7921 matches found
MAL-2026-2146 Malicious code in databricks-clean-room-orchestrator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fbc98178bc405d7a11a93726ed2eb1919477f5fad01b06272d90615c87755663 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in databricks-clean-room-orchestrator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fbc98178bc405d7a11a93726ed2eb1919477f5fad01b06272d90615c87755663 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2145 Malicious code in compose-rl (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d7bb3250324aea46c0121883650a393aeee3569ba3a3a8f202530bdc523a5735 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-2152 Malicious code in target-iceberg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 95793a2b88fbc5bdaa5d42387e7472b796fe34c61959909a928f534137c101d9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
EUVD-2026-14601
Trivy ecosystem supply chain was briefly compromised...
GHSA-69FQ-XP46-6X23 Trivy ecosystem supply chain was briefly compromised
Summary On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious commits. On March 22...
Malicious code in privaton-beacon-img-8f3603448690bdde-png (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron be565465ab48d5cf9d07625d2414c21814f63826ea9325c35dca838e40aa24e9 This package is an install-time-executable sdist that uses setup.py paired with an opaque data.bin payload and a beacon name...
MAL-2026-2201 Malicious code in privaton-beacon-img-8f3603448690bdde-png (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron be565465ab48d5cf9d07625d2414c21814f63826ea9325c35dca838e40aa24e9 This package is an install-time-executable sdist that uses setup.py paired with an opaque data.bin payload and a beacon name...
CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...
CVE-2026-33634 Trivy ecosystem supply chain briefly compromised
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...
CVE-2026-33634 Trivy ecosystem supply chain briefly compromised
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...
CVE-2026-33634 Trivy ecosystem supply chain briefly compromised
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...
CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...
CVE-2026-33634
CVE-2026-33634 is tied to a supply-chain compromise involving Aqua Security Trivy. Concrete details show: (1) affected items include Trivy binary/image v0.69.4, and GitHub Actions components aquasecurity/trivy-action (versions 0.0.1–0.34.2, 76/77 forced-pushed) and aquasecurity/setup-trivy (0.2.0...
Aqua Security多款产品 安全漏洞
Aqua Security Trivy and Trivy Action are both products of Aqua Security. Trivy is a comprehensive and multifunctional security scanner. Trivy Action is a container vulnerability scanning software. Several products from Aqua Security have security vulnerabilities, which stem from supply chain...
VulnCheck KEV: CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...
PT-2026-27246
Name of the Vulnerable Software and Affected Versions aquasecurity/trivy version 0.69.4 aquasecurity/trivy versions 0.69.5 through 0.69.6 aquasecurity/trivy-action versions 0.0.1 through 0.34.2 aquasecurity/setup-trivy versions 0.2.0 through 0.2.6 Description A supply chain attack occurred where ...
MAL-2026-2028 Malicious code in pipinpeace-bind (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e78be1bf65bda1455a5f08dafdf69aef528e4fb206333e1ecb6c6a97fe8adbc2 Package is designed to start a bind shell during installation. However, it requires providing the port as an installation parameter, which suggests it's more...
Malicious code in pipinpeace-reverse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 471ba9f8dde66035e8bff446fc8acb160f041648a1fc47dd3f00db6e2ea58d08 Package is designed to start a reverse shell during installation. However, it requires providing a URL as an installation parameter, which suggests it's more...
MAL-2026-2029 Malicious code in pipinpeace-reverse (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 471ba9f8dde66035e8bff446fc8acb160f041648a1fc47dd3f00db6e2ea58d08 Package is designed to start a reverse shell during installation. However, it requires providing a URL as an installation parameter, which suggests it's more...