MAL-2026-2555 Malicious code in api-feature (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c86a3079da8157aef32d5d4c4f2420239981a142fc1150eb0ac2e695be2779e9 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

EUVD-2021-17402

Malware in sbrugna...

EUVD-2023-34359

Malicious code in bioql PyPI...

EUVD-2021-6694

Malicious code in bioql PyPI...

Path traversal

An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverag...

Buffer overflow

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input validation in the authentication module of the...

Ubiquiti Inc.: Privilege Escalation using API->Feature

EdgeOS version 1.9.1.1 and prior, consequence of the lack of validation on the input of the Feature functionality, an attacker with access to an operator read-only account and ssh connection to the devices, can escalate privileges to admin root access in the system. The EdgeRouter X firmware...

Fedora 23 : rolekit-0.4.0-4.rc1.fc23 (2015-14897)

rolekit-0.4.0-3.rc1.fc23 - Added support for installing roles through kickstart - Added support for providing setting values through stdin - Enabled deploying Domain Controller and Database Server with no mandatory options - New API feature: sanitize which will remove sensitive information from t...