VDB

GCVE-110-OSM-2026-149

GCVE-110-OSM-2026-149
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published May 27, 2026
Malicious package detected. Payload: pywingui/ui/ocr_utils.cp311-win32.pyd Secondary files: pywingui/ai/error_engine.cp311-win32.pyd, pywingui/ai/win32_child_handler.cp311-win32.pyd Key findings: - Brand New Package - Binary: Anti Analysis in pywingui/ai/error_engine.cp311-win32.pyd: "IsDebuggerPresent" - Binary: Anti Analysis in pywingui/ai/win32_child_handler.cp311-win32.pyd: "IsDebuggerPresent" - Binary: Anti Analysis in pywingui/app/context.cp311-win32.pyd: "IsDebuggerPresent" - Binary: Anti Analysis in pywingui/base/base_window.cp311-win32.pyd: "IsDebuggerPresent" IOCs: - binaryHashes: c6b5334ee791a9682cf13cdcf8a4c4a63770f33d53cd335ebfba40d278211ec5, 255f8da01728dc54ed01ccb8437ae884378571bc99042b7fb95044aa0771f183, 5fed1db0ae33f92d1b1f912c63c5ea353c945bcbe1fac995bc73a257ce7715bc, 0a1bf2f1a9b24549d465a5267ad061d2d4bf8521ff837589a0213910abf573f0, 9584e0362a6695788cd55f3dfc919d2b00c3d6a8ea53467c8b7ccee05854d7a2 (+25 more) - urls: https://extraction-api.nanonets.com/api/v1/extract/sync, https://api.ocr.space/Parse/Image - domains: extraction-api.nanonets.com, api.ocr.space, uOCR.Space, OCR.Space - payloadFileHash: a754ad2f4c2fa48ae7f98c888c84f027b7b77158c56e493493e900110ace3a15

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownpywingui6.0.2 (affected)
unknownpulse-feature-flag* (affected)
unknownaioutil3* (affected), all (affected), all (affected), all (affected)
unknownsynapseml-utilsall (affected), all (affected), all (affected), all (affected), all (affected), * (affected), * (affected)
unknownarnavtest123* (affected), all (affected), * (affected), all (affected)

References

advisory
vendor
advisory
vendor
advisory
vendor
advisory
vendor
advisory
vendor

Browse GCVE Records

73,053 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›