CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

296 matches found

OSSF Malicious Packages•added 2026/06/11 6:39 a.m.•9 views

Malicious code in coderzero (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bd26d5ae306572deded5926f2a32dd34de72377da3363cafc4c4026b9c5a93d When a user runs the coderzero CLI, the bundled Python client client/noderzero.py starts a clipboard monitor that polls pyperclip.paste every 300ms a...

5.5AI score

Exploits0References5

OSV•added 2026/06/09 9:42 p.m.•8 views

MAL-2026-5489 Malicious code in bittensor-emission-tracker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca5db94f9840938f43eca692c1176b72bbd94a2f86a694c3293853f39b886a2f The package advertises Bittensor subnet burn-rate monitoring but ships a Cython-compiled darwin.so core.cpython-310-darwin.so containing an...

5.7AI score

Exploits0References2

OSSF Malicious Packages•added 2026/06/09 4:55 p.m.•11 views

Malicious code in tao-subnet-metrics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e068049248bc5c0b4fc56cb68f5453aedf6d6cb494df9d8bba82ccc2da3eb3ad Package advertises itself as a Bittensor TAO subnet burn-rate Telegram alert tool, but the compiled extension...

5.5AI score

Exploits0References2

OSSF Malicious Packages•added 2026/06/08 3:33 p.m.•8 views

Malicious code in bittensor-burn-alert (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06e89dc9ff0a5d334b67a01c572c036b0740adf6d8669d2fa25c241a0c098116 The package advertises itself as a Bittensor subnet burn-rate monitor but bundles a covert clipboard surveillance daemon in its compiled core module...

5.7AI score

Exploits0References3

OSV•added 2026/06/08 10:41 a.m.•10 views

MAL-2026-5312 Malicious code in bt-burn-watch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94719a61950dd5cacc26b288c1fe8ef0d12f0e93720b4f1aa98cdf84ff148f0d Package advertises Bittensor subnet burn-rate monitoring but the compiled core module's own docstring describes itself as a 'clipboard logger +...

5.6AI score

Exploits0References2

OSV•added 2026/06/07 10:34 a.m.•10 views

MAL-2026-5293 Malicious code in clip-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0ee6244e4630a085f305c933f50283a232dda9e0d8e0ba3bab2bb880e53a736d The package contains code to steal clipboard content to a predefined remote location. If run in the right way, the code will periodically check the clipboard a...

5.6AI score

Exploits0References1

OSV•added 2026/05/19 5:4 p.m.•5 views

MAL-2026-4518 Malicious code in cheaty-sync-bot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45b192c71c59ccca1d9cc720372bd29f39eae8b5da4d572cd1e8312d6b57d6b4 cheaty-sync-bot ships a clipboard-sync CLI that hardcodes a single Telegram bot token index.js:10 owned by the package author. There is no...

6.3AI score

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfcliprdrprovidedata passed the freed pDstData to XChangeProperty. This was because the cliprdr channel thread called xfcliprdrserverformatdataresponse, which converted and used the clipboard data without...

9.8CVSS5.8AI score0.00567EPSS

Exploits1References1

OSSF Malicious Packages•added 2026/04/17 10:53 a.m.•6 views

Malicious code in lixxyly (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e3c0a4fef6764ec743cc96d88d10dbc9a33197300a3b916746ab5f5391ad6e96 Starting the module activates a hardcoded telegram bot allowing remote code execution, data exfiltration, collecting webcam photos, clipboard data, etc. ---...

6.2AI score

Exploits0References1

OSV•added 2026/04/17 10:53 a.m.•1 views

MAL-2026-2841 Malicious code in lixxyly (PyPI)

6.2AI score

Exploits0References1

OSSF Malicious Packages•added 2026/04/17 10:52 a.m.•6 views

Malicious code in shelipp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c745f1c7897e6075520af7c8d838b496c8af8814810ba86dafd64d09b3d24b97 Starting the module activates a hardcoded telegram bot allowing remote code execution, data exfiltration, collecting webcam photos, clipboard data, etc. ---...

6.2AI score

Exploits0References1

OSV•added 2026/04/17 10:52 a.m.•4 views

MAL-2026-2844 Malicious code in shelipp (PyPI)

6.2AI score

Exploits0References1

OSSF Malicious Packages•added 2026/04/17 10:50 a.m.•4 views

Malicious code in looopiw (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9d2af7de30ed37363dcd3ac8e41e0ff2987d97ec742dd973a2f95158c6f0f185 Starting the module activates a hardcoded telegram bot allowing remote code execution, data exfiltration, collecting webcam photos, clipboard data, etc. ---...

6.2AI score

Exploits0References1

OSV•added 2026/04/17 10:50 a.m.•3 views

MAL-2026-2842 Malicious code in looopiw (PyPI)

6.2AI score

Exploits0References1

OSV•added 2026/04/17 10:45 a.m.•3 views

MAL-2026-2839 Malicious code in sher-net (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f87dc8302df47889be1acee83b535b423d7f04e597ed61cca62dc2727f4d5d46 Starting the module activates a hardcoded telegram bot allowing remote code execution, data exfiltration, collecting webcam photos, clipboard data, etc. ---...

6.2AI score

Exploits0References1

OSV•added 2026/03/21 10:53 p.m.•6 views

MAL-2026-2020 Malicious code in aiolrucache (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8b847ab6789b3a3848d887f76adae74d05523dd4cb1a974372518679d27ed70e The package masquerades as a utility, but during import, code loads obfuscated modules with RAT- and spyware-like functionality, including: exfiltrating files,...

5.9AI score

Exploits0References1

OSV•added 2026/03/20 1:12 p.m.•3 views

MAL-2026-1999 Malicious code in cfgmgr-syn (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ea20f8a566abc23f4b1d13543234fad04a3f791af173dd3dd3024bd93c3308c9 The code exfiltrates content copied to clipboard content to a hardcoded location. The code is obfuscated and has a persistence mechanism. --- Category: MALICIO...

5.9AI score

Exploits0References1

NVD•added 2026/02/25 9:16 p.m.•3 views

CVE-2026-25959

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfcliprdrprovidedata passes freed pDstData to XChangeProperty because the cliprdr channel thread calls xfcliprdrserverformatdataresponse which converts and uses the clipboard data without holding any lock,...

9.8CVSS0.00567EPSS

Exploits1References9

OSV•added 2026/02/25 9:16 p.m.•2 views

UBUNTU-CVE-2026-25959

9.8CVSS5.8AI score0.00567EPSS

Exploits1References11