MAL-2026-934 Malicious code in telebot-infoe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4dadd8bb17144a1726c97ec0472de592532f72b8c57fdd87ce1364e43241832d The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

MAL-2026-935 Malicious code in telebot-infoo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a00053312897920b40040788f68a209b63c061000ec349ab3e705675bada499 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

Malicious code in telebot-infe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 590d96b39de125e4d96c7b88fdc57ef5257eddbf8277011e51c84e1500302aaf The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

MAL-2026-930 Malicious code in telebot-info (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 61aec9d37a402659928293fb6a151f72f9de1194a73a519f7e1595e5ed5b719b The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

MAL-2026-898 Malicious code in magicwolf (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3d4f256ccd65da42e297351fbc7c15d4f3b25789c362d0d3419d580c4e07bf34 The package is prepared to download a hardcoded executable and save it in %LOCALAPPDATA% under a very generic name, clearly aiming to hide its existence. Code ...

MAL-2025-193013 Malicious code in tablixs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 46731b2531e50115b70ae49abbd4bd1abb55f364a4cc2d8234c749f750883359 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

CVE-2026-1971

A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wizWISP24gmanual of the file wizWISP24gmanual.asp. Such manipulation of the argument manualssid leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public...

Malicious code in statssol (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 578ffe3c11af717c95f71893133a46e8e418742109d414583b3ccc5044fa3a99 On importing the module, a remote code is executed. At the moment of analysis, the remote URL did not return any valid script, presumably as the package was...

MAL-2026-738 Malicious code in tablescene (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 75f24eaea6c977e93d35c431f9bedc66b7757fd5c5635425c28801dad3b50de9 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

Malicious code in tablescene (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 75f24eaea6c977e93d35c431f9bedc66b7757fd5c5635425c28801dad3b50de9 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

CVE-2020-37087

Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input...

CVE-2020-37087

Easy Transfer Wifi Transfer v1.7 for iOS is affected by a persistent XSS due to improper input validation in Create Folder and Move/Edit, exploitable via POST requests by manipulating oldPath, newPath, and path parameters. The issue enables arbitrary JavaScript execution in the mobile web context...

EUVD-2026-5166

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

CVE-2025-61638

A flaw was found in MediaWiki. This vulnerability, identified as Cross-site Scripting XSS, allows a remote attacker to inject malicious scripts into web pages due to improper neutralization of input during web page generation. When a user views an affected page, the malicious code can execute in...

CVE-2025-61636

A flaw was found in MediaWiki. This vulnerability, known as Cross-site Scripting XSS, occurs due to improper handling of user-supplied input during web page generation. A remote attacker could exploit this by injecting malicious scripts into web pages, potentially leading to information disclosur...

Malicious code in tabulapys (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f43be05d02e16c7d381e105a4eae9a2701039d29435e6d83cb982f607bda623d Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

Malicious code in tableapys (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2aff2faef3705b6233a6df3d6b39f4f9b88ff522aa7c343cd8d36eb1a40405d6 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

CVE-2025-61642

A flaw was found in MediaWiki. This improper neutralization of input during web page generation, also known as Cross-site Scripting XSS, allows a remote attacker to inject malicious scripts into web pages viewed by other users. This can lead to information disclosure or other client-side attacks...

CVE-2025-6594

A flaw was found in MediaWiki. This improper neutralization of input during web page generation, commonly known as Cross-site Scripting XSS, allows a remote attacker to inject malicious scripts into web pages. This can lead to information disclosure, session hijacking, or arbitrary code execution...

MAL-2026-650 Malicious code in tableapy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7adeff5bc226723e8e3241a36596e3e99094553770deda5e89ac8caf7c0e0f01 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...