4335 matches found
MAL-2026-3216 Malicious code in httpx-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5d3d6ca7ec9867abcf3fb8a0170ca44801107a64fb1ff7f9aa437dd7b1f59845 During installation, package downloads downloads and executes next-stage script that then downloads a Sliver beacon and establishes persistence via a systemd...
Exploit for Embedded Malicious Code in Tukaani Xz
Security Review: CVE-2024-3094 XZ Utils Backdoor Автор:...
Amazon Linux 2023 : maven3.9, maven3.9-amazon-corretto8, maven3.9-amazon-corretto11 (ALAS2023-2026-1602)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1602 advisory. Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus- utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute...
Important: maven3.9
Issue Overview: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code CVE-2025-67030 Affected Packages: maven3.9 Issue Correction: Run dnf...
MAL-2026-3193 Malicious code in rblx-http (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b0078ee9b9f6221ab242c9f2442f86670e320a5058c306590b5e5b458066e414 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
CLSA-2026-1777454474 plexus-utils: Fix of CVE-2025-67030
CVE-2025-67030: fix Zip Slip / directory traversal in Expand.extractFile canonical path check...
Malicious code in core-roblox-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 51e9fdba29b05ebf3bb0fb66dcf05dd021562b52449128a930f28ff073b4e1d7 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-3137 Malicious code in core-roblox-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 51e9fdba29b05ebf3bb0fb66dcf05dd021562b52449128a930f28ff073b4e1d7 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in robase-apis (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 953430b69a70b8a69dd00f87a8cf96f9b60eaf4dfdd70fd129ba5d2502612555 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-3138 Malicious code in robase-apis (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 953430b69a70b8a69dd00f87a8cf96f9b60eaf4dfdd70fd129ba5d2502612555 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
fl-manager-components-datasets-torch (=0.1.0), fl-manager-components-formatters-pillow (=0.1.0) +11 more potentially affected by CVE-2026-24178 via nvflare (>=2.2.0 <=2.7.1)
nvflare PYPI version =2.2.0, =0.1.0, =0.2.0, =3.1.27, =3.1.27, =3.1.29, =3.1.31 Source cves: CVE-2026-24178 Source advisory: SNYK:PYTHON-NVFLARE-16318747...
oci-utils security update
-- 0.14.0-21 - Update the debugging log file path. Orabug: 39250938...
MAL-2026-3104 Malicious code in robase-ui (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9ca93a110c410fd6294e5270289bebb1872f9b81152d837f4990756881646cc0 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
ROOT-OS-DEBIAN-13-CVE-2026-34743 CVE-2026-34743 in rootio-xz-utils - Patched by Root
Root has patched CVE-2026-34743 in the rootio-xz-utils package for Root:Debian:13. Multiple fixed versions available...
Unity Linux 20.1070e Security Update: xz (UTSA-2026-014304)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014304 advisory. XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an Index that...
Oracle Linux 8 : virt:kvm_utils3 (ELSA-2026-50239)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50239 advisory. - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501...
Malicious code in @clearpool/utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81591bb660ad3ae2036615d00a3ff6960ccd2f36789a4f0df65a53ea7a557336 package.json declares preinstall and install lifecycle hooks that collect installer-identifying data whoami, hostname, pwd, $npmpackagename,...
CVE-2026-7021
A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...
CVE-2026-7021 SmythOS sre Connector Service utils.ts information disclosure
A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...
CVE-2026-7021 SmythOS sre Connector Service utils.ts information disclosure
A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...