CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/04/28 4:14 p.m.•6 views

Malicious code in genmedia-izumi-agent (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6afd24d0d974a2b6b82c9aa120945d1c531a3ea17e81bbdf526890f2f0e18905 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSV•added 2026/04/28 4:14 p.m.•2 views

MAL-2026-3130 Malicious code in genmedia-izumi-agent (PyPI)

OSV•added 2026/04/28 8:25 a.m.•5 views

MAL-2026-3127 Malicious code in coloreasyprint (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d52af876a91a6ff5ff8144b705201fd465db94ad89f0e1b37bd22fe6ca0f5622 During import, the code downloads and executes encrypted payload from remote location. During analysis, remote code was prepared to download the next stage...

5.8AI score

Packet Storm News•added 2026/04/28 12:0 a.m.•20 views

EDySec: A Deep Learning-Based Explainable Dynamic Analysis Framework for Detecting Malicious Packages in PyPI Ecosystem

The security of open-source software repositories is increasingly threatened by next-gen software supply chain attacks. These attacks include multiphase malware execution, remote access activation, and dynamic payload generation. Traditional Machine Learning ML detectors struggle to detect these...

OSV•added 2026/04/28 12:0 a.m.•3 views

Exploits0

OPENSUSE-SU-2026:10648-1 python315-3.15.0~a8-3.1 on GA media

These are all security issues fixed in the python315-3.15.0a8-3.1 package on the GA media of openSUSE Tumbleweed...

9.1CVSS5.2AI score0.00517EPSS

Exploits1References5

Tenable Nessus•added 2026/04/28 12:0 a.m.•4 views

Oracle Linux 6 : python (ELSA-2026-6007)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6007 advisory. - Fix CVE-2025-15366 and CVE-2025-15367 Orabug: 39141391 Tenable has extracted the preceding description block directly from the Oracle Linux security...

5.9CVSS7.4AI score0.00315EPSS

Exploits0References3

OSSF Malicious Packages•added 2026/04/27 9:21 p.m.•7 views

Malicious code in mypypipkg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a94a9bbd6a292f754fedd6ae737eaf5259925cf382a610c9d63e9d210a3f3677 When running as a module, the package starts a VSCode tunnel and exfiltrates the connection link to the hardcoded target. This lets the attacker connect the...

OSV•added 2026/04/27 4:31 p.m.•2 views

MAL-2026-3100 Malicious code in fetch-data-api-syncapi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dda63ba0d0dbd4ddf1d89523cacf89d51ffc9a25891e38cb49a9e424721fba9d The package contains code to download and start a malicious executable. It's masqueraded using name similar to Windows services. In analyzed versions, the code...

Github Security Blog•added 2026/04/27 3:30 p.m.•5 views

Exploits0References4

pip Vulnerable to Inclusion of Functionality from Untrusted Control Sphere

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.3CVSS5.8AI score0.00138EPSS

Exploits0References6Affected Software1

UbuntuCve•added 2026/04/27 3:16 p.m.•2 views

CVE-2026-6357

5.3CVSS5.8AI score0.00138EPSS

EUVD•added 2026/04/27 2:19 p.m.•3 views

EUVD-2026-25857

5.3CVSS5.3AI score0.00138EPSS

Cvelist•added 2026/04/27 2:19 p.m.•24 views

CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation

5.3CVSS0.00138EPSS

OSSF Malicious Packages•added 2026/04/27 5:24 a.m.•7 views

Malicious code in bytedaaa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fedb317c49dbeddcfa00503c821197919801ee034dd6713e6a1c45ea68ebd7dc Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSV•added 2026/04/27 5:24 a.m.•2 views

MAL-2026-3085 Malicious code in bytedaaa (PyPI)

OSSF Malicious Packages•added 2026/04/27 5:23 a.m.•4 views

Malicious code in bytedecs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 33034832d7823023eca4d7640030b040b26d4d5274e222bf294b7cf0be28430c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSV•added 2026/04/27 5:23 a.m.•3 views

MAL-2026-3090 Malicious code in bytedecs (PyPI)

OSSF Malicious Packages•added 2026/04/27 5:22 a.m.•4 views

Malicious code in bytedark (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b1b29d53129e34fa2f09eacd9218f1bf87711e4a88587ee9c5f4453cfb6974ac Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

OSSF Malicious Packages•added 2026/04/27 5:21 a.m.•7 views

Malicious code in bytedai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6453b603ad8bfd1ff4463c1bd86e1930757b08239ec949b01fbc95ca0c5486a6 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...