5453 matches found
MAL-2026-2948 Malicious code in leavemealone (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5628eb1d01e8eb7de8a582cd9ea85dff68eafde06f4e1164ae92842354db0bf7 During building the package, it executes encrypted code. The content is unclear as the decryption key bases on the local environment variable. Given leaving a...
PT-2026-33785
ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center...
CVE-2026-32105
xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks th...
Malicious code in solanakit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3e8770458eab636335241e359b6cee149cc00640fb2418b4462c89ec88accc93 During import, the code downloads and starts a malicious package hosted on GitHub. It then first ensures persistency e.g., through the autostart registry key...
MAL-2026-2837 Malicious code in solanakit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3e8770458eab636335241e359b6cee149cc00640fb2418b4462c89ec88accc93 During import, the code downloads and starts a malicious package hosted on GitHub. It then first ensures persistency e.g., through the autostart registry key...
Exploit for CVE-2026-29000
CVE-2026-29000: Proof of Concept PoC for pac4j-jwt Auth Bypa...
xrdp 安全漏洞
xrdp is an open-source remote desktop protocol server developed by Neutrinolabs. Versions of xrdp 0.10.5 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of verification of the message authentication code signature for encrypted RDP packets when the classic R...
Malicious code in chainutils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 149995e4a1c4d289fa58be2adcab4095dca7c429097ad6735afef8270e7e4cb3 During import, package triggers malicious code. First, it ensures persistency e.g., through the autostart registry key. Then, based on the encrypted config, an...
MAL-2026-2820 Malicious code in chainutils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 149995e4a1c4d289fa58be2adcab4095dca7c429097ad6735afef8270e7e4cb3 During import, package triggers malicious code. First, it ensures persistency e.g., through the autostart registry key. Then, based on the encrypted config, an...
MAL-2026-2819 Malicious code in pynosist (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ef7a4db1443361fe93b268c7ad8f38c5c290d5334162b57c2b534c97acbc2b5d The campaign is built from a benign-like package e.g. genosys and the malicious dependency e.g. pynosist. The dependency uses a PTH file to trigger malicious...
Malicious code in genosys (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2fb27cde30ea3d834e3160e37c203a1f8a271435cf92316a990766c5b8b9791c The campaign is built from a benign-like package e.g. genosys and the malicious dependency e.g. pynosist. The dependency uses a PTH file to trigger malicious...
MAL-2026-2818 Malicious code in genosys (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2fb27cde30ea3d834e3160e37c203a1f8a271435cf92316a990766c5b8b9791c The campaign is built from a benign-like package e.g. genosys and the malicious dependency e.g. pynosist. The dependency uses a PTH file to trigger malicious...
dotnet: .NET: Denial of Service via stack overflow
A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...
dotnet: .NET: Security Bypass and Denial of Service Vulnerability
A flaw was found in .NET. A remote attacker could exploit a vulnerability related to unsafe transforms in EncryptedXml. This could lead to a Denial of Service DoS, making the service unavailable, and a bypass of security features...
dotnet: .NET: Denial of Service via stack overflow
A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...
dotnet: .NET: Denial of Service via stack overflow
A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...
dotnet: .NET: Security Bypass and Denial of Service Vulnerability
A flaw was found in .NET. A remote attacker could exploit a vulnerability related to unsafe transforms in EncryptedXml. This could lead to a Denial of Service DoS, making the service unavailable, and a bypass of security features...
dotnet: .NET: Denial of Service via stack overflow
A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...
dotnet: .NET: Security Bypass and Denial of Service Vulnerability
A flaw was found in .NET. A remote attacker could exploit a vulnerability related to unsafe transforms in EncryptedXml. This could lead to a Denial of Service DoS, making the service unavailable, and a bypass of security features...
dotnet: .NET: Denial of Service via stack overflow
A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...