MAL-2026-1288 Malicious code in arnavtest123 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d77a638a8dbd52def0458fe1227c5dd5491bc8fedb0ae9e50f28eed74e4ef89d During installation, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

Malicious code in demozecosse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1fd7840785d53d90edc61c6138072f4ed7a01b35dd05d76d9d6f5343ec93bff7 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

MAL-2026-1283 Malicious code in demozecob (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f6e22f0d73fc85bdf6e0948da43079380af2a809146077afae2fd451315397e0 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

Malicious code in demozecox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b32c6e6d2566a58b9a104d162c060982bff488fa547fb706c43553d0b7185ccb Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

Malicious code in demozecosso (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ca3839025ccad67334436cff10b99fc2c407515ed2d9a4e146d11b253b356c8a Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

MAL-2026-1284 Malicious code in demozecosso (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ca3839025ccad67334436cff10b99fc2c407515ed2d9a4e146d11b253b356c8a Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

Malicious code in xmrig-miner (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3d760afc863697f46cbb6716644c1e7b7e937044ee10ce72b3bce7b549cdcc8 Importing the module starts a silent cryptocurrency mining in the background for a hardcoded wallet. --- Category: MALICIOUS - The campaign has clearly malicio...

Malicious code in py-sysbench (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bcd34dcdc69398d2b97a0890cc550974824096b2844524f868505aa32032f147 Importing the module starts a silent cryptocurrency mining in the background for a hardcoded wallet. --- Category: MALICIOUS - The campaign has clearly malicio...

MAL-2026-1280 Malicious code in py-sysbench (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bcd34dcdc69398d2b97a0890cc550974824096b2844524f868505aa32032f147 Importing the module starts a silent cryptocurrency mining in the background for a hardcoded wallet. --- Category: MALICIOUS - The campaign has clearly malicio...

Malicious code in cpucheck (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5c9d20d009145b270e9b9f2bb73540bb7484845f0cbe9c73f4cf20cc28f776c9 Importing the module starts a silent cryptocurrency mining in the background for a hardcoded wallet. --- Category: MALICIOUS - The campaign has clearly malicio...

flask_ssti_exploit

Tools for Exploiting SSTI Vulnerabilities under Flask Di...

Plasma

Plasma !Pythonhttps://img.shields.io/badge/python-3.10%2B-...

python311-nltk-3.9.3-1.1 on GA media (moderate)

python311-nltk-3.9.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10304-1 Rating: moderate Cross-References: CVE-2026-0847 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

openSUSE 16 Security Update : python-uv (openSUSE-SU-2026:20330-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20330-1 advisory. This update for python-uv fixes the following issue: - CVE-2025-13327: parsing differentials when processing specially crafted ZIP archives during packa...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-005912)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005912 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's...

CVE-2026-29186

Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the...

MAL-2026-1278 Malicious code in chat-xdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e1f6d17089af4d8a0d8ab4b5ab9398a250b54d8d605c178080a7f275a6ab4687 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Denial Of Service (DoS)

Python-Markdown is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of malformed HTML-like sequences during Markdown parsing, where html.parser.HTMLParser may raise an unhandled AssertionError, allowing attacker-supplied Markdown input to crash the application...

2sio (>=0.1.0 <=0.1.5), 4mica-x402 (>=0.1.0 <=1.2.3) +44 more potentially affected by unknown CVE via x402 (=2.12.0)

x402 PYPI version =2.12.0 is affected by a known vulnerability. The following packages have a transitive dependency on x402 and may be impacted: - 2sio =0.1.0, =0.1.0, =0.2.0, =1.0.0, =0.3.14, =0.1.1, =0.5.4, =0.1.0, =0.1.0, =0.3.0, =0.3.5 - foldset =0.1.0 - foldset-django =0.1.0 and more Source...

GHSA-QR2G-P6Q7-W82M x402 SDK Security Advisory

Impact A security vulnerability exists in outdated versions of the x402 SDK. This vulnerability does not affect users' private keys, smart contracts, or funds. The issue impacts resource servers accepting payments on Solana when the facilitator is running a vulnerable version of the x402 SDK. Who...