Malicious code in fretqrade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6006c2d8bfe788dd4e9c483d3e8eb3eb6d5521c9197bf9fe463f31e878eb35d7 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in freqtraade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8dee746d88c5636acacd53a078f650424bf8658c8bd173ec8a1ed3e3b2aedc28 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in reqtrade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9eafd0ca4dd4d799f7fc2c72d39f61b3ea59fd355085c35889d3f640f62bb992 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in cccxt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx bbf77e85143db2624a1691f94e6382f42d72ab92eec168499ba0ac0b1f0081d3 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in ccxxt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 2f0475928d01aa7735ccbbd11aea089aa02c703d8449177cd3e5d32636246059 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

NVIDIA Omniverse Kit 代码注入漏洞

The NVIDIA Omniverse Kit is a powerful toolkit from NVIDIA, Inc. for developers to build their own applications, microservices, or plug-ins for their ecosystems. A security vulnerability exists in NVIDIA Omniverse Kit. An attacker could exploit this vulnerability to craft a USD file containing...

CVE-2022-42268

Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description USD files to customize all aspects of a scene. If a user opens a USD file th...

GuardDog 路径遍历漏洞

GuardDog is GuardDog open source a CLI tool that allows to identify malicious PyPI packages. A path traversal vulnerability exists in GuardDog versions prior to v0.1.8, which stems from the vulnerability to arbitrary file writes when scanning specially crafted remote PyPI packages, and the use of...

Microsoft VSCode Python Extension - Code Execution Exploit

VSCode Python Extension Code Execution This repository contains the Proof-of-Concept of a code execution vulnerability discovered in the Visual Studio Code Python extension. TL;DR: VScode may use code from a virtualenv found in the project folders without asking the user, for things such as...

dia -- remote command execution vulnerability

Security Focus reports: An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run within the privileges of the currently logged-i...

CVE-2002-0131

ActivePython ActiveX control for Python in the AXScript package, when used in Internet Explorer, does not prevent a script from reading files from the client's filesystem, which allows remote attackers to read arbitrary files via a malicious web page containing Python script...