Lucene search
K

25 matches found

NVD
NVD
added 5 days ago11 views

CVE-2025-71373

picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary code when loaded, compromising systems relying on...

8.1CVSS0.00444EPSS
Exploits0References2
NVD
NVD
added 5 days ago11 views

CVE-2025-71375

picklescan before 0.0.34 fails to detect the operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load...

8.1CVSS0.00365EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago7 views

EUVD-2025-210425

picklescan before 0.0.34 fails to detect the operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load...

8.1CVSS6.3AI score0.00365EPSS
Exploits0References2
CVE
CVE
added 5 days ago20 views

CVE-2025-71375

The CVE-2025-71375 issue affects the Python package picklescan (prior to 0.0.34) and stems from failure to detect the built-in function _operator.methodcaller when scanning pickle files for malicious code. This oversight allows attackers to craft pickle payloads that evade detection and can lead ...

8.1CVSS6.3AI score0.00365EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago39 views

CVE-2025-71375 picklescan - Undetected Remote Code Execution via _operator.methodcaller

picklescan before 0.0.34 fails to detect the operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load...

8.1CVSS0.00365EPSS
Exploits0References2
CVE
CVE
added 5 days ago12 views

CVE-2025-71373

CVE-2025-71373 : picklescan before 0.0.33 fails to detect operator.methodcaller calls in pickle files, allowing remote attackers to craft payloads that execute arbitrary code when loaded, compromising systems relying on picklescan for validation.

8.1CVSS6.3AI score0.00444EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago8 views

EUVD-2025-210424

picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary code when loaded, compromising systems relying on...

8.1CVSS6.3AI score0.00444EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2025-71373

picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary code when loaded, compromising systems relying on...

8.1CVSS6.3AI score0.00444EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago38 views

CVE-2025-71373 picklescan - Remote Code Execution via operator.methodcaller Detection Bypass

picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary code when loaded, compromising systems relying on...

8.1CVSS0.00444EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 6:35 p.m.3 views

GHSA-6V84-V468-3C7F Duplicate Advisory: Picklescan has Incomplete List of Disallowed Inputs

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-84r2-jw7c-4r5q. This link is maintained to preserve external references. Original Description picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller...

9.8CVSS6.2AI score0.00623EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 5:16 p.m.9 views

CVE-2025-71320

picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller functions, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using these unblocked functions to achieve arbitrary code execution when...

9.8CVSS0.00623EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 3:4 p.m.17 views

CVE-2025-71320 picklescan - Remote Code Execution via Incomplete Disallowed Inputs

picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller functions, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using these unblocked functions to achieve arbitrary code execution when...

9.8CVSS0.00623EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 3:4 p.m.27 views

CVE-2025-71320

The CVE identifies a vulnerability in picklescan prior to 0.0.33, where an incomplete deny-list fails to block pydoc.locate and operator.methodcaller. This allows remote attackers to craft malicious pickle files that, when deserialized, yield arbitrary code execution. The issue is tied to deseria...

9.8CVSS6.1AI score0.00623EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 3:4 p.m.12 views

EUVD-2025-210267

picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller functions, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using these unblocked functions to achieve arbitrary code execution when...

9.8CVSS6.1AI score0.00623EPSS
Exploits0References2
OSV
OSV
added 2025/12/30 3:22 p.m.2 views

GHSA-955R-X9J8-7RHH Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.methodcaller

Summary Picklescan uses operator.methodcaller, which is a built-in python library function to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling to operator.methodcaller function in reduce method - Then when...

9.3CVSS7.7AI score0.00365EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/30 3:22 p.m.5 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the operator.methodcaller function. An attacker can execute arbitrary code by crafting a malicious pickle...

8.4CVSS7.7AI score
Exploits0References2
EUVD
EUVD
added 2025/12/30 3:22 p.m.2 views

EUVD-2025-205779

Picklescan is vulnerable to RCE via missing detection when calling built-in python operator.methodcaller...

6.4AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/30 3:22 p.m.536 views

Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.methodcaller

Summary Picklescan uses operator.methodcaller, which is a built-in python library function to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling to operator.methodcaller function in reduce method - Then when...

7.8AI score
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/12/29 8:3 p.m.1 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the operator.methodcaller function, which is a built-in Python library function used to execute a remote...

8.4CVSS7.8AI score
Exploits0References3
OSV
OSV
added 2025/12/29 8:3 p.m.4 views

GHSA-X843-G5MX-G377 Picklescan is vulnerable to RCE through missing detection when calling built-in python operator.methodcaller

Summary Picklescan uses operator.methodcaller, which is a built-in python library function to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the operator.methodcaller function in method reduce. - Then,...

8.7CVSS7.7AI score0.00444EPSS
Exploits0References4
Rows per page
Query Builder