35391 matches found
CVE-2025-71378
The CVE-2025-71378 entry concerns picklescan before 0.0.30 failing to detect cProfile.runctx calls in pickle file reduce methods. This allows a attacker-supplied, malicious pickle file to execute arbitrary code when loaded via pickle.load(), i.e., a remote code execution scenario. The issue is de...
CVE-2025-71378 picklescan - Remote Code Execution via Undetected cProfile.runctx in Pickle Files
picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load...
CVE-2025-71357
CVE-2025-71357 affects the Python package picklescan older than 0.0.30. The vulnerability arises from using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods, allowing attackers to embed code in pickle files that can execute remote commands when loaded by a victim. The connected so...
CVE-2025-71348
picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils.configmodule.loadconfig function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but executes during pickle.load, enabling remote code execution in supply...
CVE-2025-71351
CVE-2025-71351 affects picklescan prior to version 0.0.25. The vulnerability arises because timeit.timeit() calls used in the reduce method are not detected by the tool, allowing crafted pickle payloads to bypass detection and trigger remote code execution when pickle.load() is performed. Attacke...
MAL-2026-6244 Malicious code in d0rk3r-telemetry (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da4542d225ef144ecc5df2f578104ffc12659196c57b2214ecb54f60620601c6 On import d0rk3rtelemetry, the package spawns a background thread that reads installer-owned secrets and POSTs them to an attacker-controlled endpoin...
Malicious code in d0rk3r-telemetry (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da4542d225ef144ecc5df2f578104ffc12659196c57b2214ecb54f60620601c6 On import d0rk3rtelemetry, the package spawns a background thread that reads installer-owned secrets and POSTs them to an attacker-controlled endpoin...
Malicious code in request-cache-py (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eafb96e46544cb1351d26caf52bff79055bc205a1f8454737b677fff8fbc6fea request-cache-py impersonates the legitimate requests-cache HTTP caching library. On import requestcachepy, the package's init.py starts a background...
MAL-2026-6245 Malicious code in request-cache-py (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eafb96e46544cb1351d26caf52bff79055bc205a1f8454737b677fff8fbc6fea request-cache-py impersonates the legitimate requests-cache HTTP caching library. On import requestcachepy, the package's init.py starts a background...
kernel: wifi: mac80211: use safe list iteration in radar detect work
A flaw was found in the Linux kernel's mac80211 wireless subsystem. This vulnerability arises from unsafe list iteration during radar detection work, where a channel context can be freed while still being processed. This can lead to a use-after-free memory error. A successful exploit could result...
CVE-2026-49337
creationtimestamp| type| source ---|---|--- 2026-06-19 21:57:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moodjnby4t2q...
Astra Linux – Vulnerability in ffmpeg
There is a heap-based Buffer Overflow vulnerability in gaussianblur at libavfilter/vfedgedetect.c, which may lead to memory corruption and other potential issues...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: intel-sdw-acpi: hardening the detection of controllers. The existing code currently sets a pointer to an ACPI handle before checking whether it is indeed a SoundWire controller. This can lead to issues where the proces...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: Fixed the no-op check for SMMU/ATS faults in setaccessflags. The function contpteptepsetaccessflags compares the gathered value from ptepget with the requested entry to detect no-ops. ptepget ORs AF/dirty from all...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iio: imu: stlsm6dsx: Set buffer sampling frequency for accelerometer only The stlsm6dsxhwfifoodrstore function, which is called when the user space writes the buffer sampling frequency sysfs attribute, calls stlsm6dsxcheckodr. Th...
Astra Linux – Vulnerability in Firefox
When using the Performance API, attackers were able to detect subtle differences between PerformanceEntries, thereby determining whether the target URL had undergone a redirect. This vulnerability affects Firefox 103...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ACPI: Video – Check for an error when searching for the parent of the backlight device. If the acpigetparent function called within acpivideodevregisterbacklight fails, for example, because acpiutacquiremutex fails inside...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: powerpc/bpf: Fixed the detection of BPF atomic instructions. The commit 91c960b0056672 “bpf: Rename BPFXADD and prepare to encode other atomic instructions in .imm” changed BPFXADD to BPFATOMIC and added a mechanism to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: cihdrcimx: Also search for ‘phys’ handle. When passing ‘phys’ in the device tree to describe the USB PHY handle which is the recommended approach according to Documentation/devicetree/bindings/usb/ci-hdrc-usb2.txt,...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered The powersupply framework is not actually designed to have long-term references to powersupply devices in the kernel. Specifically, unregistering a...