EUVD-2025-205938

Malicious code in brolool4141412 PyPI...

Malicious code in broooxddd1414 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 96d927b6bf59d0d5aeea78de6b99df11c32ad0e467da980917a16703d5a1c0d1 Package tests possible malicious actions during installation by starting notepad. There is no other functionality, it's clearly a test of possible malicious...

EUVD-2025-205939

Malicious code in broooxddd1414 PyPI...

EUVD-2025-205940

Malicious code in weorewfoi2393 PyPI...

EUVD-2025-205941

Malicious code in pyrogrem PyPI...

MAL-2025-192991 Malicious code in pyrogrem (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 42a10da9545ede038913b53b3619d36a94708a854536263f6a97c5d4d30a9b65 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

EUVD-2025-205942

Malicious code in umap PyPI...

MAL-2025-192992 Malicious code in umap (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f6dd42f96f818641d94fd4a2085dfd1071b6ce3fa44a3f05b785245ab4d1c886 Simple dependency confusion test. Versions before 0.1.2 do not perform any active action. The original umap package existed in the past, but was removed by the...

ai-box-lib (>=0.1.0 <=0.1.9), aligned-py (>=0.1.0 <=0.2.0a0) +78 more potentially affected by CVE-2025-68131 via cbor2 (>=5.0.1 <=5.7.1)

cbor2 PYPI version =5.0.1, =0.1.0, =0.1.0, =0.13.0, =0.5.5.post5, =0.5.5.post4, =0.2.0, =0.10.6, =0.7.1a0, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2025-68131 Source advisory: SNYK:PYTHON-CBOR2-14742478...

ai-box-lib (>=0.1.0 <=0.1.9), aligned-py (>=0.1.0 <=0.2.0a0) +86 more potentially affected by CVE-2025-68131 via cbor2 (>=4.1.2 <=5.7.1)

cbor2 PYPI version =4.1.2, =0.1.0, =0.1.0, =0.13.0, =0.5.5.post5, =0.5.5.post4, =0.2.0, =0.10.6, =0.7.1a0, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2025-68131 Source advisory: OSV:PYSEC-2025-90...

EulerOS Virtualization 2.13.0 : python-pip (EulerOS-SA-2025-2616)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers...

EulerOS Virtualization 2.13.1 : python-pip (EulerOS-SA-2025-2630)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-2628)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unity Linux 20.1070e Security Update: python3 (UTSA-2025-993334)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993334 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can b...

Unity Linux 20.1070e Security Update: python3 (UTSA-2025-993333)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993333 advisory. When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues Tenable has...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2025-2630)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2025-2616)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-ldap (EulerOS-SA-2025-2615)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-ldap (EulerOS-SA-2025-2629)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.13.0 : python-ldap (EulerOS-SA-2025-2615)

According to the versions of the python-ldap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitizatio...