656 matches found
MAL-2026-4221 Malicious code in selfservsweeper (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81843a6f21fe31627b1e97fdb8ffe41789c1f921c60512347bbf2b0c2fb30121 Package self-describes as a 'Touch-friendly Minesweeper overlay for NCR SelfServ kiosks', but the advertised CLI entrypoints selfservsweeper,...
MAL-2026-4360 Malicious code in @aledan007/tester (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab03e3eef2f59f358cdaacedf2d9facb12077110c5402ad36aad6e3581e66439 The bundled server file dist/server/index.js contains a hardcoded reference to the attacker-controlled domain https://evil.attacker-example.com...
MAL-2026-4603 Malicious code in lynx-keeper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc28f02ae68bf5a1a57af8662180d7a8a040e6f32ad87abde9acdae508070189 On require, dist/index.js executes a hex-obfuscated harvester that reads /.aws/credentials, /.aws/config, /.ssh/idrsa, /.ssh/ided25519, /.ssh/config,...
Malicious code in superacli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c45fea405a610447f72926e8663afc4151606f39189d380bf929ad09419908b plugins/gopass/daemon.js opens an outbound WebSocket connection to a hardcoded bare IP ws://92.113.145.178:8768 defaulted via process.env.GOPASSUIURL...
MAL-2026-4674 Malicious code in superacli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c45fea405a610447f72926e8663afc4151606f39189d380bf929ad09419908b plugins/gopass/daemon.js opens an outbound WebSocket connection to a hardcoded bare IP ws://92.113.145.178:8768 defaulted via process.env.GOPASSUIURL...
EUVD-2026-30950
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter...
Malicious code in pyenvprep (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 963727b60e7fa8536050eb0f4691dc8bec6089567630063305d05ddceb4834cd Package contains code to silently execute a RAT-like agent, allowing the attacker to access the file system and execute arbitrary code. --- Category: MALICIOUS...
Malicious code in venv-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9af11c23295a9a592b6fd62d62490669a752ab6dc6c0b755ebd068ec6371375f Package contains code to silently execute a RAT-like agent, allowing the attacker to access the file system and execute arbitrary code. --- Category: MALICIOUS...
MAL-2026-3803 Malicious code in venv-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9af11c23295a9a592b6fd62d62490669a752ab6dc6c0b755ebd068ec6371375f Package contains code to silently execute a RAT-like agent, allowing the attacker to access the file system and execute arbitrary code. --- Category: MALICIOUS...
GHSA-FM77-94QM-4894 Crabbox: environment variable exposure vulnerability
Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens, cloud credentials, and broker tokens into the remote command environment. Attackers can exploit...
EUVD-2026-30418
Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens, cloud credentials, and broker tokens into the remote command environment. Attackers can exploit...
MAL-2026-3698 Malicious code in trickery (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3ad5df28c8d5f5afa377d6b54a7eac1d3110610783c7e62fbd084a0bd49baac5 Package contains code to install a backdoor - and additionally to a user-controlled backdoor, it also installs the second, with own C2 server. It's not...
MAL-2026-3777 Malicious code in vue-template-compiler-plugin (npm)
Full C2 implant disguised as vue-template-compiler fork. postinstall-run.cjs loads tooling-bootstrap.cjs which contains base64-encoded C2 agent. Decoded payload: registers victim hostname, username, OS to Cloudflare tunnel C2 at maiden-apply-looks-education.trycloudflare.com, beacons for tasks,...
Malicious code in openai-spellcheckers (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 195e6ac284c1a3e97b7683250a5514ed89d903819d2a3c97987782d4725e0e9f Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
MAL-2026-3638 Malicious code in openai-spellcheckers (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 195e6ac284c1a3e97b7683250a5514ed89d903819d2a3c97987782d4725e0e9f Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
Malicious code in ai-spellcheckers (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 205425d7a8407b8bed958a99660e2ec74e21f9b0e1427659529636347333c5c9 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
Malicious code in openai-spellchecker (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 13911c4c1e0334b4e4d972e3b3256a08f8991d3935d74086c252ed085d3984a0 The package hides code to download and execute a next-stage payload, which then communicates with C2 and listens for next code parts. In the analyzed version,...
MAL-2026-3429 Malicious code in openai-spellchecker (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 13911c4c1e0334b4e4d972e3b3256a08f8991d3935d74086c252ed085d3984a0 The package hides code to download and execute a next-stage payload, which then communicates with C2 and listens for next code parts. In the analyzed version,...
Malicious code in test-py-conn (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7e39e3b24f15db8e5eff412ba6cb217986b6f80b6923712abd1efee4cf79a7ed The code automatically starts a worker designed to survive the exit of the main process. The worker load code from a PYC file which then connects to pre-define...
MAL-2026-3356 Malicious code in test-py-conn (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7e39e3b24f15db8e5eff412ba6cb217986b6f80b6923712abd1efee4cf79a7ed The code automatically starts a worker designed to survive the exit of the main process. The worker load code from a PYC file which then connects to pre-define...