Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

12 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/17 9:35 p.m.5 views

Malicious code in dotenv-sync (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c91932ecf0decc2b900d3e3cd6effe3c4cb1c4ec5ddfd98cde2460facf9f7ae1 On Windows, src/envsync/init.py lines 39-44 unconditionally calls ctypes.CDLL on a bundled 2.9MB PE file parser.pyd at top-level import, wrapped in...

6.1AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/17 9:34 p.m.6 views

Malicious code in disksweep (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a6449a8f35de848928e7f17d88c87db80e5aee40e8b53c375e07fc7d43cc05e On every import disksweep, the package's top-level src/disksweep/init.py lines 18-24 calls ctypes.CDLL on a 2.9 MB Windows binary parser.pyd shipped...

5.8AI score
Exploits0References5
OSV
OSVadded 2026/06/17 9:34 p.m.6 views

MAL-2026-6081 Malicious code in disksweep (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a6449a8f35de848928e7f17d88c87db80e5aee40e8b53c375e07fc7d43cc05e On every import disksweep, the package's top-level src/disksweep/init.py lines 18-24 calls ctypes.CDLL on a 2.9 MB Windows binary parser.pyd shipped...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/17 9:32 p.m.8 views

Malicious code in syncagents (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...

5.9AI score
Exploits0References6
OSV
OSVadded 2026/06/17 9:32 p.m.6 views

MAL-2026-6083 Malicious code in syncagents (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...

5.9AI score
Exploits0References6
Github Security Blog
Github Security Blogadded 2026/06/12 6:30 p.m.8 views

Tornado has out-of-bounds memory access via C extension

Summary Tornado's optional native extension tornado.speedups implements websocketmask without validating that the mask argument is exactly four bytes long. The C function reads four bytes from mask unconditionally, even when Python passes a shorter byte string. This can read beyond the provided...

5.3AI score0.00027EPSS
Exploits0References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/12/21 1:10 a.m.6 views

Malicious code in ai-cypher (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5484d32cf20d26ce1585cb1cf90d2ed28c9cf9ccdcf038976a5cec33dd939e4d The compiled native extension hides the code that during import exfiltrates sensitive Telegram files. --- Category: MALICIOUS - The campaign has clearly...

7.2AI score
Exploits0References2
OSV
OSVadded 2025/12/21 1:10 a.m.5 views

MAL-2025-192683 Malicious code in ai-cypher (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5484d32cf20d26ce1585cb1cf90d2ed28c9cf9ccdcf038976a5cec33dd939e4d The compiled native extension hides the code that during import exfiltrates sensitive Telegram files. --- Category: MALICIOUS - The campaign has clearly...

7.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/12/10 5:39 p.m.5 views

Malicious code in jsonschema-utf8 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 61bf4fa82a7c398e580d547d641bc19e3b16ba446191da04f39dcf9cf9a41eab Package clones a popular package loguru, jsonschema, .... While it claims to have some additional features, the real change is an added compiled native library...

7AI score
Exploits0References2
OSV
OSVadded 2025/12/10 5:39 p.m.3 views

MAL-2025-192436 Malicious code in jsonschema-utf8 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 61bf4fa82a7c398e580d547d641bc19e3b16ba446191da04f39dcf9cf9a41eab Package clones a popular package loguru, jsonschema, .... While it claims to have some additional features, the real change is an added compiled native library...

6.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/12/10 5:2 p.m.6 views

Malicious code in loguru-utf8 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e20933ac001bbe12fd7962f9e12208f3224c836f3deba7669a649165232e0b78 Package clones a popular package loguru, jsonschema, .... While it claims to have some additional features, the real change is an added compiled native library...

7AI score
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2013/07/16 12:0 a.m.35 views

Fedora 19 : ruby-2.0.0.247-14.fc19 (2013-12663)

Update to Ruby 2.0.0-p247 rhbz979605. - Fix RubyGems search paths when building gems with native extension. - Make symlinks for psych gem to ruby stdlib dirs. - Add support for ABRT autoloading. - Better support for build without configuration rhbz977941. - Use system-wide cert.pem. - Fixes...

6.8CVSS8AI score0.02767EPSS
Exploits0References8
Rows per page
Query Builder