Lucene search
K

9169 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/26 5:10 a.m.8 views

Malicious code in atlassian-exp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 802483ac3ec3749092037040a0a50ed9fa329232a832ac15fd5a0c692c42a9fd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/25 3:5 p.m.5 views

Malicious code in hexcon (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 191af8110082a90345db609c8f23d2313a5be68ec121742172f32cf3a1d5d905 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

6.9AI score
Exploits0References2
Nvidia
Nvidia
added 2025/11/25 12:0 a.m.16 views

Security Bulletin: NVIDIA NeMo Framework - November 2025

NVIDIA has released a software update for NVIDIA® NeMo Framework. To protect your system, clone or update this software to version 2.5.1 or later from NVIDIA/NeMo Framework on NVIDIA GitHub and pypi. Go to NVIDIA Product Security...

7.8CVSS7AI score0.00176EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/11/24 9:58 p.m.5 views

MAL-2025-191675 Malicious code in aiostreams (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a6bc4c2d12a8ad24e8844bea0287de82e1e6ab24b08fb1f5ac983c0906a655d9 Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...

7.1AI score
Exploits0References1
OSV
OSV
added 2025/11/24 6:34 a.m.5 views

MAL-2025-191940 Malicious code in zakuchienne (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6cab2f6ce1c1eec52747b1f7057550b9b35d3c4f6d8c04b51e37afd47c1e5625 Importing the module starts an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-mescouille...

7.1AI score
Exploits0References1
OSV
OSV
added 2025/11/23 4:18 p.m.8 views

MAL-2025-191875 Malicious code in speed-testing-vps (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 227b3ee25e084b57a160b7287f80a8ab8da0559184c81b5e9cae1d03941ca51b The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

7AI score
Exploits0References2
OSV
OSV
added 2025/11/23 12:20 p.m.3 views

MAL-2025-191792 Malicious code in minizip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 33ba100525dffc7a828e4b7384f862ff22dfb55d2e7d61a34c0d31ecdff64c10 During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

7.2AI score
Exploits0References4
OSV
OSV
added 2025/11/22 3:22 p.m.6 views

MAL-2025-191805 Malicious code in nspacercesolve (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8a8c6f18d1f22d3d0f0b9902a176d91fdfe33270faea47c835a0078955b85914 During installation, the package looks for a flag file and exfiltrates it. Similar content is in the main file. There is no other purpose of the package ---...

7.3AI score
Exploits0References1
OSV
OSV
added 2025/11/22 3:12 p.m.2 views

MAL-2025-191897 Malicious code in tgeffect (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e254217ac113edcc1914bdfcda06509137ceed6a7441b3c846653d769335bcaa Importing the module starts obfuscated code which then look for data related to some Telegram clients and attempt to exfiltrate them --- Category: MALICIOUS -...

7.1AI score
Exploits0References1
OSV
OSV
added 2025/11/18 11:47 p.m.2 views

MAL-2025-191686 Malicious code in aws-enumerateiam (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c108190780b32337fdce8748948935ac4229f0236710653f363b80a95dfbcd17 Before creating the boto3 client, package exfiltrates user's credentials. In this version, the exfiltrating is masked as connecting to an AWS component. The UR...

6.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/16 9:33 p.m.7 views

Malicious code in perfviewer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ea912a2de677fa6d9ea6dbf9a792dace4d927efd46a5cb615ba8548fec4930e8 During installation, code downloads and starts an executable and a DLL library. After starting them, files are removed from the disk. The executable has been...

7.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/15 5:51 p.m.5 views

Malicious code in hexadecpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e553647ff67ec6e0339b5de8038f9522494a1200e0437156eee7674d5a29ef21 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

6.9AI score
Exploits0References2
OSV
OSV
added 2025/11/14 5:22 p.m.3 views

MAL-2025-191791 Malicious code in minemeld-core (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dfe7b8c00b3748b3fe38ffdf3bd69558abb58091ee3347d47003929976ceb457 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/14 7:58 a.m.5 views

Malicious code in hexadec (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f9d0ae8ccf24a6f5bfc3a0d5e39a983576d6edb2c64d9fe31fcb758236a4aa25 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

6.9AI score
Exploits0References2
OSV
OSV
added 2025/11/13 7:46 p.m.5 views

MAL-2025-191835 Malicious code in pylibcugraph (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b298ab8786b687f39d3ce25f6a69effd415c27b384fa23bc45c5fdf640448105 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 7:25 p.m.5 views

Malicious code in quicksort-pro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d58062fd8cad559810255c4386b2acbeda83096e2999ea1172b10d0d7af008cb Importing the module downloads and executes an executable with malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

7.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 11:24 p.m.5 views

Malicious code in morosint (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2118ab70535d0272c108e5a454745ae83d10cd3421d5989984ab961b348367b5 Importing the module starts exfiltrating Discord tokens --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

7AI score
Exploits0References1
OSV
OSV
added 2025/11/08 8:20 p.m.1 views

MAL-2025-191713 Malicious code in db-aggregator-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 aed54ed734902c1a5749b7861e2ad95cc2d8c71c78fa4b0167499f9a1b296f9f Importing the module downloads and starts an infostealer. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

7AI score
Exploits0References2
OSV
OSV
added 2025/11/06 8:44 a.m.7 views

MAL-2025-191929 Malicious code in wei516-enconly (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3e40931688b41ac8340ab8f27604ba32f1ea6e364df1e614343cbc4cf0df50e8 Package seems to provide an MCP server, but in fact contains attempts to make an LLM agent break safeguards. As the request is about leaves just a flag, it see...

6.7AI score
Exploits0References1
OSV
OSV
added 2025/11/05 9:24 p.m.5 views

MAL-2025-191925 Malicious code in wayspiritmcp-ppa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 efa23f0b46a88dcde4aa71c67cba31f46d0f8a9eef555daa0cbe4f2bd54d7a38 Package seems to provide an MCP server, but in fact contains attempts to make an LLM agent break safeguards. As the request is about leaves just a flag, it see...

6.7AI score
Exploits0References1
Rows per page
Query Builder