Malicious code in testt-abc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 96ed384307759dfae8ac9925fd7299430dbd8e7ff3bc2cb3123c2e9a141c0666 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2025-9644

A vulnerability was determined in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/billsetup.php. Executing manipulation of the argument txtBillType can lead to sql injection. It is possible to launch the attack remotely. The...

CVE-2025-9599

A weakness has been identified in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/monthsetup.php. Executing manipulation of the argument txtMonthName can lead to sql injection. The attack can be launched remotely. The...

Privilege Escalation

github.com/operator-framework/operator-sdk is vulnerable to Privilege Escalation. The vulnerability is due to the usersetup script setting /etc/passwd to group-writable, allowing attackers to modify it and gain root privileges within the container...

Malicious code in w3shi-h1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 47a1a62947736a51ca9d7d239d8533828679c6e1597205b6316ee4a9af95a41a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in package-346234294 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c9741d027897445cdd34a40de0f592a42641170b88a9cbab6cee3dbaaeeedb39 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

MAL-2025-191807 Malicious code in package-346234294 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c9741d027897445cdd34a40de0f592a42641170b88a9cbab6cee3dbaaeeedb39 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

CVE-2025-50124

A CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation when the server is accessed by a privileged account via a console and through exploitation of a setup script...

CVE-2025-50124

A CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation when the server is accessed by a privileged account via a console and through exploitation of a setup script...

CVE-2025-50124

A CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation when the server is accessed by a privileged account via a console and through exploitation of a setup script...

CVE-2025-50124

CVE-2025-50124 affects Schneider Electric EcoStruxure IT Data Center Expert (DCE) prior to version 9.0 (8.3 and earlier). The vulnerability stems from a Charon executable/configuration that can be abused by a low-privileged attacker to gain root privileges, enabling privilege escalation via local...

PT-2025-29225 · Apache · Apache Server

Name of the Vulnerable Software and Affected Versions: Apache Server affected versions not specified Description: An Improper Privilege Management issue exists that could allow privilege escalation when the server is accessed by a privileged account via a console and through exploitation of a set...

Shr3dKit

This is a Red Team Tool Kit repository, specifically designed for penetration testing and red teaming activities. The tool kit is influenced by infosecn1nja's kit and includes a wide range of tools for reconnaissance, weaponization, and delivery. The repository contains a total size of 2.5+Gb and...

GHSA-RM69-WVPV-R2W7 Kedro allows Remote Code Execution by Pulling Micro Packages

In kedro-org/kedro version 0.19.8, the pullpackage API function allows users to download and extract micro packages from the Internet. However, the function projectwheelmetadata within the code path can execute the setup.py file inside the tar file, leading to remote code execution RCE by running...

PT-2025-6196 · Mentor Graphics · Modelsim +1

Name of the Vulnerable Software and Affected Versions: ModelSim versions prior to V2025.1 Questa versions prior to V2025.1 Description: A vulnerability has been identified that allows an authenticated local attacker to inject arbitrary code and escalate privileges. This is possible because an...

Malicious code in bettercolorstesting (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 607fc60886a9983c22c65cd01bb93585f27b0830f203f3b3b181ff12026ea036 Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...

Malicious code in botoceor (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8bf39054053dfe99fc83c836bb407659d11241cc09f2572a72524d980b9c5914 During installation, a cryptominer is secretly installed and started. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

MAL-2024-12359 Malicious code in test-packages1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5c5608702af52a2ca19f0b384036f76248848f4b4ddbe582631d85b3f5e77dca Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

Malicious code in dependency00011124931 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8fa6dafeedc48e6511a70676806da412d047f7f235f471a29c98afb9931cbbf2 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

Malicious code in get-time-zzs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 32b5c264a16b0327f601265edb8f3d69b915695ab82d184c724d5e79d32d3f11 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...