Malicious code in robase-installer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1edd96cface7dcae9f445d94982ffc19a27e557fae7030e77e6e5646dfdd5c98 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Exploit for CVE-2026-39866

CVE-2026-39866 — Command Injection via unquoted workflow dispa...

GHSA-GM3X-23WP-HC2C vulnerabilities

Vulnerabilities for packages: traefik...

GHSA-QH6H-P6C9-FF54 vulnerabilities

Vulnerabilities for packages: py3-langchain...

GHSA-R6QV-FRPC-Q66C vulnerabilities

Vulnerabilities for packages: jenkins...

GHSA-VGPV-F759-9WX3 vulnerabilities

Vulnerabilities for packages: ruby3.3-rack, ruby3.4-rails, kube-fluentd-operator, ruby4.0-rack, ruby3.2-rails, ruby3.4-rack, logstash, ruby3.2-rack...

GHSA-XV6W-GXJ8-V943 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-6R7G-3MM3-FHW7 vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-326M-34V3-GV5P vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: victoriametrics, newrelic-infra-operator, dgraph, victoriametrics-cluster, aws-privateca-issuer, secrets-store-csi-driver-provider-aws, temporal, mountpoint-s3-csi-driver, mariadb-operator, dbmate, pluto, dkron, oras, local-path-provisioner,...

GHSA-JRG3-GFJW-HM96 vulnerabilities

Vulnerabilities for packages: xeol, gatekeeper, nri-redis, dbmate, harbor-scanner-trivy, podman, oras, kube-vip, tkn, cilium-certgen, clickhouse-operator, gh, azure-service-operator, kyverno, kubescape-operator, terraform-provider-azuread, spire-controller-manager, metrics-agent, nri-couchbase,...

GHSA-QH3H-3QGQ-CXV8 vulnerabilities

Vulnerabilities for packages: firefox...

CVE-2026-33810 vulnerabilities

Vulnerabilities for packages: nodetaint-fips, aws-iam-authenticator, polaris-fips, commercial-chainloop-backend, kube-logging-logging-operator, sealed-secrets-fips, sftpgo-plugin-eventsearch, newrelic-infra-operator, ingress-nginx-controller, dkron, victorialogs-fips, eks-node-monitoring-agent,...

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: nodetaint-fips, aws-iam-authenticator, polaris-fips, commercial-chainloop-backend, kube-logging-logging-operator, sealed-secrets-fips, sftpgo-plugin-eventsearch, newrelic-infra-operator, ingress-nginx-controller, dkron, victorialogs-fips, eks-node-monitoring-agent,...

GHSA-FVCV-3M26-PCQX

creationtimestamp| type| source ---|---|--- 2026-04-10 21:24:33+00:00| seen| Telegram/EoubZoYE34cwfOKYIK3rDqJUepVUHxboU2AFga2-YHkJtiw 2026-04-12 07:51:50+00:00| seen| https://bsky.app/profile/azu.bsky.social/post/3mjbulrf7362m 2026-04-12 23:10:48+00:00| seen|...

GHSA-PHFX-PWWG-945V

creationtimestamp| type| source ---|---|--- 2026-04-10 21:24:11+00:00| seen| Telegram/FBFE1jRDxJPr8K8KBUfFYtlwI9wezi1OF7LpQ32tR7vo...

CVE-2026-40148

creationtimestamp| type| source ---|---|--- 2026-04-10 19:26:21+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-f2h6-7xfr-xm8w...

Arbitrary Code Injection

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Arbitrary Code Injection in the executecodedirect function when the AST-based filtering mechanism fails to block dangerous attribute access...

CVE-2026-40115

creationtimestamp| type| source ---|---|--- 2026-04-10 19:23:13+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-2xgv-5cv2-47vv...

GraphAlgo Scam: Lazarus Hackers Register Real US LLCs to Spread Malware

ReversingLabs has discovered a fresh wave of the graphalgo campaign in which North Korean Lazarus hackers are using fake Florida LLCs, mimicking SWFT Blockchain, and using GitHub typo-squatting to target developers with malware...