Malicious code in thread-pipeline-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2d7de9849aa6d6194b8d6fdf574c6c56c3de7cb75ad338f2428fc7f1374e4280 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-810 Malicious code in thread-pipeline-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2d7de9849aa6d6194b8d6fdf574c6c56c3de7cb75ad338f2428fc7f1374e4280 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in p7zip-full (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 af6725a21a64c36ce8e101fd062bb45cb87fdb8cb62df47538390c6c1fc4323c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in securedrop-workstation-dom0-config (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a496fb67ea100acce3d945e16e2d50d6d3181a322017f80cdf8c01006a49aade Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-590 Malicious code in pytorch-mutex (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4959fc9ffb04b2e53d068fa3e6564a21dd3bd4b6374324416a643c3e58ebe330 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in solhint-plugin-hyperlane (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5f1d66ba0771661e6786da7d4953af3fc1ff1e280d1c666abd1e69e481274747 Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

GHSA-6R62-W2Q3-48HF BentoML has a Path Traversal via Bentofile Configuration

Summary BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript, docker.dockerfiletemplate, conda.environmentyml. An attacker can craft a malicious bentofile that, when built by a victim, exfiltrates arbitrary files fr...

BentoML has a Path Traversal via Bentofile Configuration

Summary BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript, docker.dockerfiletemplate, conda.environmentyml. An attacker can craft a malicious bentofile that, when built by a victim, exfiltrates arbitrary files fr...

Directory Traversal

Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Directory Traversal via the processing of user-supplied file paths in configuration fields description, docker.setupscript, docker.dockerfiletemplate, and conda.environmentyml...

Malicious code in test-poc-package-for-session (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9f768feb5a11add4d0ac64d8f24777461d3586e719a57d4432711ee6aae4f112 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

Malicious code in test-poc-package-for-session-2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0b7003b7bd9585bbb25ce1f957ffef83603883d550f07f77443780a7d47a7f20 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

MAL-2026-446 Malicious code in code-transfering-4 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f49b12f95d153280889b4da45b5de3017f21159ad06622092779705ad22e855c Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

MAL-2026-442 Malicious code in xadauiom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 64051fbf2528075ff707f512002bce043db1a535723bd677e6fcde0f53f7cafa Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in medifile (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5c005d95a9b1b91118e9306168ce69163190184714fe53c65b7ba716e867c8da Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-250 Malicious code in transitive-req (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d7b45680b49152176403af486a0af997c20d1eaa8179a69b8e5c3ee65a41e35a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in accesspdp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 11c8d523da4caf20e4a8a37285ab51a94173b2270777bb074878fdec62dee115 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-192947 Malicious code in crypo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3a0850548e71807fb514fcd1943f55f7c3bd6408086ff7a495d7df628a083db9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in lanchain-openai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4c312361541ed240dabd6df1f9cb9ed856a718dc8c8881f43bbacb429807e303 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in f5-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dc7c52cb0573811c8391ab93a1a04c99826ebc3fffb98aa82cfe8deb4e58fc1d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-192608 Malicious code in f5-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dc7c52cb0573811c8391ab93a1a04c99826ebc3fffb98aa82cfe8deb4e58fc1d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...