Lucene search
K

93 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/02 9:23 p.m.12 views

Malicious code in horde-python-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2ae9afcd7af22c82b137c1142ae643502d82f3d1f28712b2e5c7ec412bea85e horde-python-client 99999.0.0 is a dependency-confusion lure. On import hordepythonclient, a daemon thread unconditionally POSTs a JSON payload...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/02 9:23 p.m.3 views

MAL-2026-6734 Malicious code in horde-python-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2ae9afcd7af22c82b137c1142ae643502d82f3d1f28712b2e5c7ec412bea85e horde-python-client 99999.0.0 is a dependency-confusion lure. On import hordepythonclient, a daemon thread unconditionally POSTs a JSON payload...

6.3AI score
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-289 Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE

Deserialization of untrusted data in the Azure AI Language Conversations Authoring client library for Python allows an unauthorized attacker to execute code over a network...

9.8CVSS5.9AI score0.02344EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 4:14 p.m.6 views

urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

8.9CVSS5.9AI score0.0068EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 6:39 a.m.14 views

Malicious code in coderzero (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bd26d5ae306572deded5926f2a32dd34de72377da3363cafc4c4026b9c5a93d When a user runs the coderzero CLI, the bundled Python client client/noderzero.py starts a clipboard monitor that polls pyperclip.paste every 300ms a...

5.5AI score
Exploits0References5
OSV
OSV
added 2026/05/27 7:35 p.m.3 views

CVE-2026-45134 LangSmith Client SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...

7.1CVSS5.9AI score0.00199EPSS
Exploits0References3
CVE
CVE
added 2026/05/18 8:15 p.m.41 views

CVE-2026-8838

CVE-2026-8838 affects the amazon-redshift-python-driver prior to 2.1.14. The issue arises from unsafe use of Python’s eval() on server-received data in the vector_in() function, enabling a rogue server or man-in-the-middle actor to execute arbitrary code on the client. Affected component: amazon-...

9.8CVSS6.2AI score0.00808EPSS
Exploits1References3
NVD
NVD
added 2026/04/23 2:16 a.m.4 views

CVE-2026-41182

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When ...

5.3CVSS0.00214EPSS
Exploits0References1
OSV
OSV
added 2026/03/25 6:56 a.m.8 views

MAL-2026-2186 Malicious code in vision-service-python-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 faa725015cfe04b49bbcf9f472d21a77993c7ca9692ad2b0912e9bd3d2554669 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/25 6:56 a.m.8 views

Malicious code in vision-service-python-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 faa725015cfe04b49bbcf9f472d21a77993c7ca9692ad2b0912e9bd3d2554669 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
OSV
OSV
added 2026/01/27 12:36 a.m.5 views

CVE-2026-24489 Gakido vulnerable to HTTP Header Injection (CRLF Injection)

Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF Carriage Return Line Feed sequences in user-supplied header values and names. When making HTTP...

5.3CVSS6AI score0.0036EPSS
Exploits1References5
NCSC
NCSC
added 2026/01/13 7:17 p.m.72 views

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges to access sensitive data or execute code that the malicious party is not initially authorized to execute. For successful abuse, the malicious...

7.8CVSS7.1AI score0.00776EPSS
Exploits0
NVD
NVD
added 2026/01/13 7:16 p.m.12 views

CVE-2026-21226

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network...

7.5CVSS0.00776EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/01/13 4:0 p.m.6 views

Azure Core shared client library for Python Remote Code Execution Vulnerability

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network...

7.5CVSS7.4AI score0.00776EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 10:53 a.m.9 views

CVE-2022-33684

The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the middle attack and intercept and/or...

8.1CVSS6.9AI score0.00704EPSS
Exploits1References1
OSV
OSV
added 2025/12/13 6:30 p.m.6 views

GHSA-75MJ-4G74-9RG2 Universal Tool Calling Protocol (UTCP) client library for Python vulnerable to Trust Boundary Violation through Manual JSON specification

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

7.5CVSS6.9AI score0.00223EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/13 6:30 p.m.9 views

Universal Tool Calling Protocol (UTCP) client library for Python vulnerable to Trust Boundary Violation through Manual JSON specification

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

7.5CVSS7AI score0.00223EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2025/12/05 6:15 p.m.10 views

0lever-utils (>=0.0.2 <=0.0.7), 0xdegenmo-lighter-mcp (=0.1.1) +16246 more potentially affected by CVE-2025-66471 via urllib3 (>=1.10.2 <=2.5.0)

urllib3 PYPI version =1.10.2, =0.0.2, =0.3.0, =0.0.1a0, =1.1.2, =0.1.0, =0.1.0, =0.0.2, =0.0.5, =0.0.7 - a-mailx =0.1.0 - a-texam =1.1.0 - a16z =0.0.1 and more Source cves: CVE-2025-66471 Source advisory: OSV:GHSA-2XPW-W6GG-JR37...

8.9CVSS6.7AI score0.00633EPSS
Exploits0
Fedora
Fedora
added 2025/11/05 2:12 a.m.6 views

[SECURITY] Fedora 43 Update: openapi-python-client-0.26.2-4.fc43

The openapi-python-client is a powerful tool designed to generate modern Python clients from OpenAPI 3.0+ documents supporting both synchronous and asynchronous HTTP requests. It automates the creation of Python classes and methods that correspond to the endpoints and schema defined in your OpenA...

8.1CVSS6.9AI score0.00688EPSS
Exploits1
OpenVAS
OpenVAS
added 2025/11/05 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2025-16b2da653e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8AI score
Exploits0References2
Rows per page
Query Builder