Malicious code in rippling-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bac12bb851f49ac4801addcf6964c854abe90430140d3e75e4eefcd4c7cf1bf0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

[SECURITY] [DLA 4425-1] python-django security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4425-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb December 29, 2025 https://wiki.debian.org/LTS -...

Debian dla-4425 : python-django-doc - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4425 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4425-1 [email protected]...

Debian: Security Advisory (DLA-4425-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-CFFC-MXRF-MHH4 Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval

Summary Picklescan uses numpy.f2py.crackfortran.parameval, which is a function in numpy to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the numpy.f2py.crackfortran.parameval function via reduce method....

EUVD-2025-205651

Malicious code in awsutil PyPI...

EUVD-2025-205639

Picklescan is vulnerable to RCE through missing detection when calling built-in python operator.methodcaller...

cyber-attack-detection-main

🔥 Smart Firewall with Machine Learning WAF + ML Đồ án d...

Security Bulletin: Vulnerability in pip affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in pip has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

Security Bulletin: Vulnerability in Python-Future 1.0.0 module affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Python-Future 1.0.0 module has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional...

CVE-2025-54322

Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used...

CVE-2025-68668

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands...

OPENSUSE-SU-2025:15849-1 python311-3.11.14-3.1 on GA media

These are all security issues fixed in the python311-3.11.14-3.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15851-1 python313-3.13.11-1.1 on GA media

These are all security issues fixed in the python313-3.13.11-1.1 package on the GA media of openSUSE Tumbleweed...

Debian: Security Advisory (DLA-4421-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-4425-1 python-django - security update

Bulletin has no description...

python311-openapi-core-0.22.0-1.1 on GA media (moderate)

python311-openapi-core-0.22.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15848-1 Rating: moderate Cross-References: CVE-2025-66221 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

EUVD-2025-205525

Malicious code in cryptozip PyPI...

MAL-2025-192956 Malicious code in cryptozip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 157ea6b1f1c3d4ed5564c494db770e9156f3e269f12cefec6e4270085a762f26 During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware --- Category: MALICIOUS - The...

EUVD-2025-205490

Malicious code in aiogram-types-v3 PyPI...