7735 matches found
Malicious code in pymnemonic (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 459bd254a36d9b8c78d96285e0c0aedb285b08f22900e022ea67988f3cb98e92 Malicious clone of the legitimate python-utils package, disguised as a crypto-related helper. The malicious code modification exfiltrates sensitive env variabl...
MAL-2026-1438 Malicious code in pymnemonic (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 459bd254a36d9b8c78d96285e0c0aedb285b08f22900e022ea67988f3cb98e92 Malicious clone of the legitimate python-utils package, disguised as a crypto-related helper. The malicious code modification exfiltrates sensitive env variabl...
Malicious code in do-not-install-this-package-004 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 155862095ddb7d3410298aef76abdda3e7eeaf5609b72f97c30790c317b8d1cb During installation, the package exfiltrates env variables and data from different process memory to a remote location --- Category: MALICIOUS - The campaign h...
MAL-2026-1436 Malicious code in do-not-install-this-package-004 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 155862095ddb7d3410298aef76abdda3e7eeaf5609b72f97c30790c317b8d1cb During installation, the package exfiltrates env variables and data from different process memory to a remote location --- Category: MALICIOUS - The campaign h...
OESA-2026-1592 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP...
CVE-2026-32772
telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...
CVE-2026-32772
telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...
CVE-2026-32772
telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...
CVE-2026-32772
telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...
EUVD-2026-11716
Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL...