13250 matches found
EUVD-2025-202304
Malicious code in ajenti-plugin-testing-pyld PyPI...
Malicious code in ajenti-plugin-testing-pyld (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8f75e248c6b93183d9fb3295781e0ffda38ca1afa25cefb866205312f2a78cfd Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
EUVD-2025-201881
A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...
EUVD-2025-202181
Malicious code in bignum PyPI...
Malicious code in bignum (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 251c8009e3a70f8c3a3a8283dc7f2b603838ec892d7773f0b4886122ff0d97c5 In this incarnation, the package is no longer a clone of networkx, but continues to use the same technique to run secretly remote code and cover tracks ---...
MAL-2025-192391 Malicious code in bignum (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 251c8009e3a70f8c3a3a8283dc7f2b603838ec892d7773f0b4886122ff0d97c5 In this incarnation, the package is no longer a clone of networkx, but continues to use the same technique to run secretly remote code and cover tracks ---...
CVE-2025-13428
A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...
EUVD-2025-201914
Malicious code in do-not-install-this-package-001 PyPI...
EUVD-2025-201907
Malicious code in telcoo PyPI...
Malicious code in telcoo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c96937a82adce2ecc6628245fd858587131511b4145c04f577ec25d8fa846577 Running the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-12-evil-rce...
EUVD-2025-201908
Malicious code in graphsync PyPI...
EUVD-2025-201887
Malicious code in raft-dask PyPI...
CVE-2025-13428
CVE-2025-13428 affects the SecOps SOAR server. The vulnerability arises from weak validation of uploaded Python package code in custom integrations, allowing an authenticated user with an IDE role to achieve Remote Code Execution (RCE) via a malicious setup.py during installation. Impact is serve...
CVE-2025-13428 RCE in SecOps SOAR server via user-provided Python packages
A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...
EUVD-2025-201857
Malicious code in sketchfab-spinner PyPI...
Malicious code in sketchfab-spinner (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f004e2139080a087917f5cfc654423a3ed60ca232dd8a051955d6af9508b1a8f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2025-192380 Malicious code in sketchfab-spinner (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f004e2139080a087917f5cfc654423a3ed60ca232dd8a051955d6af9508b1a8f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Google SecOps SOAR Server 安全漏洞
Google SecOps SOAR Server is a security platform from Google, Inc USA. A security vulnerability exists in Google SecOps SOAR Server that stems from insufficient code validation of uploaded Python packages, which could lead to remote code execution...
PT-2025-49804
A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...
MAL-2025-192379 Malicious code in helloharry123p (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6e199ebf30ba4e39d4e6bd9fc4d31ffa9f0a7687e21f67e2e6e8c01e3f24717a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...