13250 matches found
MAL-2025-192683 Malicious code in ai-cypher (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5484d32cf20d26ce1585cb1cf90d2ed28c9cf9ccdcf038976a5cec33dd939e4d The compiled native extension hides the code that during import exfiltrates sensitive Telegram files. --- Category: MALICIOUS - The campaign has clearly...
OPENSUSE-SU-2025:15838-1 python311-tornado6-6.5.4-1.1 on GA media
These are all security issues fixed in the python311-tornado6-6.5.4-1.1 package on the GA media of openSUSE Tumbleweed...
EUVD-2025-204617
Malicious code in system-health-check-test-unique PyPI...
EUVD-2025-204525
Malicious code in connections-api-hidden-runner PyPI...
EUVD-2025-204526
Malicious code in hidden-powershell-runner-ax7 PyPI...
Malicious code in hidden-powershell-runner-ax7 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5785c01837ec1727b89125cf1a3fec3ad941c4ff0b1246d8d16fec1dff53223a Importing the module downloads and starts remote executable identified as malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2025-192659 Malicious code in hidden-powershell-runner-ax7 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5785c01837ec1727b89125cf1a3fec3ad941c4ff0b1246d8d16fec1dff53223a Importing the module downloads and starts remote executable identified as malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
EUVD-2025-204391
Malicious code in f5rest PyPI...
MAL-2025-192609 Malicious code in f5rest (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f8084e3c4c369a7dc22b67657aa22f3faf8e9b98df2721c9ff4e4c17d36fe028 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
EUVD-2025-204392
Malicious code in f5-logger PyPI...
Malicious code in f5-logger (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 dc7c52cb0573811c8391ab93a1a04c99826ebc3fffb98aa82cfe8deb4e58fc1d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-192608 Malicious code in f5-logger (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 dc7c52cb0573811c8391ab93a1a04c99826ebc3fffb98aa82cfe8deb4e58fc1d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
EUVD-2025-204393
Malicious code in bigip PyPI...
Malicious code in bigip (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 87f7e50e3df233ffefcde85171a87ec41d45bbb3d3fb7fbc6da742e9e95b6bb1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
EUVD-2025-203913
Malicious code in trondec PyPI...
AZL-72739 CVE-2025-68146 affecting package python-filelock for versions less than 3.20.1-1
filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...
EUVD-2025-203387
Malicious code in smtblib PyPI...
aleksis (>=2022.6.0.post0 <=2023.6.1), aleksis-app-alsijil (>=2.0.0 <=3.0.1) +97 more potentially affected by CVE-2025-65431 via django-allauth (>=0.24.1 <=65.12.1)
django-allauth PYPI version =0.24.1, =2022.6.0.post0, =2.0.0, =1.0.0, =2.0.0, =2.1.0, =2.0.0, =1.0.0.dev0, =0.1.0, =2.0.0, =2.0.0, =0.1.0, =2.0.0, =1.0.0, =0.1.1, =2.0.0.dev0, =2.0.0.dev2 and more Source cves: CVE-2025-65431 Source advisory: OSV:PYSEC-2025-111...
openSUSE Security Advisory (SUSE-SU-2025:4389-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EUVD-2025-202700
Malicious code in yzip PyPI...