34 matches found
MAL-2026-6230 Malicious code in django-auth-middleware-plus (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cf58978ba5eec5220b4b4d85966efff31d31d164ff103f98dfd627381e061ec On import, djangoauthmiddlewareplus/init.py spawns a daemon thread that POSTs a JSON payload containing the host's hostname, username, cwd, environme...
MAL-2026-5519 Malicious code in requests-toolbelt-plus (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38c64ca050de4910f56bc4a652890b0a378082859cb62153762c6ae08b4b8eae The package impersonates the popular requests-toolbelt library but ships an empty requeststoolbeltplus/init.py and places its real logic in setup.py...
CVE-2026-52755 Ghidra < 12.0.4 - Path Traversal via Zip Slip in Theme Import
Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensiti...
EUVD-2026-36014
Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensiti...
PT-2026-48415
Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensiti...
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
A previously undocumented Linux implant codenamed Quasar Linux RAT QLNX is targeting developers' systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and...
OSEC-2026-03 opam install sandbox escape
Summary .install files do not validate whether they are inside the package area, and so can bypass sandboxing. Exploit In a package.install file, this installs a file as /.bashrc: bin: "payload.sh" "../../../.bashrc" Timeline - 2026-04-11: Anil forwarded the issue from Andrew Nesbitt to the OCaml...
CVE-2026-32116
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...
EUVD-2026-11643
Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite...
Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite
Impact What kind of vulnerability is it? Who is impacted? Receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This could be used to compromise the receiver's computer. Only the sender of the file th...
UBUNTU-CVE-2026-32116
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...
CVE-2026-32116
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...
CVE-2026-32116 Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...
CVE-2026-32116 Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...
PT-2026-25032
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorized keys and .bashrc. This...
Do Not Allow Hidden Executable Files
In Linux, the name of a hidden file starts with a dot .. Hidden executable files are not allowed in the system. Note that . and . are not hidden files. They refer to the current directory and upper-level directory, respectively. The .bashrc, .bashprofile, and .bashlogout files are script files us...
Malicious code in catme (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7b5df44af9cbed7b8a7112f36f9c99b466e9143b36d62fd43e4caf480df811d0 Importing the module starts executing a remote script, as well as leaves a persitance in the .bashrc --- Category: MALICIOUS - The campaign has clearly malicio...
Malicious code in driftme (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4db40025175947d42bcca75bc2f04d0dab05379e9e84108c40de1cda6a854604 Importing the module starts executing a remote script, as well as leaves a persitance in the .bashrc --- Category: MALICIOUS - The campaign has clearly malicio...
MAL-2024-12230 Malicious code in catme (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7b5df44af9cbed7b8a7112f36f9c99b466e9143b36d62fd43e4caf480df811d0 Importing the module starts executing a remote script, as well as leaves a persitance in the .bashrc --- Category: MALICIOUS - The campaign has clearly malicio...
MAL-2024-12259 Malicious code in driftme (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4db40025175947d42bcca75bc2f04d0dab05379e9e84108c40de1cda6a854604 Importing the module starts executing a remote script, as well as leaves a persitance in the .bashrc --- Category: MALICIOUS - The campaign has clearly malicio...