EUVD-2026-2661

Malicious code in solana-program PyPI...

MAL-2026-252 Malicious code in solana-program (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b7f4afe6d0bf016660b9bcd20e900d4d0504af8c3ac7f7dc69f20229ebcddb21 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

EUVD-2026-2662

Malicious code in soupclaw PyPI...

EUVD-2026-2663

Malicious code in transitive-req PyPI...

MAL-2026-250 Malicious code in transitive-req (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d7b45680b49152176403af486a0af997c20d1eaa8179a69b8e5c3ee65a41e35a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in transitive-req (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d7b45680b49152176403af486a0af997c20d1eaa8179a69b8e5c3ee65a41e35a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2026-1099)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MiracleLinux 3 : python-2.4.3-46.2.0.1.AXS3 (AXSA:2012-569:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-569:02 advisory. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules,...

MiracleLinux 3 : python-2.4.3-24.6.1AXS3 (AXSA:2009-367:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-367:02 advisory. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules,...

MiracleLinux 3 : python-2.4.3-44.0.1.AXS3 (AXSA:2011-183:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-183:01 advisory. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules,...

EUVD-2026-2402

Malicious code in dify-api PyPI...

Malicious code in dify-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a40038bb1837e98127f2e267d1932d1eeb641c93e855c50af9aa25002e28c76b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

GuardDog 路径遍历漏洞

GuardDog is a CLI tool in GuardDog open source that allows identifying malicious PyPI packages. A path traversal vulnerability exists in GuardDog versions prior to 2.7.1, which stems from the presence of path traversal in the safeextract function, which could lead to arbitrary file overwriting an...

MiracleLinux 8 : python3-3.6.8-70.el8_10.ML.1 (AXSA:2025-10427:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10427:02 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside...

MiracleLinux 9 : python3.12-3.12.5-2.el9_5.3 (AXSA:2025-9842:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9842:01 advisory. cpython: python: Uncontrolled CPU resource consumption when in http.cookies module CVE-2024-7592 Tenable has extracted the preceding description block direct...

MiracleLinux 9 : python3.12-3.12.9-1.el9 (AXSA:2025-10388:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10388:05 advisory. python: cpython: URL parser allowed square brackets in domain names CVE-2025-0938 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : python3.12-3.12.9-1.el9_6.2 (AXSA:2025-10825:11)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10825:11 advisory. cpython: Cpython infinite loop when parsing a tarfile CVE-2025-8194 Tenable has extracted the preceding description block directly from the MiracleLinux...

3m (>=0.1.0 <=0.1.3), aap-llamaindex (>=0.1.1.dev1 <=0.2.0) +347 more potentially affected by CVE-2024-14021 via llama-index (>=0.10.0 <=0.9.48)

llama-index PYPI version =0.10.0, =0.1.0, =0.1.1.dev1, =0.1.8, =0.0.2, =1.4.3, =0.1.0a0.dev0, =0.2.0a0, =0.1.0, =0.1.0a1, =0.0.1, =1.1.0, =3.0.0, =3.1.14 and more Source cves: CVE-2024-14021 Source advisory: SNYK:PYTHON-LLAMAINDEX-14917171...

3m (>=0.1.0 <=0.1.3), aap-llamaindex (>=0.1.1.dev1 <=0.2.0) +347 more potentially affected by CVE-2024-58339 via llama-index (>=0.10.0 <=0.9.48)

llama-index PYPI version =0.10.0, =0.1.0, =0.1.1.dev1, =0.1.8, =0.0.2, =1.4.3, =0.1.0a0.dev0, =0.2.0a0, =0.1.0, =0.1.0a1, =0.0.1, =1.1.0, =3.0.0, =3.1.14 and more Source cves: CVE-2024-58339 Source advisory: SNYK:PYTHON-LLAMAINDEX-14917160...

MAL-2026-237 Malicious code in formater (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 71f6a751b5ff98dceeee5863086a2d9988640b93d96ccef9d50fb0d0d1dd116c During importing the package automatically downloads a script that uses a Telegram bot to perform remote control over the computer --- Category: MALICIOUS - Th...