EUVD-2021-28193

Malicious code in bioql PyPI...

EUVD-2023-31806

Malicious code in bioql PyPI...

EUVD-2023-0263

Malicious code in bioql PyPI...

EUVD-2022-26888

Malicious code in bioql PyPI...

EUVD-2023-52186

Malicious code in bioql PyPI...

Fedora 43 : python-pip (2025-b108c70b29)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-b108c70b29 advisory. Security fix for the bundled urllib3 for CVE-2025-50181, rc3 bytecode rebuild. Tenable has extracted the preceding description block directly from the Fedora...

CVE-2025-59042

PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryptio...

SUSE CVE-2025-59042

PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryptio...

GHSA-P2XP-XX3R-MFFC PyInstaller has local privilege escalation vulnerability

Impact Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryption while this entry is still present in sys.path, an application built with...

Linux Distros Unpatched Vulnerability : CVE-2017-14749

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JerryScript 1.0 allows remote attackers to cause a denial of service jmemheapallocblockinternal heap memory corruption or possibly execute arbitrary code via a...

CVE-2025-59042 PyInstaller has local privilege escalation vulnerability

PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryptio...

CVE-2025-59042

CVE-2025-59042 is a PyInstaller-related issue. In PyInstaller builds older than 6.0.0, the bootstrap process appends a special entry to sys.path and may load an optional bytecode-decryption module, enabling an unprivileged attacker to execute arbitrary Python code if they can place a file/dir nex...

CVE-2025-59042 PyInstaller has local privilege escalation vulnerability

PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryptio...

PT-2025-36997

Name of the Vulnerable Software and Affected Versions: PyInstaller versions prior to 6.0.0 Description: PyInstaller packages Python applications and their dependencies into a single package. A specially crafted entry appended to sys.path during the bootstrap process of a PyInstaller-frozen...

Linux Distros Unpatched Vulnerability : CVE-2021-41041

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a...

Linux Distros Unpatched Vulnerability : CVE-2021-32495

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Radare2 has a use-after-free vulnerability in pyc parser's getnoneobject function. Attacker can read freed memory afterwards. This will allow attackers to cause...

Bytecode Alliance Wasmtime 安全漏洞

Bytecode Alliance Wasmtime is a standalone WebAssembly and WASI-only wasm optimization software open-sourced by Bytecode Alliance. A security vulnerability exists in Bytecode Alliance Wasmtime versions prior to 24.0.4, 33.0.2, and 34.0.2, which stems from a WASIp1 implementation flaw that could...

Decompiling Smart Contracts with a Large Language Model

The widespread lack of broad source code verification on blockchain explorers such as Etherscan, where despite 78,047,845 smart contracts deployed on Ethereum as of May 26, 2025, a mere 767,520 1% are open source, presents a severe impediment to blockchain security. This opacity necessitates the...

PhishingHook: Catching Phishing Ethereum Smart Contracts Leveraging EVM Opcodes

The Ethereum Virtual Machine EVM is a decentralized computing engine. It enables the Ethereum blockchain to execute smart contracts and decentralized applications dApps. The increasing adoption of Ethereum sparked the rise of phishing activities. Phishing attacks often target users through...

Insecurity through Obscurity: Veiled Vulnerabilities in Closed-Source Contracts

Most blockchains cannot hide the binary code of programs i.e., smart contracts running on them. To conceal proprietary business logic and to potentially deter attacks, many smart contracts are closed-source and employ layers of obfuscation. However, we demonstrate that such obfuscation can obscur...