Skip to content
Threat Feed

Product

Pip

4 briefs RSS
high threat

Analyzing Supply Chain Risks in Python Package Installation

Threat actors, including TeamPCP, are increasingly using malicious Python packages in supply chain attacks to compromise developer devices and infrastructure by exploiting trust in Python's packaging ecosystem, leading to automatic payload execution during installation.

PyPI +2 TeamPCP supply-chain python software-security
2t 4i
high advisory

Open Babel Heap Buffer Overflow in ChemKin Parser (CVE-2025-10997)

A heap buffer overflow vulnerability (CVE-2025-10997) in Open Babel's ChemKin parser allows an attacker to achieve memory corruption when a victim processes a specially crafted ChemKin file, potentially leading to denial of service or arbitrary code execution.

Open Babel +1 chemistry vulnerability buffer-overflow memory-corruption cve
1t 1c
high advisory

Open Babel PQS coord_file parser suffers from out-of-bounds write vulnerability (CVE-2022-43467)

A high-severity memory-safety vulnerability (CVE-2022-43467) in Open Babel's PQS `coord_file` parser allows an attacker to achieve an out-of-bounds write by tricking a victim into opening a specially crafted PQS file, potentially leading to arbitrary code execution or denial of service in systems processing untrusted chemistry file formats.

Open Babel +1 open-babel vulnerability memory-corruption cve library
2t 1c
high advisory

Linuxfabrik Monitoring Plugins Local Privilege Escalation via Sudo apt-get

A local privilege escalation vulnerability, CVE-2026-52817, exists in Linuxfabrik Monitoring Plugins within its Debian.sudoers configuration, allowing a pre-compromised `nagios` user to inject arbitrary `apt-get` arguments to execute commands as root and obtain a root shell on affected Debian systems.

Linuxfabrik Monitoring Plugins +1 privilege-escalation linux sudo cve
1r 1t