MAL-2026-2572 Malicious code in hiveos-setting (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 36035629c3bde2cc0e1f5c5531cac6c4ece9ff587cc3c85a5e39bcafbded06d9 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

MAL-2026-99 Malicious code in testingpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 577f9c1cdb7d3ef0e010cc9e292142a11f3a84a9f1ed42f238a920e7e9617b35 Package clones a legitimate library and adds a hidden code that downloads a malicious script. The script then downloads an archive with malicious executable in...

MAL-2026-53 Malicious code in gztensor-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6010189e23e54782200df770b6e40ed7e37284779c25f28cd145aadd9ee8b623 Package clones a legitimate library and adds a hidden code that downloads a malicious script. The script then downloads an archive with malicious executable in...

MAL-2025-192958 Malicious code in smtmlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e871336d0effe99cb62efeda3a287186e75c1bd4ca5770efd81718db8ababe4e Malicious copy of a standard library module that during class initialization downloads and executes remote code and after that attempts to cover its tracks by...

Bypassing Device-Resource Restrictions

Cordova is vulnerable to the bypass of intended device-resource restrictions. Leveraging on an event-based bridge, a library clone, and an IFRAME script execution, a remote attacker is able to directly access bridge JavaScript objects as demonstrated by certain cordova.require calls...

Bypassing Device-Resource Restrictions

Cordova is vulnerable to the bypass of intended device-resource restrictions. Leveraging on an event-based bridge, a library clone, and an IFRAME script execution, a remote attacker is able to wait for a certain amount of time for an OnJsPrompt handler return value as an alternative to correct...

CVE-2014-1882

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated...

CVE-2014-1881

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler...

CVE-2014-1882

Affected software: Apache Cordova 3.3.0 and earlier; Adobe PhoneGap 2.9.0 and earlier. Root cause: An event-based bridge can be bypassed via a crafted library clone that uses IFRAME script execution to directly access bridge JavaScript objects, demonstrated by cordova.require calls. Impact: Remot...