CVE-2026-30643

An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload...

DesDev DedeCMS 安全漏洞

DesDev DedeCMS is an open-source content management system CMS developed by DesDev Corporation in China. It operates on the PHP platform and offers functions such as content publishing, management, editing, and retrieval. Version 5.7.118 of DesDev DedeCMS contains a security vulnerability, which...

PT-2026-29567

🔴 CVE-2026-30643 - Critical An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload. https://t.co/rjHTzSsdI1 https://t.co/y2qo3h5iFP...

Malicious code in officepyai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 563256c9d63fdb25dd344ade9c0df9605a7b22e3fc849f2512f5366e557e562c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in lakeflow-community-connectors (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 931d6183e0dc407fb2c14769dcebb7d1845f4af9ca0b26766d75d783b5611165 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

PT-2026-29282

Uncontrolled search path elements in Anthropic Claude for Windows installer Claude Setup.exe versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs e.g., profapi.dll from its own directory after UAC elevation, enabling arbitrary code...

MAL-2026-2305 Malicious code in databaseroboats (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 758a06f15ef5917ecf964bae5fa46f084b028b69c8dd133acb90da972f6a6f09 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-2304 Malicious code in spanner-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 659a15d63f794432104121cf729687768f76fa3dadd0b4ae9d8c9327021122af Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in spanner-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 659a15d63f794432104121cf729687768f76fa3dadd0b4ae9d8c9327021122af Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2303 Malicious code in prodaccess (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 71f3b91c61448eb2dee3cfb46f56b4e38dab0202af78c52163d5b6ab98e85c2d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in dremel (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27df3a2ebf6e129a3e640d55b9dd03b5f21cef1694cd6ccdae97e456f098ce2c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2302 Malicious code in loas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0177c14c2fb08f69729838152272244428733a8e3682c3cbdc6780ea2fab6e38 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2019-25653

Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer of 550 repeated characters into the password parameter during Oracle connection...

kernel: Linux kernel: Local denial of service and memory leak in DAMON sysfs via setup failure

A flaw was found in the Linux kernel's Data Access MONitor DAMON sysfs interface. A local attacker, typically a privileged user, could exploit a cleanup bug during DAMON context setup. If the setup fails after the attrs directory is created, stale sysfs directories are left behind. This can lead ...

CVE-2018-25233

Affected software: WebDrive 18.00.5057. Vulnerability: Denial of Service via Secure WebDAV. A local attacker can crash the application by sending an excessively long string in the username field during Secure WebDAV connection setup, with a described 5000-byte buffer-overflow payload in the usern...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection in the installmodeldependenciestoenv function. An attacker can execute arbitrary commands by supplying a crafted model artifact containing malicious dependency specifications in the pythonenv.yaml file, which...

PT-2026-29019

🚨 CVE-2018-25233 WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in...

MAL-2026-2295 Malicious code in databaseroboat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3c3d5d00b97ea534e5873e4b0aecaa2895fcc25dfca987d487dcc2510cf14f3a During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in databaseroboat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3c3d5d00b97ea534e5873e4b0aecaa2895fcc25dfca987d487dcc2510cf14f3a During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-2291 Malicious code in pychatz (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 adc76f6c0051f3b8b31b378b6b6078e553750338e2489de9de83315bea349657 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...