MAL-2025-191862 Malicious code in saintone (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d762a42d55901a472c7070197cef989428ecb0140acfe02c72d719d74b430436 Code downloads and starts an executable widely recognized as malware, then sends some results to a Telegram webhook. --- Category: MALICIOUS - The campaign has...

Malicious code in saintone (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d762a42d55901a472c7070197cef989428ecb0140acfe02c72d719d74b430436 Code downloads and starts an executable widely recognized as malware, then sends some results to a Telegram webhook. --- Category: MALICIOUS - The campaign has...

CVE-2025-62363

yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the pathtoytdlp configuration setting. An attacker with write access to the configuration file or the filesyst...

CVE-2025-9068

A security issue exists within the Rockwell Automation Driver Package x64 Microsoft Installer File MSI repair functionality, installed with FTLinx. Authenticated attackers with valid Windows Users credentials can initiate a repair and hijack the resulting console window for vbpinstall.exe. This...

CVE-2025-9068

CVE-2025-9068 affects Rockwell Automation Driver Package x64 MSI repair functionality (installed with FTLinx). Authenticated Windows users can initiate a repair and hijack the console window for vbpinstall.exe, spawning a SYSTEM-level command prompt with full access to files, processes, and syste...

vim: Vim path traversial

A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive...

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js' Single Executable Application SEA feature as a way to distribute its payloads. According to Fortinet FortiGuard Labs, select iterations have also employed the open-source...

CVE-2025-45095

Lavasoft Web Companion also known as Ad-Aware WebCompanion versions 8.9.0.1091 through 12.1.3.1037 installs the DCIService.exe service with an unquoted service path vulnerability. An attacker with write access to the file system could potentially execute arbitrary code with elevated privileges by...

CVE-2025-45095

Lavasoft Web Companion also known as Ad-Aware WebCompanion versions 8.9.0.1091 through 12.1.3.1037 installs the DCIService.exe service with an unquoted service path vulnerability. An attacker with write access to the file system could potentially execute arbitrary code with elevated privileges by...

Malicious code in anothertestproject (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f9afc767fc8ba3416898082c5c16725f6006f89401be77366b8fdf487aeb51e5 Package contains a malicious executable and a function to start it. The executable is detected by AV and appears to be an infostealer --- Category: MALICIOUS -...

[SECURITY] Fedora 42 Update: civetweb-1.16-10.fc42

Civetweb is an easy to use, powerful, C C/C++ embeddable web server with optional CGI, SSL and Lua support. CivetWeb can be used by developers as a library, to add web server functionality to an existing application. It can also be used by end users as a stand-alone web server running on a Window...

GNU Binutils 缓冲区错误漏洞

GNU Binutils GNU Binary Utilities is a set of programming language utility programs developed by the American GNU community. The programs are primarily used to work with target files in a variety of formats, and provide connectors, assemblers, and other tools for target files and archives. A buff...

CVE-2025-62185

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...

CVE-2025-62185

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...

EUVD-2020-18386

Malware in sbrugna...

EUVD-2021-26923

Malware in sbrugna...

EUVD-2020-18857

Malware in sbrugna...

EUVD-2020-28655

Malware in sbrugna...

EUVD-2020-4779

Malware in sbrugna...

EUVD-2005-3224

Malware in sbrugna...