CVE-2020-9118

There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-0...

CVE-2025-47273 setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with...

MAL-2025-4665 Malicious code in grpc-google-bigtable-v2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9640f0015404a6fff13b4e9bbb9e01d3d4f545a8ae8935dc95425a427c561576 Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

Developer account body snatchers pose risks to the software supply chain

Over the past several years, high-profile software supply chain attacks have increased in frequency. These attacks can be difficult to detect and source code repositories became a key focus of this research. Developer account takeovers present a substantial risk to the software supply chain becau...