17266 matches found
EUVD-2026-14990
sbt: Source dependency feature via crafted VCS URL leads to arbitrary code execution on Windows...
Linux Distros Unpatched Vulnerability : CVE-2026-33192
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a...
GO-2026-4802 Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal in github.com/siyuan-note/siyuan/kernel
Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal in github.com/siyuan-note/siyuan/kernel...
GO-2026-4777 Juju has unauthorized access to out-of-scope Kubernetes secrets in github.com/juju/juju
Juju has unauthorized access to out-of-scope Kubernetes secrets in github.com/juju/juju...
Malicious code in apply-hive-table (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cd10a24231fb7b6830827a26ee11d450938fce94e811f0c233c6a63a8e3c98d9 In specific environments, during installation, the package attempts to exfiltrate some basic information using DNS requests and then cover tracks by installing...
MAL-2026-2112 Malicious code in apply-hive-table (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cd10a24231fb7b6830827a26ee11d450938fce94e811f0c233c6a63a8e3c98d9 In specific environments, during installation, the package attempts to exfiltrate some basic information using DNS requests and then cover tracks by installing...
Malicious code in pyregions-snowflake (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4c3a6759d779c0fe3ffac5559aa5f8915f72cab6bce545e1fe261f3caab47a65 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments - in older packages - attempts to...
MAL-2026-2106 Malicious code in dmclc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 895439e6afba407fb85d315e2c99f0d1434905a1ee72b172e62d55abbb8c93a3 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments - in older packages - attempts to...
Malicious code in dmclc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 895439e6afba407fb85d315e2c99f0d1434905a1ee72b172e62d55abbb8c93a3 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments - in older packages - attempts to...
Malicious code in modelconftranslator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6f61fcbf30122cbf577490fab3968c6b41f95d4d23f6916a7211066bd735ff6e During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments - in older packages - attempts to...
MAL-2026-2108 Malicious code in modelconftranslator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6f61fcbf30122cbf577490fab3968c6b41f95d4d23f6916a7211066bd735ff6e During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments - in older packages - attempts to...
Malicious code in financial-crimes-general-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 21f201c2aada618cb80f926b029f6b83b3f3bd9ffd0b35d5a4bb0c3aa1afd792 In specific environments, during installation, the package attempts to exfiltrate some basic information using DNS requests and then cover tracks by installing...
Malicious Package
Overview shakti-pwa is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Command Injection
MCP Watch is vulnerable to Command Injection. The vulnerability is due to unsanitized user input being passed to execSync in the cloneRepo method, which allows an attacker to append shell metacharacters to the URL and execute arbitrary commands on the host system...
CTF As a Service: A Reproducible and Scalable Infrastructure for Cybersecurity Training
Capture The Flag CTF competitions have established themselves as a highly effective pedagogical tool in cybersecurity education, offering students hands-on experience in realistic attack and defense scenarios. However, organizing and hosting these events requires considerable infrastructure effor...
Malicious code in tui-ascii-art (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4358458e150317ab394c6dd2d0137a8c395a32bae309cc1bfd829f123dab1393 These packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious...
MAL-2026-2113 Malicious code in gcpipwrap (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 af8d2f3dec668a16adf691aa26e16be82e62c2cdf993da1f4ff4afaceac30e92 These packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious...
MAL-2026-2115 Malicious code in nspack (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7741f090145e1e4bbd7998edba9c8151bd5dd3380adaa430e8f05cb2c814396f These packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious...
CVE-2026-33192
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...
CVE-2026-33068
Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set...