Malicious code in mflux-streamlit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27ef4c7f33e59dbe037d4b212286dd08cb7b1824c28c0032eb2d91db7a2b0174 Versions 0.0.3, 0.0.4 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

CVE-2020-37232

Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSyst...

CVE-2020-37232

Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSyst...

CVE-2026-31251

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its gRPC server component. When the server starts, it loads the speech synthesis model from a user-specified directory using torch.load without enabling the...

VIM Plugin Persistence

This module creates a VIM Plugin which executes a payload on VIM startup. Module Options msf use exploit/linux/persistence/vimplugin msf exploitvimplugin show targets ...targets... msf exploitvimplugin set TARGET msf exploitvimplugin show options ...show and set options... msf exploitvimplugin...

PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading

PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.specfromfilelocation and immediately executes module-level code via spec.loader.execmodule without explicit user consent,...

GHSA-2G3W-CPC4-CHR4 PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading

PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.specfromfilelocation and immediately executes module-level code via spec.loader.execmodule without explicit user consent,...

CVE-2026-40156

PraisonAI before 4.5.128 loads a file named tools.py from the CWD using importlib, executing module-level code without explicit consent, validation, or sandboxing. Merely having tools.py in the working directory triggers code execution, bypassing configuration references. This creates a local, im...

Python Supply-Chain Compromise

This is news: A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file litellminit.pth, 34,628 bytes which is automatically executed by the Python interpreter on every startup, without...

GHSA-42MX-VP8M-J7QH OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup

Summary OpenShell mirror mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real on shipped = 2026.3.28 - First stable tag...

LiteLLM 1.82.7 / 1.82.8 Supply Chain Compromise (GHSA-5mg7-485q-xm76)

The version of the LiteLLM Python package installed on the remote host is 1.82.7 or 1.82.8. These versions were published to PyPI by a threat actor known as TeamPCP using compromised maintainer credentials obtained through the Aqua Security Trivy supply chain attack. The malicious releases contai...

Embedded Malicious Code

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Embedded Malicious Code. Vulnerable releases of this package were compromised with malicious code that conceals a multi-stage credential stealer and persistent backdoor. A...

CVE-2026-25635

calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows haven't tested on other OS's, this can lead to Remote Code Execution by writing a payload to the Startup...

CVE-2020-37037

Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem account...

CVE-2020-37058

Andrea ST Filters Service 1.0.64.7 contains an unquoted service path vulnerability in its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code that will execute with elevated LocalSystem privileges during service startup...

CVE-2020-37016

BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that allows local attackers to execute code with elevated privileges during system startup. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will run with LocalSystem...

PT-2026-5290

BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that allows local attackers to execute code with elevated privileges during system startup. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will run with LocalSystem...

CVE-2020-36974

Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files\IDT\WDM\AESTSr64.exe' to inject malicious code that would...

EUVD-2020-30875

Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files\IDT\WDM\AESTSr64.exe' to inject malicious code that would...

PT-2026-4783

IDT PC Audio 1.0.6499.0 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the STacSV service to inject malicious code that would execute with LocalSystem account...