15 matches found
Malicious code in binproto (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 72de81f36a15d75d302ca94b378c3e5025b6d0cb2d24360d06527130ed053ebd When using the provided functionality, the code silently downloads and executes a malicious executable. --- Category: MALICIOUS - The campaign has clearly...
CVE-2026-47782
Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor...
CVE-2026-47782
Technical details about CVE-2026-47782 are not publicly provided in the supplied documents; monitor for updates.
CVE-2026-47782
Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor...
CVE-2026-47782
Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor...
CVE-2026-47782
Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor...
MAL-2026-2669 Malicious code in ant-mcp-proxy-for-test (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 51df3beb4457da4a841727c91a2517ba5727c841c08f9d43cf2b25be9e476564 During use of the package, it silently downloads and executes remote executables or scripts. During analysis, the remote resources were no longer available. Th...
curl: Argument Injection via curl Short-Flag Grouping
This report details how the curl -os command facilitates an Argument Injection vulnerability in applications that wrap the curl command-line tool. The specific command curl -os /etc/passwd --url http://example.com demonstrates a subtle but dangerous behavior. Because -s silent follows -o output,...
Malicious code in joyboyw (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 36ac711534f46e41704c145912a7a6c3a51f64bb1888469e0730768e00865242 Contains a function to silently download malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
MAL-2025-192322 Malicious code in joyboyw (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 36ac711534f46e41704c145912a7a6c3a51f64bb1888469e0730768e00865242 Contains a function to silently download malware --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
MAL-2025-191745 Malicious code in gtts-lts (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7cfb789704a149f7b741d0c68fcb8a32a1e189444ca36f97e435e59d04e073b8 During the execution, the package silently download and runs a JAR not related to the package job. At the time of analysis, the content was corrupted ---...
Malicious code in gtts-lts (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7cfb789704a149f7b741d0c68fcb8a32a1e189444ca36f97e435e59d04e073b8 During the execution, the package silently download and runs a JAR not related to the package job. At the time of analysis, the content was corrupted ---...
Malicious Package
Overview github.com/ordinarymea/TNSRIDS is a malicious package. This package contains malicious code designed to provide attackers with on-demand remote access to a developer's system or CI/CD environment. The package and some other variants use typosquatting to imitate legitimate packages. Upon...
DEBIAN-CVE-2025-5986
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data e.g. using /dev/urandom on Linux or to...
flexnet-overwrite.txt
Who: Macrovision What: Macrovision FlexNext Connect is a software package that allows ISV's to update their software products. It is generally used in conjunction with the InstallShield software deploymnet framework. FlexNet uses a number of ActiveX controls, some of which are marked safe for...