CVE-2026-5843

The CVE describes a vulnerability in Docker Model Runner (macOS) where the MLX-LM backend unconditionally imports and executes arbitrary Python files specified by model_file in a model's config.json via importlib, without a trust_remote_code gate or sandboxing. This enables container-to-host arbi...

PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code

Summary The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. The blocklist implemented in PluginSecurity.validateplugincode is incomplete and can be bypassed using several Python constructs that are not checked. An...

GHSA-VP22-38M5-R39R PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code

Summary The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. The blocklist implemented in PluginSecurity.validateplugincode is incomplete and can be bypassed using several Python constructs that are not checked. An...

Exploit for Uncontrolled Search Path Element in Needrestart_Project Needrestart

CVE-2024-48990 — needrestart Local Privilege Escalation Local...

EUVD-2024-27309

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

PT-2026-5649

A Local File Inclusion LFI vulnerability exists in the '/reinstall extension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstall extension" route. This vulnerability allows attackers to inject a malicious name parameter, leadin...

Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist

Fickling's assessment ctypes, importlib, runpy, code and multiprocessing were added the list of unsafe imports https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66, https://github.com/trailofbits/fickling/commit/eb299b453342f1931c787bcb3bc33f3a03a173f9,...

GHSA-Q5QQ-MVFM-J35X Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist

Fickling's assessment ctypes, importlib, runpy, code and multiprocessing were added the list of unsafe imports https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66, https://github.com/trailofbits/fickling/commit/eb299b453342f1931c787bcb3bc33f3a03a173f9,...

EUVD-2025-32166

Malicious code in bioql PyPI...

Malicious code in importlib-resources (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1a22bec72f60bb7cc973586a56fe04d0278d14854c10f0e3ed7b88dc7dc556a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47886 Malicious code in importlib-resources (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1a22bec72f60bb7cc973586a56fe04d0278d14854c10f0e3ed7b88dc7dc556a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview importlib-metadata is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview importlib-resources is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Exploit for Uncontrolled Search Path Element in Needrestart_Project Needrestart

PoC for CVE-2024-48990 in needrestart educational purpose...

Malicious code in importlib-resource (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0fd6066b0541bd12a7a24cd00cf0cebdc0d82832ae6ead0c90db2589bf50e152 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

MAL-2024-10737 Malicious code in importlib-resource (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0fd6066b0541bd12a7a24cd00cf0cebdc0d82832ae6ead0c90db2589bf50e152 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

Malicious code in importlib-metadata (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 35c1ba96ae1a4f623e6b2c175b5745b1a1eaa0c1c04c6022a3eb07c135d2dcdb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1624 Malicious code in importlib-metadate (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b6db8994d6a78a5d0d95df2d0add2257ee6188f8c5419cbd7e2813426739d15d --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: baidu-readver Reasons based on the campaign: - The package...

Malicious code in importlib-metadate (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b6db8994d6a78a5d0d95df2d0add2257ee6188f8c5419cbd7e2813426739d15d --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: baidu-readver Reasons based on the campaign: - The package...

PT-2023-36196 · Salt · Salt

Name of the Vulnerable Software and Affected Versions: salt versions prior to 3006.0 Description: The issue is related to several problems in the salt software, including collections Mapping issues, conflicts with dependencies, and failures due to the unavailability of the transactional update...