10 matches found
MAL-2026-5302 Malicious code in nhmpy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34db1950ee9bdf9c75ae9bb2436085bbb443107321d8d7056a0bf3b8fae36978 The package is published as 'nhmpy' on PyPI but its contents are a verbatim copy of NumPy 2.4.6: the same source tree, docstrings, and license files...
Malicious code in spateo-release (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 21400e8510d0663de6c3a4454fe99d9200cb83ae8d1ecdc137c99f3668da4293 Versions 1.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...
MAL-2026-5280 Malicious code in bramin (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fb2ac40fcb4626c5e7dea5e26951bc0965b39a1eb721c1a8f23846f421a5827 bramin ships a bramin-setup.pth file that Python auto-executes at every interpreter startup system-wide, not only when bramin is imported. The.pth...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...
Malicious code in xinference (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1d006f6a08c959393160456d4ace221fd165b6d609fc8356ebfb041979aef93d Versions 2.6.0, 2.6.1, 2.6.2 were compromised. Following a malicious pull request that exfiltrated sensitive data from the CI runner, three malicious PyPI...
CVE-2026-33340
LoLLMs WEBUI (lollms-webui) contains a critical SSRF in the /api/proxy endpoint (POST) that allows unauthenticated attackers to force the server to perform arbitrary GET requests. Root cause: server-side request execution via an unauthenticated endpoint; impact includes access to internal service...
MAL-2026-610 Malicious code in snapshot-date (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8e86008d35e5f11e68c465940563127cdc9ba1d4b2963f092914bf8e9ce2587b This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
Malicious code in hellospa (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 276fd70d8b56465c07e6a06281b93ef014fcab93ce00be738e645501713dbdda Package exfiltrates credentials, env variables and other sensitive data on running. Notably, exfiltrated cloud credentials were immediately checked from a remo...
MAL-2025-191903 Malicious code in time-server-analyzer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 95abdeda4b05cb93bb442d77d1b339498503b1fddb72e3579359f39c5952513b This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...
MAL-2025-191677 Malicious code in alicloud-client-sdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 59563b61e548ff83488a4940e0511825ebf1a2d0995c83e0056e07fd7a4bd782 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...