VDB
GCVE-110-OSM-2026-149
GCVE-110-OSM-2026-149
Advisory PublishedCVSS 8.8/10
Malicious package detected.
Payload: pywingui/ui/ocr_utils.cp311-win32.pyd
Secondary files: pywingui/ai/error_engine.cp311-win32.pyd, pywingui/ai/win32_child_handler.cp311-win32.pyd
Key findings:
- Brand New Package
- Binary: Anti Analysis in pywingui/ai/error_engine.cp311-win32.pyd: "IsDebuggerPresent"
- Binary: Anti Analysis in pywingui/ai/win32_child_handler.cp311-win32.pyd: "IsDebuggerPresent"
- Binary: Anti Analysis in pywingui/app/context.cp311-win32.pyd: "IsDebuggerPresent"
- Binary: Anti Analysis in pywingui/base/base_window.cp311-win32.pyd: "IsDebuggerPresent"
IOCs:
- binaryHashes: c6b5334ee791a9682cf13cdcf8a4c4a63770f33d53cd335ebfba40d278211ec5, 255f8da01728dc54ed01ccb8437ae884378571bc99042b7fb95044aa0771f183, 5fed1db0ae33f92d1b1f912c63c5ea353c945bcbe1fac995bc73a257ce7715bc, 0a1bf2f1a9b24549d465a5267ad061d2d4bf8521ff837589a0213910abf573f0, 9584e0362a6695788cd55f3dfc919d2b00c3d6a8ea53467c8b7ccee05854d7a2 (+25 more)
- urls: https://extraction-api.nanonets.com/api/v1/extract/sync, https://api.ocr.space/Parse/Image
- domains: extraction-api.nanonets.com, api.ocr.space, uOCR.Space, OCR.Space
- payloadFileHash: a754ad2f4c2fa48ae7f98c888c84f027b7b77158c56e493493e900110ace3a15
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | pywingui | 6.0.2 (affected) | — |
| unknown | pulse-feature-flag | * (affected) | — |
| unknown | aioutil3 | * (affected), all (affected), all (affected), all (affected) | — |
| unknown | synapseml-utils | all (affected), all (affected), all (affected), all (affected), all (affected), * (affected), * (affected) | — |
| unknown | arnavtest123 | * (affected), all (affected), * (affected), all (affected) | — |
References
Malicious pypi package: arnavtest123
advisory
Malicious pypi package: aioutil3
advisory
Malicious pypi package: pywingui
advisory
Browse GCVE Records
73,053 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.