18 matches found
EUVD-2025-29795
Malicious code in bioql PyPI...
EUVD-2025-29969
Malicious code in bioql PyPI...
EUVD-2022-42998
Malicious code in bioql PyPI...
Malicious code in pyxhttp (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in compressa (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0cabf2172928d772d626ba857400e15f273fc925a9ff75e7f655ce461e9be498 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
Malicious code in libccreplacemask (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx cb06c066cbc0157e238ca06eee3d2bb5b450290d53bb067f57221d7931efe0b1 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in selfregamelgtb (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7255c9ee92643e4ad4b0dad0d32e3da94748940662028672f32b0cf49a0540bb EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in py-pyurlget (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 004aa98b7242b71f0449205d92da2c0aa27cb2f2ab63c728b5cc54bf74af3614 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in selfvirtualhackedhttp (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx f29df5c4947733eed51e2137022ca1dfb40714b64dc31dec79d903e46187930a EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in selfmasksuper (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9a6221bae60f80a0a522d84d294664b97275c65f736fbd81ada38ebeb58d5760 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in libintelpaypal (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 27fd1a52fcf831f74a9b6519a443d2e419f8d69b9f3f3c3ef6c129b9a044352c EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in selfcvmc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 41c804bda73ab0198bf6b99c45bc9afa61ecb2274cb3186b17e66db33bdabfa2 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in urlgame (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx e7082ccff907fd58ef34fa3019f38f6d6ffc1fe08ea5c338d78df1ae25a4e6cd EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in gameload (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 50583ef0d3a8a456638dcb3d9cb381e00a45a8c18a5061e6ae1fba11060b42a2 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in beautifulsop4 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6af2e8f4adec980c99435be70ee4ffbf7ca18a0234c40216d1de2fa8c39dd4f3 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
CVE-2022-40809
The d8s-dicts for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...
CVE-2022-31518
The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
PocCollect
This is a Python-based proof-of-concept POC collection repository. The repository contains a variety of POCs for different vulnerabilities, including Struts2, Heartbleed, and Java Deserialization. The POCs are designed to be used for educational purposes only and should not be used for malicious...