Malicious code in thisismytestnouser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c2f082ee09bfe98c91c243abc15967cbc6fdc7731d6e9657669853e0f148f7dd During installation, if run under a specific username, the package downloads and installs two executables identified as backdoors trojans. --- Category:...

MAL-2026-2290 Malicious code in iwantsafecheckit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c982c88e841ae349f894f45b27e07f7154a252963ec05ff8e9536f46102e6ecf During installation the package downloads and installs two executables identified as backdoors trojans. --- Category: MALICIOUS - The campaign has clearly...

MAL-2026-2255 Malicious code in thisismytest123 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7640ee5ded7bcafbd9863565d68a7768bdc9bd2abca56a69d73576e7e9b2c0df During installation, if run under a specific username, the package downloads and installs two executables identified as backdoors trojans. --- Category:...

EUVD-2026-14949

IDrive’s idservice.exe process runs with elevated privileges and regularly reads from several files under the C:\ProgramData\IDrive\ directory. The UTF16-LE encoded contents of these files are used as arguments for starting a process, but they can be edited by any standard user logged into the...

CVE-2026-1995

CVE-2026-1995 – IDrive for Windows privilege escalation : The id_service.exe process runs with SYSTEM privileges and reads UTF-16LE files under C:\ProgramData\IDrive. Any standard user can edit these files, enabling an attacker to overwrite or point the file contents to an arbitrary executable. T...

CVE-2025-11571

Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution. The commands allowed to execute can open executables. However, the commands cannot pass parameters or arguments. To successfully execute this attack, the attacker needs to be on the sam...

Malicious code in pyregions-snowflake (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4c3a6759d779c0fe3ffac5559aa5f8915f72cab6bce545e1fe261f3caab47a65 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments - in older packages - attempts to...

MAL-2026-2109 Malicious code in pyregions-snowflake (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4c3a6759d779c0fe3ffac5559aa5f8915f72cab6bce545e1fe261f3caab47a65 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments - in older packages - attempts to...

Malicious code in dmclc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 895439e6afba407fb85d315e2c99f0d1434905a1ee72b172e62d55abbb8c93a3 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments - in older packages - attempts to...

Malicious code in modelconftranslator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6f61fcbf30122cbf577490fab3968c6b41f95d4d23f6916a7211066bd735ff6e During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments - in older packages - attempts to...

MAL-2026-2108 Malicious code in modelconftranslator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6f61fcbf30122cbf577490fab3968c6b41f95d4d23f6916a7211066bd735ff6e During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments - in older packages - attempts to...

CVE-2026-32989

Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling file uploads. Attackers can exploit this to upload executable files to web-accessible locations,...

EUVD-2016-10805

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with...

CVE-2016-20025 ZKTeco ZKAccess Professional 3.5.3 Privilege Escalation via Insecure Permissions

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with...

CVE-2016-20024

The CVE-2016-20024 issue affects ZKTeco ZKTime.Net product lines, notably 3.0.1.6 (and related versions 3.0.1.5/3.0.1.1 per sources). The root cause is insecure file permissions: world-writable rights on the ZKTimeNet3.0 directory and its contents allow unprivileged users to replace executable fi...

CVE-2016-20024 ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with...

CVE-2016-20024

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with...

Malicious code in spark-ml-utilities (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3c1db0bd2243007553e09eff3018d49b00dbdf3a5183d364225d32f80f7b773f During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...

MAL-2026-1224 Malicious code in spark-ml-utilities (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3c1db0bd2243007553e09eff3018d49b00dbdf3a5183d364225d32f80f7b773f During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...

Malicious code in risk-utilities (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 22f9a9b921e53b4755c41241969fcc8b410b09f29a63ed9c23c5a19c966b4946 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...