CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/27 12:7 p.m.•7 views

USN-8317-1 gst-plugins-good1.0 vulnerabilities

It was discovered that GStreamer Good Plugins incorrectly handled certain MP4 audio tracks. An attacker could possibly use this issue to cause GStreamer Good Plugins to crash, resulting in a denial of service...

9.1CVSS5.8AI score0.00039EPSS

OSV•added 2026/05/27 1:54 a.m.•4 views

MAL-2026-4829 Malicious code in quatres (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0d720315dd49970cfc00c39f4e377485b2746a4fc24f42dec7e79d0749ab9a7d During import, the hidden code downloads and executes the second-stage code. After performing anti-analysis checks, it downloads a malicious executable and...

OSSF Malicious Packages•added 2026/05/27 1:54 a.m.•12 views

Malicious code in quatres (PyPI)

Snyk•added 2026/05/14 7:16 p.m.•6 views

Division by zero

Overview Affected versions of this package are vulnerable to Division by zero in the qtdemuxparsetrak function when parsing MP4 audio tracks. An attacker can cause a crash by supplying crafted atom data that triggers a division by zero. Remediation A fix was pushed into the master branch but not...

5.5CVSS5.8AI score0.00014EPSS

NVD•added 2026/05/14 6:16 p.m.•5 views

CVE-2026-46469

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

5.5CVSS0.00014EPSS

AlpineLinux•added 2026/05/14 5:38 p.m.•6 views

CVE-2026-46469

5.5CVSS5.8AI score0.00014EPSS

Exploits0

Positive Technologies•added 2026/05/14 12:0 a.m.•6 views

PT-2026-41013

Name of the Vulnerable Software and Affected Versions GStreamer gst-plugins-good versions prior to 1.28.2 Description An issue exists when parsing MP4 audio tracks where the isomp4 plugin's qtdemux audio caps function fails to sufficiently validate atom data before performing division operations...

9.1CVSS5.8AI score0.00039EPSS

Exploits0References14

OSV•added 2026/04/04 12:1 p.m.•0 views

MAL-2026-2486 Malicious code in gangomodule (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8117683c90fb188f9fc013b3b3006dc5e31269d2511dd7c80eea9ac7b6892d09 During installation, obfuscated code validates the environment against typical sandboxing signs and attempts to download the next stages from remote sources. T...

OSSF Malicious Packages•added 2026/04/04 12:1 p.m.•3 views

Exploits0References1

Malicious code in gangomodule (PyPI)

OSSF Malicious Packages•added 2026/04/02 3:10 p.m.•4 views

Exploits0References1

Malicious code in k8s-node-health (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9358111fecbdb3180b8f4c0c6543abff3024c59deaf488cf3a34089820e96172 During import, the code download and starts remote executable that later connects to a C2 server, likely establishing a reverse tunnel. After executing the...

OSV•added 2026/04/02 3:10 p.m.•0 views

MAL-2026-2430 Malicious code in k8s-node-health (PyPI)

OSSF Malicious Packages•added 2026/04/01 11:46 a.m.•2 views

Malicious code in kube-node-health (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 391555cff14c82156843bee267daf896c3e3e989b9c899ef34b12ac7e23b1c7e During import, the code download and starts remote executable that later connects to a C2 server, likely establishing a reverse tunnel. After executing the...

OSSF Malicious Packages•added 2026/04/01 9:47 a.m.•3 views

Malicious code in kube-health-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4d36d5ed9b1bc15c12e89f48c1228a4f6e3aebe558a67d535655e280b25b4440 During import, the code download and starts remote executable that later connects to a C2 server, likely establishing a reverse tunnel. After executing the...

OSV•added 2026/04/01 9:47 a.m.•6 views

MAL-2026-2327 Malicious code in kube-health-tools (PyPI)

OSSF Malicious Packages•added 2026/03/28 7:40 p.m.•4 views

Malicious code in aiogram-photo-updater (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 62ec906fc563c8e7b6c22bb0dae1e739e6c3d8e24091105a8eafb292dae2f661 When run, the package exfiltrates files from a cryptowallet and modifies its executable placing an implant exfiltrating passphrase later. --- Category: MALICIO...

OSV•added 2026/03/23 1:56 p.m.•3 views

Exploits0References1

MAL-2026-2107 Malicious code in financial-crimes-general-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21f201c2aada618cb80f926b029f6b83b3f3bd9ffd0b35d5a4bb0c3aa1afd792 In specific environments, during installation, the package attempts to exfiltrate some basic information using DNS requests and then cover tracks by installing...

OSSF Malicious Packages•added 2026/02/10 7:2 p.m.•5 views

Exploits0References5

Malicious code in lyroxpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a9016ac99840c4d68028c7b724382974154c9bf75b410da9c6b4a75ff6d20b1f The package contains an embedded archive with an executable. When importing the module, the embedded archive is run as a module. Code inside extracts the...

5.6AI score

OSSF Malicious Packages•added 2026/02/02 12:2 a.m.•4 views

Malicious code in hangimani (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4eb1b67eac28a42f372ecaaca274a28d15972e3cc8e063492f977364538e6c41 During importing the module, package downloads a second-stage code from GitHub, which then runs an infostealer. After that, the downloaded code is removed ---...

OSV•added 2026/02/02 12:2 a.m.•2 views

MAL-2026-625 Malicious code in hangimani (PyPI)