Lucene search
K

9169 matches found

OSV
OSV
added 2025/03/02 5:5 p.m.3 views

MAL-2025-2973 Malicious code in marinff-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c25b081dd711bcb5076c5fbd0ea034850b8e428fed345d93e60036e0e91c9f66 Installing the package starts a reverse shell. The remote server is, however, set as a local IP, so it's most probably testing --- Category: PROBABLYPENTEST -...

7.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/02 5:5 p.m.4 views

Malicious code in marinff-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c25b081dd711bcb5076c5fbd0ea034850b8e428fed345d93e60036e0e91c9f66 Installing the package starts a reverse shell. The remote server is, however, set as a local IP, so it's most probably testing --- Category: PROBABLYPENTEST -...

7.5AI score
Exploits0References1
OSV
OSV
added 2025/03/01 3:16 p.m.8 views

MAL-2025-3454 Malicious code in piedefender (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f8a30e991bd97073c50a9cdabb10842f2c5ae074c46fcd0aeff5d7917d4b56fa setup.py is prepared to download and run an obfuscated batch script. While the script is not detected by any AV currently, in the sandbox analysis it reveals...

7.6AI score
Exploits0References4
PyPA
PyPA
added 2025/02/26 3:15 p.m.8 views

PYSEC-2025-18

picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...

5.3CVSS6.9AI score0.01498EPSS
Exploits2References3Affected Software1
The Hacker News
The Hacker News
added 2025/02/26 10:40 a.m.13 views

Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads

Cybersecurity researchers have flagged a malicious Python library on the Python Package Index PyPI repository that facilitates unauthorized music downloads from music streaming service Deezer. The package in question is automslc, which has been downloaded over 104,000 times to date. First publish...

7AI score
Exploits0
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.3 views

picklescan 安全漏洞

picklescan is a security scanning program by the individual developer Matthieu Maitre. A security vulnerability exists in versions of picklescan prior to 0.0.21, which stems from not treating pip as an insecure global variable, which could lead to a malicious model introducing a malicious PyPI...

9.8CVSS8.7AI score0.01498EPSS
Exploits2References5
OSV
OSV
added 2025/02/25 8:53 p.m.4 views

MAL-2025-2969 Malicious code in kgmicolors (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0d93708c54253e6772832d4aa1ef7f59e5f4f4c159d5ffaaa4045d8267b15b30 Package contains hidden code that downloads a next stage script, which finally downloads and starts a malware from XWORM family as well as an infostealer ---...

7.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/25 6:18 p.m.6 views

Malicious code in tcloud-python-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 221affa8a84428ae21f288ce299d114742d269e7bbcbf223a0aa666327fae2c4 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score
Exploits0References6
OSV
OSV
added 2025/02/25 6:18 p.m.9 views

MAL-2025-2929 Malicious code in acloud-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4900ca27e14ecb6f022a740bd420fa046084355344379dd21a2b59c53d1c95f1 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/25 6:18 p.m.3 views

Malicious code in acloud-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4900ca27e14ecb6f022a740bd420fa046084355344379dd21a2b59c53d1c95f1 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/25 6:18 p.m.3 views

Malicious code in timekeeper-verifier (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3a20fe9fed2445d097ddfd628d59e1b8149913aec4915c112cacfa9fb7cdfc6e This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/25 6:18 p.m.5 views

Malicious code in time-service-checker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 92ae5fc73fd7cc45d02ba02f6c3b667d155f681ba74262d66421edee5f19d237 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/25 6:18 p.m.5 views

Malicious code in credential-python-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6c6598ac9c321af3b0526ddceb5ffc6e78d593e0c3e6bdd259b06c0792705cc6 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/25 6:18 p.m.6 views

Malicious code in serverkeeper-verifier (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 62ec235d314e175928f82504dade8d7f8313bc88707038976e5be6d78709b869 This campaign is built from two parts: 1 packages named like time-check-server, snapshot-photo contain an innocent-looking code that sends "date" to a remote...

7.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/24 10:6 a.m.7 views

Malicious code in transaction-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 49ab525dda997f7abc07f4ef30a62443e40a0f01e218b74d6db9b378fe51f2a4 Package contains obfuscated code that exfiltrate basic data and awaits for commands from the remote server to execute them. This is a malicious copy of...

7.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/24 10:6 a.m.4 views

Malicious code in coinanalyze (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f7faa2aef0e6f2b325d841b405418465db3f0dd601519861d70df45bb4d7adb5 Package contains obfuscated code that exfiltrate basic data and awaits for commands from the remote server to execute them. This is a malicious copy of...

7.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/24 10:6 a.m.5 views

Malicious code in coinanalysis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 786d19aeeea93da949996b447b05122b0750075cb98b943dcb27c0ea622521ea Package contains obfuscated code that exfiltrate basic data and awaits for commands from the remote server to execute them. This is a malicious copy of...

7.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/24 10:6 a.m.6 views

Malicious code in coingenerator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 78810d9638861bd92d3f96d7e29a552a41eb97b69b8deba84892cc7f458fb8c0 Package contains obfuscated code that exfiltrate basic data and awaits for commands from the remote server to execute them. This is a malicious copy of...

7.6AI score
Exploits0References1
OSV
OSV
added 2025/02/21 9:50 p.m.6 views

MAL-2025-3000 Malicious code in solders-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eff6c26674dd4f0408742c46785656c3a5d19ca0a87366a60534d37d5a54e687 The only thing the package does is send out all the given data about a cryptocurrency transaction, including the private key, to a hardcoded webhook. Feedback...

6.8AI score
Exploits0References1
OSV
OSV
added 2025/02/18 8:50 p.m.5 views

MAL-2025-191869 Malicious code in sintok (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7ac54e69b2c1c8f39c9a938ce34d0f0382a0185aa821e4d8e6eaeaac1c456ecb Importing the module starts Obfuscated code that downloads a well-recognized malware. In the further variations, the code that download and starts the maliciou...

7.2AI score
Exploits0References2
Rows per page
Query Builder