p.m.•6 views

MAL-2026-5458 Malicious code in ultimate-ai-power (PyPI)

OSSF Malicious Packages•added 2026/06/09 10:15 a.m.•6 views

Malicious code in dstill (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 698645f1cbbe41dbe7b65f3cf373ed38f59cb59ca9cc0bb25bd9d175114f1762 On import spaysdata, init.py invokes mainentry which executes a multi-stage Windows infostealer with no relation to the package's advertised purpose ...

5.5AI score