MAL-2026-4273 Malicious code in git-config-sync (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e49db03099f1d6053a9ebada346c3816399bc47918c92d765162128a095c401 On import gitconfigsync, the package's core.py spawns a daemon thread after a 3-15 second random delay that walks /.ssh, /.aws, /.ethereum, /.config,...

Astra Linux - уязвимость в derby

A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...

PT-2026-5123

Microsoft has issued an emergency patch for a zero-day vulnerability CVE-2021-21509 in Office, allowing attackers to bypass OLE mitigations and execute malware. CISA has included the flaw in their KEV catalog. Microsoft Office SecurityPatch ZeroDayVulnerability https://t.co/WMeToNOuIK...

CVE-2011-0639

Apple Mac OS X does not properly warn the user before enabling additional Human Interface Device HID functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the...

CVE-2025-65829

The ESP32 system on a chip SoC that powers the Meatmeet basestation device was found to lack Secure Boot. The Secure Boot feature ensures that only authenticated software can execute on the device. The Secure Boot process forms a chain of trust by verifying all mutable software entities involved ...

CVE-2025-12507

The service Bizerba Communication Server BCS has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed...

EUVD-2011-0656

Malware in sbrugna...

EUVD-2020-26705

Malware in sbrugna...

EUVD-2021-15857

Malware in sbrugna...

EUVD-2015-8846

Malware in sbrugna...

EUVD-2015-8845

Malware in sbrugna...

EUVD-2020-26708

Malware in sbrugna...

Improper Warning Message Handling

@anthropic-ai/claude-code is vulnerable to improper warning message handling. The vulnerability is due to an unclear trust prompt that failed to inform users that selecting “Yes, proceed” would execute files in the folder without further confirmation, which allows an attacker to trick users into...

EUVD-2022-5546

Malicious code in bioql PyPI...

EUVD-2024-27372

Malicious code in bioql PyPI...

EUVD-2022-44854

Malicious code in bioql PyPI...

EUVD-2023-3026

Malicious code in bioql PyPI...

Malicious code in gradio-videotimeline (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4c60699afd7e95b0d638703849ef060a53327d2aa47f98909ced4e7327ffea3c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2025-56383

Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that allows write access by arbitrary...

CVE-2025-56383

Notepad++ DLL Hijacking (CVE-2025-56383) affects Notepad++ v8.8.3 and earlier. The vulnerability allows replacing a legitimate DLL (e.g., NppExport.dll) in the plugin directory with a malicious one, enabling arbitrary code execution with the user’s privileges. Exploitation is local and relies on ...