Malicious code in krisp-audio (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1940a2f9c0907fd633cc07fcc96fad89f2e4c55cbd38d5fe8df09d1c4048c906 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-191643 Malicious code in krisp-audio (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1940a2f9c0907fd633cc07fcc96fad89f2e4c55cbd38d5fe8df09d1c4048c906 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Krisp: SQL Injection + Insecure Deserialization leads to Remote Code Execution on https://krisp.ai

The tenweb-speed-optimizer WordPress plugin prior to version 2.12.22 was vulnerable to unauthenticated SQL injection in /wp-json/tenwebio/v2/compress-one, which could be exploited to gain remote code execution by chaining it with insecure deserialization...

Krisp: Log4j CVE-2021–44228

The researcher's canary token got DNS interaction, which raised a false sense of log4shell vulnerability. $hostName would be exfiltrated if any of the processing servers were vulnerable, but as seen in the video submitted by the researcher just a plain DNS resolving was made...

Krisp: [api.krisp.ai] Race condition on /v2/seats endpoint allows bypassing the original seat limit

Security researcher has found a race condition on one of our endpoints which was effectively bypassing maximum seats limit, We would like to thank @alp for reporting it responsibly to our bug bounty program ! I found a race condition issue at the /v2/seats endpoint. It allowed bypassing maximum...