Malicious code in wei516-ppa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1d5a85017b397970606b9d2d5150a6f6ee8f71fdbd810fe6b0a8f34c577d76d1 Package seems to provide an MCP server, but in fact contains attempts to make an LLM agent break safeguards. As the request is about leaves just a flag, it see...

MAL-2025-191930 Malicious code in wei516-ppa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1d5a85017b397970606b9d2d5150a6f6ee8f71fdbd810fe6b0a8f34c577d76d1 Package seems to provide an MCP server, but in fact contains attempts to make an LLM agent break safeguards. As the request is about leaves just a flag, it see...

Malicious code in wayspiritmcp-ppa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 efa23f0b46a88dcde4aa71c67cba31f46d0f8a9eef555daa0cbe4f2bd54d7a38 Package seems to provide an MCP server, but in fact contains attempts to make an LLM agent break safeguards. As the request is about leaves just a flag, it see...

CVE-2025-58185

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion...

CVE-2025-61724

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...

CVE-2025-58186

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

EUVD-2005-2200

Malware in sbrugna...

EUVD-2006-5150

Malware in sbrugna...

CVE-2025-47910

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...

CVE-2025-0913

os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with OCREATE and OEXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would...

CVE-2024-45336

The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however,...

Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent

Vienna-based privacy non-profit noyb short for None Of Your Business has filed a complaint with the Austrian data protection authority DPA against Firefox maker Mozilla for enabling a new feature called Privacy-Preserving Attribution PPA without explicitly seeking users' consent. "Contrary to its...

CVE-2024-34158

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

CVE-2023-39321

Processing an incomplete post-handshake message for a QUIC connection can cause a panic...

CVE-2023-24532

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh...

CVE-2022-41720

On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS"C:/tmp".Open"COM1" opens the...

CVE-2022-41716

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...

USN-4457-1: Software Properties vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricked into adding an arbitrary PPA, a remote attacke...

CVE-2020-15709

Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1esm1, printed a PPA personal package archive description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways...

Code injection

Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1esm1, printed a PPA personal package archive description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways...