CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2025/10/15 8:25 p.m.•6 views

MAL-2025-191862 Malicious code in saintone (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d762a42d55901a472c7070197cef989428ecb0140acfe02c72d719d74b430436 Code downloads and starts an executable widely recognized as malware, then sends some results to a Telegram webhook. --- Category: MALICIOUS - The campaign has...

OSSF Malicious Packages•added 2025/10/15 8:24 p.m.•4 views

Malicious code in md5-en (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1c7608df27812e170abf1fa650287b87174700cd5a23658ae8d81317f7cd93dc Code downloads and starts an executable widely recognized as malware, then sends some results to a Telegram webhook. --- Category: MALICIOUS - The campaign has...

7AI score

OSV•added 2025/10/15 8:24 p.m.•2 views

MAL-2025-191649 Malicious code in md5-en (PyPI)

OSSF Malicious Packages•added 2025/10/14 9:40 a.m.•5 views

Malicious code in tosa-serialization-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5badd7c7414eb1f6fbdf1934b42ffe74549daa74508afd092af853097170eb8e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.3AI score

OSV•added 2025/10/14 9:40 a.m.•4 views

MAL-2025-191908 Malicious code in tosa-serialization-lib (PyPI)

7.2AI score

The Hacker News•added 2025/10/14 7:9 a.m.•5 views

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control C2 channel to transmit stolen data to actor-controlled webhooks. Webhooks on Discord are a way to post messages to channels in the platform...

6.7AI score

Exploits0

OSSF Malicious Packages•added 2025/10/13 7:46 a.m.•6 views

Malicious code in mcp-runcmd-server (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2e5608c421ba44a3a2e20b924bd3399d6452dba66e7aea10a0fcdc8044f5a996 Package starts a reverse shell to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

7.6AI score

OSV•added 2025/10/13 7:46 a.m.•3 views

MAL-2025-191788 Malicious code in mcp-runcmd-server (PyPI)

7.5AI score

OSSF Malicious Packages•added 2025/10/10 7:24 p.m.•4 views

Malicious code in hexdec (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b35c77c73cb594ed27985ac5e797ed54657a3301e976728e8fdf06dedb94e085 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

OSV•added 2025/10/10 7:24 p.m.•1 views

MAL-2025-191629 Malicious code in hexdec (PyPI)

6.8AI score

OSSF Malicious Packages•added 2025/10/10 4:27 p.m.•4 views

Malicious code in python3-6 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d48e27507362baa15b8e41d1554bce82077fcc870112ab6cb4d17694b47c8ef3 During installation, the obfuscated code is run and connect with a remote server. In the current version, the code just opens a URL without exfiltrating any...

7.2AI score

Wolfi•added 2025/10/10 2:20 p.m.•4 views

CVE-2025-8291 vulnerabilities

Vulnerabilities for packages: python...

4.3CVSS6.7AI score0.00345EPSS

Exploits0

OSSF Malicious Packages•added 2025/10/10 10:5 a.m.•7 views

Malicious code in mcp-runcommand-server2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 36fb61d44529c380f204d5a210017989695ef39df6adfce7ccfb08e48a17b594 Package starts a reverse shell to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

7.6AI score

OSV•added 2025/10/10 10:5 a.m.•2 views

MAL-2025-191648 Malicious code in mcp-runcommand-server2 (PyPI)

7.5AI score

OSSF Malicious Packages•added 2025/10/10 10:5 a.m.•6 views

Malicious code in mcp-runcommand-server (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 17f8adb9e7e30e13f8656300881d4e04975f499c03c2f1dbea2e00fd86c357a5 Package starts a reverse shell to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

7.6AI score

OSV•added 2025/10/10 10:5 a.m.•2 views

MAL-2025-191647 Malicious code in mcp-runcommand-server (PyPI)

7.5AI score

vulnersOsv•added 2025/10/08 5:51 p.m.•1 views

raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2025-61672 via matrix-synapse (=0.33.9)

matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2025-61672 Source advisory: OSV:GHSA-FH66-FCV5-JJFR...

5.3CVSS5.8AI score0.0044EPSS

Exploits0

OSSF Malicious Packages•added 2025/10/08 12:45 p.m.•4 views

Malicious code in anothertestproject (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f9afc767fc8ba3416898082c5c16725f6006f89401be77366b8fdf487aeb51e5 Package contains a malicious executable and a function to start it. The executable is detected by AV and appears to be an infostealer --- Category: MALICIOUS -...

OSV•added 2025/10/08 12:45 p.m.•2 views

MAL-2025-191681 Malicious code in anothertestproject (PyPI)

6.8AI score