58389 matches found
MAL-2025-192393 Malicious code in ctosec-appsec-wb-xray-adapter (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 33176e85f6e5dce44273ddbf5be45cf64ddd36db281b50a5868851a32fb19d0c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
EUVD-2025-202303
Malicious code in ctosec-appsec-wb-xray-adapter PyPI...
EUVD-2025-202304
Malicious code in ajenti-plugin-testing-pyld PyPI...
Malicious code in ajenti-plugin-testing-pyld (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8f75e248c6b93183d9fb3295781e0ffda38ca1afa25cefb866205312f2a78cfd Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
EUVD-2025-201881
A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...
SUSE-SU-2025:21207-1 Security update for python311
This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory EOCD is not checked by the 'zipfile' module bsc1251305. - CVE-2025-6075: Fixed the value passed to os.path.expandvars is user-controlled a performance...
MAL-2025-192391 Malicious code in bignum (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 251c8009e3a70f8c3a3a8283dc7f2b603838ec892d7773f0b4886122ff0d97c5 In this incarnation, the package is no longer a clone of networkx, but continues to use the same technique to run secretly remote code and cover tracks ---...
Malicious code in bignum (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 251c8009e3a70f8c3a3a8283dc7f2b603838ec892d7773f0b4886122ff0d97c5 In this incarnation, the package is no longer a clone of networkx, but continues to use the same technique to run secretly remote code and cover tracks ---...
EUVD-2025-202181
Malicious code in bignum PyPI...
CVE-2025-13428
A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...
acherion (>=0.2.0 <=0.9.2), aesp (=2025.9.12) +206 more potentially affected by CVE-2025-66645 via nicegui (>=3.0.4 <=3.3.1)
nicegui PYPI version =3.0.4, =0.2.0, =1.0.0, =0.4.0, =0.1.0, =0.2.0, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =1.1.3 - autestoy =0.1.0 - auth-web-kit =1.2.2 - bellatrex =0.4.0 and more Source cves: CVE-2025-66645 Source advisory: SNYK:PYTHON-NICEGUI-14236612...
SqlScanner
SqlScanner SQL Injection Scanner deve...
OPENSUSE-SU-2025:20153-1 Security update for python-Django
This update for python-Django fixes the following issues: - CVE-2025-64459: Fixed a potential SQL injection via connector keyword argument in QuerySet and Q objects bsc1252926 - CVE-2025-13372,CVE-2025-64460: Fixed Denial of Service in 'django.core.serializers.xmlserializer.getInnerText' bsc12544...
CLSA-2025-1765287413 python-jinja2: Fix of CVE-2024-56326
CVE-2024-56326: fix format string vulnerability impacting users of applications which execute untrusted template...
EUVD-2025-201914
Malicious code in do-not-install-this-package-001 PyPI...
EUVD-2025-201907
Malicious code in telcoo PyPI...
Malicious code in telcoo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c96937a82adce2ecc6628245fd858587131511b4145c04f577ec25d8fa846577 Running the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-12-evil-rce...
EUVD-2025-201908
Malicious code in graphsync PyPI...
SUSE-SU-2025:21199-1 Security update for python311
This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory EOCD is not checked by the 'zipfile' module bsc1251305. - CVE-2025-6075: Fixed the value passed to os.path.expandvars is user-controlled a performance...
EUVD-2025-201887
Malicious code in raft-dask PyPI...