CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

--- -= Per source details. Do not edit below this line.=- Source: kam193 f9ba7e438828f3bcacd252bc54f00732b129fe6fc8f6a9909d964720ac1e6420 Setup.py contains a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-02-mirage-rce Reasons...

7.5AI score

Exploits0References1

OSV•added 2025/03/02 5:5 p.m.•5 views

MAL-2025-2952 Malicious code in ctf-aio-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1641f444ea0056686d1421b67d63c1a6fd944999ed4dff175924de88f1d5182a Installing the package starts a reverse shell. The remote server is, however, set as a local IP, so it's most probably testing --- Category: PROBABLYPENTEST -...

7.3AI score

Exploits0References1

OSV•added 2025/02/26 3:15 p.m.•17 views

CVE-2025-1716

picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...

9.8CVSS6.8AI score0.01498EPSS

Exploits4References3

Cvelist•added 2025/02/26 2:51 p.m.•16 views

CVE-2025-1716 picklescan - Security scanning bypass via 'pip main'

5.3CVSS0.01498EPSS

Exploits2References3

Vulnrichment•added 2025/02/26 2:51 p.m.•13 views

CVE-2025-1716 picklescan - Security scanning bypass via 'pip main'

5.3CVSS6.4AI score0.01498EPSS

Exploits2References3

OSSF Malicious Packages•added 2025/02/25 6:18 p.m.•3 views

Malicious code in alicloud-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6366aa8c2eff918da0f1cc2118a026e749592f71bebbe81215877575b9593c6a This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score

Exploits0References4

OSSF Malicious Packages•added 2025/02/25 6:18 p.m.•3 views

Malicious code in amzclients-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7918a5aab99f521336ce5a17ca3b3dae77256011f91ed8dc22c4d9a38123f539 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score

Exploits0References4

OSSF Malicious Packages•added 2025/02/25 6:18 p.m.•3 views

Malicious code in enumer-iam (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8062489d0fe9ae58c1937e4afba7f0f3adfbd507e07dd81bb9450bf7f58c6943 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score

Exploits0References4

OSSF Malicious Packages•added 2025/02/25 6:18 p.m.•3 views

Malicious code in time-server-analyzer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 95abdeda4b05cb93bb442d77d1b339498503b1fddb72e3579359f39c5952513b This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score

Exploits0References4

OSSF Malicious Packages•added 2025/02/25 6:18 p.m.•3 views

Malicious code in time-check-server-get (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 25b39f6b89687636c8f9e90e3c326bcfb64ecbfa2594850247d4d2e9646b9257 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by