Lucene search
K

660 matches found

NVD
NVD
added 2 days ago4 views

CVE-2025-71350

picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collectenv.run function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS0.00395EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in inlifegram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3975a0998bf76dddc25f0138b1d4b408bb06304b3203dc1e62e0110b2b56425f InLifeGram distributes a modified copy of the pyrogram Telegram client library and installs it into the top-level pyrogram import namespace, so impor...

6AI score
Exploits0References3
OSV
OSV
added 6 days ago5 views

MAL-2026-6516 Malicious code in inlifegram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3975a0998bf76dddc25f0138b1d4b408bb06304b3203dc1e62e0110b2b56425f InLifeGram distributes a modified copy of the pyrogram Telegram client library and installs it into the top-level pyrogram import namespace, so impor...

6AI score
Exploits0References3
CVE
CVE
added 2026/06/24 5:52 p.m.92 views

CVE-2026-49980

Summary of risks and remediation for CVE-2026-49980 : Rclone 1.46.0 through 1.74.3 is vulnerable to unauthenticated command execution via rcd --rc-serve. An unauthenticated GET/HEAD request to paths like /[remote:path]/object can cause the remote value to be parsed and used during backend initial...

9.8CVSS6AI score0.00701EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/23 3:50 p.m.5 views

MAL-2026-6327 Malicious code in security-alerts-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f881805b709189d00bc52dc57c407bfecdae44fb343f92634a301c31525f6b0 Despite advertising itself as a breach-monitoring SDK, this package executes a remote-access trojan and credential harvester against any installer th...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/20 11:24 p.m.10 views

MAL-2026-6247 Malicious code in requests-enhancer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0f61f1a905e0ec1bb593f7b20d4f9a8a9e72deeb16440f72acbcaf00aeab1cd On import requestsenhancer, the package's init.py spawns a daemon thread that runs pip install...

6.7AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/20 11:24 p.m.10 views

Malicious code in requests-enhancer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0f61f1a905e0ec1bb593f7b20d4f9a8a9e72deeb16440f72acbcaf00aeab1cd On import requestsenhancer, the package's init.py spawns a daemon thread that runs pip install...

6.7AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/14 7:30 a.m.16 views

Malicious code in npm-sandbox-research-9c4e (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24c86d7d2179375f642423fc8c38f58f5740b543bacab149ba8d4cbdcd7dc4cf On install, package.json runs node run.js via a postinstall lifecycle hook. The package ships beacon scripts beacon9.js, beaconlinux.js that import...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/14 7:30 a.m.10 views

MAL-2026-5759 Malicious code in npm-sandbox-research-9c4e (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24c86d7d2179375f642423fc8c38f58f5740b543bacab149ba8d4cbdcd7dc4cf On install, package.json runs node run.js via a postinstall lifecycle hook. The package ships beacon scripts beacon9.js, beaconlinux.js that import...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 5:11 p.m.13 views

Malicious code in requests-toolbelt-plus (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38c64ca050de4910f56bc4a652890b0a378082859cb62153762c6ae08b4b8eae The package impersonates the popular requests-toolbelt library but ships an empty requeststoolbeltplus/init.py and places its real logic in setup.py...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/06/10 1:49 p.m.6 views

USN-8419-1 libhttp-daemon-perl vulnerability

It was discovered that HTTP-Daemon incorrectly handled untrusted input under certain circumstances. A remote attacker could possibly use this issue to execute arbitrary commands, create or overwrite arbitrary files, or expose sensitive information...

9.1CVSS5.9AI score0.01231EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 7:27 p.m.6 views

CVE-2026-45777

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attack...

9.3CVSS5.8AI score0.00388EPSS
Exploits1References4Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/02 2:56 a.m.13 views

Malicious code in parsimonius (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a5ab85a46a37da928774b1885049b71d40d675c54683b13711f4e371d932394a Clone of a legitimate package with an added RAT running through a Telegram bot. It can e.g. exfiltrate env variables and execute remote commands. The malicious...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 3:38 p.m.14 views

Malicious code in imgmatrix-analysis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2a9f964e4264c7bcc91047fdfb9966b1ae807e1e60fafa559d5543ed6e3dc83e During import, the package executes remote commands sourced from a Google Sheet. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/31 1:30 a.m.13 views

Malicious code in h4xupdate (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0de4da975d7b071824607be751a9ea0fb13e409eaef58d1cc0628263d5dea700 Package contains a remote control tool taking orders from a hardcoded Telegram bot. The authorship impersonate legitimate company. --- Category: MALICIOUS - Th...

6AI score
Exploits0References1
EUVD
EUVD
added 2026/05/29 4:15 p.m.10 views

EUVD-2026-33357

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote servers via unsanitized echo shell interpolation...

9CVSS6.1AI score0.00763EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-44934

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote servers via unsanitized echo shell interpolation...

9CVSS6.1AI score0.00763EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 5:50 p.m.9 views

MAL-2026-4859 Malicious code in telethon-pro-safe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8bc2e515c2eb7bf73ea5d532cfb6701dcaf3dd95e9d8248ee3d426b1d0c1ed8c During installation, package executes obfuscated code that starts a RAT-like software allowing remote control and exfiltrating sensitive data. --- Category:...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/22 9:30 a.m.10 views

MAL-2026-4395 Malicious code in @inetafrica/open-claudia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09b3881ec598069649e57612f04359886ef22331899541885248ea6a0a41bce2 Multiple files in this package contain a Telegram-bot-based command-and-control and exfiltration framework wired to install/runtime-reachable code...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/21 8:32 a.m.7 views

MAL-2026-4588 Malicious code in ionic-insta-api-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44363ea3b97b18ea938430059144fd219a58b93d04149e45da97c60322ff4868 This package presents itself as an Instagram API wrapper but silently forwards caller-supplied Instagram credentials and session data to a hardcoded...

5.5AI score
Exploits0References2
Rows per page
Query Builder