Malicious code in dlty (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 494f5fbab24a26771e84ce06eea5303b7d1b9135b505a6d93a01c417603f1902 Importing the dlty package triggers an active data-exfiltration channel from the installer to third-party-controlled infrastructure. dlty/init.py...

MAL-2026-3690 Malicious code in dlty (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 494f5fbab24a26771e84ce06eea5303b7d1b9135b505a6d93a01c417603f1902 Importing the dlty package triggers an active data-exfiltration channel from the installer to third-party-controlled infrastructure. dlty/init.py...

MAL-2026-3696 Malicious code in projz-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 196ea7ee7277857a29c8478e6908961bde9f28aa136c3e6ae68412ba4b67bff0 The package routes authentication-related calls through a hardcoded third-party HTTP endpoint and then unpickles the server's raw response, which is ...

MAL-2026-3695 Malicious code in pirxcypackage (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5de481a31a831804a096bf6cf87157c0b0ee158aa7306c95080447764f9f7540 PirxcyPackage/init.py fetches https://pastebin.com/raw/91tFF63S and passes the response body to exec on every import. This is a textbook...

Malicious code in pirxcypackage (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5de481a31a831804a096bf6cf87157c0b0ee158aa7306c95080447764f9f7540 PirxcyPackage/init.py fetches https://pastebin.com/raw/91tFF63S and passes the response body to exec on every import. This is a textbook...

MAL-2026-3694 Malicious code in mymaldependency (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38372ffa2ec19cee68f769508d95ffb4f5c1878aeae058ce3e7a33b947d06cf1 MyMalDependencypackage/init.py executes on every import: it calls os.uname and os.getcwd, writes the results to./trans.txt in the installer's working...

Malicious code in mymaldependency (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38372ffa2ec19cee68f769508d95ffb4f5c1878aeae058ce3e7a33b947d06cf1 MyMalDependencypackage/init.py executes on every import: it calls os.uname and os.getcwd, writes the results to./trans.txt in the installer's working...

Malicious code in dcchbot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df79831d1b486c8ca704295b410cec7b66be85aa87c3244d97ff1e87f643183a The package performs multiple installer-hostile behaviors. 1 dcchbot/init.py auto-invokes run on import, which triggers interactive input prompts and...

MAL-2026-3692 Malicious code in guan (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e04a9a658bc7616e72a5edf276dd049e5b697f2492c46929caf2e01fac95d84 The top-level src/guan/init.py unconditionally calls statisticsofguanpackage on every import guan. That function in src/guan/others.py opens a raw TC...

Malicious code in guan (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e04a9a658bc7616e72a5edf276dd049e5b697f2492c46929caf2e01fac95d84 The top-level src/guan/init.py unconditionally calls statisticsofguanpackage on every import guan. That function in src/guan/others.py opens a raw TC...

DEBIAN-CVE-2026-42046

libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write heap overflow by supplying a crafted file in the "caca" format. Depending on the build...

UBUNTU-CVE-2026-42046

libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write heap overflow by supplying a crafted file in the "caca" format. Depending on the build...

CVE-2026-42046

libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write heap overflow by supplying a crafted file in the "caca" format. Depending on the build...

CVE-2026-42046 libcaca: Heap OOB write in canvas import functions caused by int overflow

libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write heap overflow by supplying a crafted file in the "caca" format. Depending on the build...

CVE-2026-42046 libcaca: Heap OOB write in canvas import functions caused by int overflow

libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write heap overflow by supplying a crafted file in the "caca" format. Depending on the build...

CVE-2026-42046

libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write heap overflow by supplying a crafted file in the "caca" format. Depending on the build...

CVE-2026-42046

CVE-2026-42046 affects the libcaca library (canvas import function). An integer overflow in 0.99.beta20 and earlier allows a crafted file in the “caca” format to trigger a controlled heap out-of-bounds write, causing memory corruption and potentially remote code execution depending on build confi...

CVE-2026-42046

libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write heap overflow by supplying a crafted file in the "caca" format. Depending on the build...

EUVD-2026-29326

libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write heap overflow by supplying a crafted file in the "caca" format. Depending on the build...

CVE-2026-43888 Outline: Zip Extraction Path Escape via PATH_MAX Truncation in Collection Import

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem path through trimFileAndExt, a filename helper that calls path.basename on its input when truncating. When a zip entry's...