Lucene search
K

363 matches found

EUVD
EUVD
added 9 hours ago3 views

EUVD-2025-210392

picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when used in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files that bypass picklescan detection and achieve code execution upon...

8.1CVSS6.5AI score
Exploits0References3
EUVD
EUVD
added 9 hours ago3 views

EUVD-2025-210388

Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing.private.utils.runstring within the reduce method to...

7.6CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday4 views

CVE-2025-71374

CVE-2025-71374 affects picklescan prior to 0.0.29. The library fails to detect the built-in Python profile.Profile.run function when used in pickle reduce methods, enabling remote attackers to craft malicious pickle files that bypass detection and achieve code execution upon deserialization. The ...

8.1CVSS6.5AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2025-71363

CVE-2025-71363 affects the picklescan tool prior to 0.0.30. It fails to detect cProfile.run calls within pickle reduce methods, enabling remote attackers to craft malicious pickle files with cProfile.run payloads that bypass picklescan detection and cause code execution during deserialization.

8.1CVSS6.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-54012

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.29 Description The software fails to detect the built-in Python profile.Profile.run function when it is utilized within pickle reduce methods. This allows remote attackers to craft malicious pickle files that...

8.1CVSS6.5AI score
Exploits0References4
NVD
NVD
added 6 days ago8 views

CVE-2026-46607

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity chec...

7.8CVSS0.00303EPSS
Exploits0References2
CVE
CVE
added 6 days ago25 views

CVE-2026-46607

CVE-2026-46607 describes an insecure deserialization vulnerability in Glances, where a version-check cache file (~/.cache/glances/glances-version.db) is loaded with pickle without validation. An attacker with write access to the cache path can introduce a malicious pickle and achieve arbitrary co...

7.8CVSS6.5AI score0.00303EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago27 views

CVE-2026-46607 Glances: Insecure Pickle Deserialization in Version Cache Leads to Arbitrary Code Execution

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity chec...

7.8CVSS0.00303EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 3:24 p.m.6 views

CVE-2026-56304

picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create...

6.9CVSS6AI score0.00288EPSS
Exploits1References3
CVE
CVE
added 2026/06/20 3:24 p.m.18 views

CVE-2026-56304

CVE-2026-56304 affects picklescan versions before 1.0.1. The flaw is an unsafe pickle deserialization through the logging.FileHandler class, allowing unauthenticated attackers to craft malicious pickle payloads to create arbitrary zero-byte files. This can bypass RCE blocklists and lead to filesy...

6.9CVSS6AI score0.00288EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/20 3:24 p.m.9 views

EUVD-2026-38123

picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create...

6.9CVSS6AI score0.00288EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/20 3:24 p.m.33 views

CVE-2026-56304 picklescan - Arbitrary File Creation via logging.FileHandler Deserialization

picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create...

6.9CVSS0.00288EPSS
Exploits1References2
CVE
CVE
added 2026/06/18 11:37 p.m.92 views

CVE-2026-12046

CVE-2026-12046: pgAdmin 4 exposes unauthenticated deserialization sink in SQL Editor close and update_connection routes (DELETE /sqleditor/close/, POST /sqleditor/initialize/sqleditor/update_connection///). Missing @pga_login_required allows unauthenticated access to pickle.loads on session['grid...

9.5CVSS6.8AI score0.00715EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 11:37 p.m.33 views

CVE-2026-12046 pgAdmin 4: Unauthenticated pickle deserialization in SQL Editor close / update_connection routes enables remote code execution

Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/updateconnection/// -- were the only routes in the module missing the @pgaloginrequired decorator. Both reach a pickle.loads sink on session'gridData''commandobj':...

9.5CVSS0.00715EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 6:18 p.m.10 views

CVE-2026-53805

NVIDIA Spatial Intelligence Lab's SIL GEN3C contains an unauthenticated remote code execution vulnerability in the inference API server where the /request-inference and /seed-model endpoints deserialize raw HTTP request bodies using Python's pickle.loads without authentication or input validation...

9.8CVSS0.00685EPSS
Exploits0References4
CVE
CVE
added 2026/06/17 4:44 p.m.22 views

CVE-2026-53805

CVE-2026-53805 affects NVIDIA Spatial Intelligence Lab’s GEN3C. It describes an unauthenticated remote code execution vulnerability in the inference API server, exploitable via /request-inference and /seed-model endpoints that deserialize raw HTTP bodies with Python pickle.loads() without authent...

9.8CVSS6.3AI score0.00685EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/17 4:44 p.m.20 views

CVE-2026-53805 NVIDIA SIL GEN3C Unauthenticated RCE via Pickle Deserialization in Inference API

NVIDIA Spatial Intelligence Lab's SIL GEN3C contains an unauthenticated remote code execution vulnerability in the inference API server where the /request-inference and /seed-model endpoints deserialize raw HTTP request bodies using Python's pickle.loads without authentication or input validation...

9.8CVSS0.00685EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/17 3:5 p.m.6 views

EUVD-2026-37740

picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute arbitrary code by hiding eval calls nested under callable objects via getattr. Attackers can embed malicious code in pickle files that evades detection but executes when the pickle i...

9.8CVSS6AI score0.00519EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 3:5 p.m.8 views

EUVD-2026-37738

picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to externa...

8.7CVSS5.6AI score0.00509EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 3:5 p.m.19 views

CVE-2026-53872 picklescan - Arbitrary File Read via Unsafe Pickle Deserialization

picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to externa...

8.7CVSS0.00509EPSS
Exploits0References2
Rows per page
Query Builder