70 matches found
MAL-2025-192953 Malicious code in aiogram-types-v3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f6ba04e944f1dfda1aaa2d571fa79cd8ce4074a106bae228e582473226810baf During installation or importing the module, the package starts a reverse shell to hardcoded locatiom --- Category: MALICIOUS - The campaign has clearly...
CVE-2025-13428
A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...
CVE-2025-13428 RCE in SecOps SOAR server via user-provided Python packages
A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...
PT-2025-49804
A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...
Malicious code in huzzleup (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 96519e802e0761cc6f22ffc2dde7aee04fc6806f5831c1e98c15512792a3cd1d Package simulates malicious activity during installation and has no other purpose --- Category: PROBABLYPENTEST - Packages looking like typical pentest package...
MAL-2025-191670 Malicious code in abhamzufu (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7ef1806d244274823ed462cd27dc9ec91a4c26d7bc7141bd652ecf05cb40c2dc Package simulates malicious activity during installation and has no other purpose --- Category: PROBABLYPENTEST - Packages looking like typical pentest package...
Malicious code in hello-from-shiphero (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 00eb05ac59ee167606a053bd1ac9f705de178f9a576e6fe78bae415d599157b1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Unsafe Dependency Resolution
Overview kedro is a Kedro helps you build production-ready data and analytics pipelines Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the pullpackage API function. An attacker can execute arbitrary commands on the victim's machine by exploiting the...
CVE-2024-12215
In kedro-org/kedro version 0.19.8, the pullpackage API function allows users to download and extract micro packages from the Internet. However, the function projectwheelmetadata within the code path can execute the setup.py file inside the tar file, leading to remote code execution RCE by running...
CVE-2024-12215 Remote Code Execution in kedro-org/kedro
In kedro-org/kedro version 0.19.8, the pullpackage API function allows users to download and extract micro packages from the Internet. However, the function projectwheelmetadata within the code path can execute the setup.py file inside the tar file, leading to remote code execution RCE by running...
MAL-2024-12227 Malicious code in calcnotepad (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 84ad749380bb774a5cc7da818c03f863ee2838773e46e0a5c4cff469e1647962 Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...
Malicious code in hello-bozzo2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 96e02710356e7f0a4dee853d165a2d18a0a4addad3a07c397e495f61f6bc92fa Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
MAL-2024-12288 Malicious code in honestjson (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e5703b401839f166c2d73a6e56aa7e747cf19b4035bba3f4c5aee116a41a344f Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
MAL-2024-12277 Malicious code in get-time-zzs (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 32b5c264a16b0327f601265edb8f3d69b915695ab82d184c724d5e79d32d3f11 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
Malicious code in honestjson (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e5703b401839f166c2d73a6e56aa7e747cf19b4035bba3f4c5aee116a41a344f Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
MAL-2024-12205 Malicious code in artifact-lab-3-package-e7ffd2ef (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a8260a6eedf520242c3d3c6ecca58394fd6b2cb465a2a1d9e34ece20db529d4b Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simp...
MAL-2024-12343 Malicious code in shinchina (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0a21b3328ab75bc0d00f300ad728fa27c3b3acc2396d7af90522856afe628aca Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2024-12350 Malicious code in springboot (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 16d85bf1869194ac1171299e8e0d4e04cbe415bdde4f6eb08730c6018f8958bc Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in blab111 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bc1ea66b7bd97f1590f64319f168a1e5ce5f257bf47595de26247cc07a48f80c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2024-12284 Malicious code in hello-world-installer-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 aef5897e3e41898c7d14d6acf00254f63adbd159b1a9cc9adba26603edee668c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...