Malicious code in robustinfer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2fd89ce9f166281f91029df8dc7595d23503a595a4baba85f1702ccf0b4e2b11 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

EUVD-2026-1103

Malicious code in pycolorom PyPI...

MAL-2026-96 Malicious code in pycolorom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6babcee81c12759b66be4c0a8ba33c3f0272b052a47fda31227f4a6087ba8e5b The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

Malicious code in auto-backup-linux (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e6f1fce241db64e9804a2eee083721b8374a2f27d8f4f2c51ce77a8e7687c61e Package performs a "backup" of files to a remote location. This functionality is clearly described, but the user has no control over the remote location where...

MAL-2026-924 Malicious code in auto-backup-macos (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 64b97d3c3597539dc5a2cc2d81491eb2a0350011b3d80ef927546bc30701f924 Package performs a "backup" of files to a remote location. This functionality is clearly described, but the user has no control over the remote location where...

AZL-73520 CVE-2025-69224 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed i.e. without the usual C extensions ...

AZL-73494 CVE-2025-69223 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

AZL-73517 CVE-2025-69223 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

EUVD-2026-0928

Malicious code in lium-io-gztensor PyPI...

Malicious code in lium-io-gztensor (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2f87521be2fb53979b969dc362d41bfcf6c9f860f8d6517a76889a81dedc06a1 This is a typosquatting/dependency confusion package that is part of a campaign embedding malicious code but was found before the malicious code was injected...

EUVD-2026-0929

Malicious code in lium-4-96 PyPI...

EUVD-2026-0930

Malicious code in async-substrate-interface-upgrade PyPI...

EUVD-2026-0931

Malicious code in celium-collateral-upgrade PyPI...

EUVD-2026-0926

Malicious code in gztensor-cli PyPI...

EUVD-2026-0941

Malicious code in pyrogrom PyPI...

EUVD-2026-0790

Malicious code in aiihttp PyPI...

EUVD-2026-0791

Malicious code in aoohttp PyPI...

Malicious code in aoohttp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9d3438b2d065c0535b5ac80ce789201be4f8095642d0f10a20a7da13d46152f8 Obfuscated code downloads an encrypted binary blob, which is malware finally starting cryptomining. After starting the malware, the Python package uninstall...

EUVD-2026-0792

Malicious code in auohttp PyPI...

EUVD-2026-0793

Malicious code in aiohtto PyPI...