CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/06/09 4:53 p.m.•5 views

MAL-2026-5458 Malicious code in ultimate-ai-power (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90499eb8f54fcc67c067ef7d5397153b4abfc5bbca9d96e7deb291152f49ed3f On import ultimateaipower, the package's top-level init.py collects the local username getpass.getuser and resolved host IP socket.gethostbyname and...

5.7AI score

OSSF Malicious Packages•added 2026/06/05 7:6 p.m.•9 views

Malicious code in goodoltoulas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98a84d10e07878c98ffa21b3920940b10ffac4d3cdd66250c046391ea502aaff On pip install goodoltoulas, setup.py unconditionally invokes setuphelper, which downloads an opaque PE binary from an anonymous file-hosting service...

5.7AI score

OSSF Malicious Packages•added 2026/06/05 5:29 p.m.•9 views

Malicious code in goodoldtoulas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5414e9956c915ef34d422d9eba09177fb667bba375c43e9d9b54d4f87b628712 During pip install goodoldtoulas, setup.py invokes setuphelper which downloads main.exe from...

5.8AI score

OSV•added 2026/06/05 5:29 p.m.•5 views

MAL-2026-5271 Malicious code in goodoldtoulas (PyPI)

5.8AI score

OSSF Malicious Packages•added 2026/06/04 10:17 a.m.•10 views

Malicious code in hpe-glcp-automation-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 53256c57763ad4be286cf74bf0162b67413edc085338e3778ac9bc2afa1b4b93 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score

OSV•added 2026/05/13 8:7 p.m.•3 views

MAL-2026-3705 Malicious code in math-array-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1b6411ce9c35210436bef6dadb284e5d89ec85c2cc17f970509aa4b5f30c2440 During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

OSSF Malicious Packages•added 2026/05/13 8:7 p.m.•7 views

Malicious code in math-array-tools (PyPI)

OSV•added 2026/05/13 8:4 p.m.•9 views

MAL-2026-3701 Malicious code in api-request-helpers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c8e8b70ac4deca30691d583ac6891034222b7458bf5ba9e7b86cf5e6627d8abb During installation, package exfiltrates some basic info to a GitHub issue comment, and then attempt to set up a persistent infostealer focused on exfiltrating...

OSSF Malicious Packages•added 2026/04/27 5:24 a.m.•7 views

Malicious code in bytedaaa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fedb317c49dbeddcfa00503c821197919801ee034dd6713e6a1c45ea68ebd7dc Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.5AI score

OSV•added 2026/04/26 3:49 p.m.•2 views

MAL-2026-3047 Malicious code in robase-gui (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ffbeda05758af4fb3c32de434df674102718336d499124f08b158271e4a08f7e During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

5.8AI score

OSV•added 2026/04/21 10:6 a.m.•6 views

MAL-2026-2964 Malicious code in buildenv-collector (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ed214a591cc269b484b5a0831e170e9db89aa33d168ab77c7826837495cd0f38 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score

OSV•added 2026/04/18 10:47 p.m.•4 views

MAL-2026-2860 Malicious code in mylib-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8cc746751844570c4d9de0acc1fc4aba45c1316434c664fc70711749720f88f1 During import, a remote executable is automatically started. During analysis, the executable only showed a basic message. It's likely experimenting with...

OSV•added 2026/04/17 7:49 a.m.•6 views

MAL-2026-2836 Malicious code in restasv3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8b1f1a7427290168b0acaa2bd682cb33a9d3384eb9f0ea95d2bbd295152bfff7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score

OSSF Malicious Packages•added 2026/04/11 8:26 p.m.•5 views

Malicious code in robase-fallback (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a90a9e6e638fef782e18c99b5ab69341776385c7c7e6000af01a6b0fd2c3b0b6 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

OSV•added 2026/03/30 4:6 p.m.•5 views

MAL-2026-2301 Malicious code in dremel (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27df3a2ebf6e129a3e640d55b9dd03b5f21cef1694cd6ccdae97e456f098ce2c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSSF Malicious Packages•added 2026/03/29 12:15 p.m.•5 views

Malicious code in database-roblox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bc72e398d8a27feaf630ecd5c3f852b452ad895a1e0a104abbc87da277e3bfc4 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

OSSF Malicious Packages•added 2026/03/28 8:16 p.m.•3 views

Malicious code in roboat-additions (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1af64a27f6bd87cbd380cb838d6c8c06696f9497c246fe348d5af1bbc17f6122 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

OSV•added 2026/03/25 5:4 a.m.•5 views

MAL-2026-2182 Malicious code in sonic-yang-mgmt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8013d6980c9ac5e595a47f3464594348804620b433495e07afadff081bc89913 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...