Lucene search
K

143 matches found

Snyk
Snyk
added 2026/07/04 3:12 a.m.7 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the makelabel function in the reduce method. An attacker can execute arbitrary commands by crafting...

8.1CVSS6.2AI score0.003EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/04 3:11 a.m.6 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the numpy.f2py.crackfortran process. An attacker can execute arbitrary code by crafting malicious pickle...

8.1CVSS6.2AI score0.003EPSS
Exploits0References2
NVD
NVD
added 2026/07/04 2:16 a.m.11 views

CVE-2025-71373

picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary code when loaded, compromising systems relying on...

8.1CVSS0.00444EPSS
Exploits0References2
NVD
NVD
added 2026/07/04 2:16 a.m.10 views

CVE-2025-71362

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

8.1CVSS0.003EPSS
Exploits0References2
NVD
NVD
added 2026/07/04 2:16 a.m.14 views

CVE-2025-71356

picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolicshapes.ShapeEnv.evaluateguardsexpression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when loaded by victims...

8.1CVSS0.003EPSS
Exploits0References2
NVD
NVD
added 2026/07/04 2:16 a.m.9 views

CVE-2025-71345

picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.main.runautogradprof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution...

8.1CVSS0.00427EPSS
Exploits0References2
NVD
NVD
added 2026/07/04 2:16 a.m.11 views

CVE-2025-71342

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks...

8.1CVSS0.00427EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.38 views

CVE-2025-71373 picklescan - Remote Code Execution via operator.methodcaller Detection Bypass

picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary code when loaded, compromising systems relying on...

8.1CVSS0.00444EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.9 views

CVE-2025-71373

picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary code when loaded, compromising systems relying on...

8.1CVSS6.3AI score0.00444EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.9 views

CVE-2025-71369

picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote attackers can embed undetected malicious code in pickle files that executes during deserialization,...

8.1CVSS6.3AI score0.00445EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/04 1:23 a.m.10 views

EUVD-2025-210420

picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.main.runcprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.7 views

CVE-2025-71366

picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.main.runcprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References3
CVE
CVE
added 2026/07/04 1:23 a.m.13 views

CVE-2025-71366

CVE-2025-71366 affects picklescan versions before 0.0.28. The flaw is a failure to detect malicious torch.utils.bottleneck.main .run_cprofile calls inside pickle files, allowing remote attackers to embed undetected code that executes when a victim loads the pickle. The available documents do not ...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.8 views

CVE-2025-71362

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

8.1CVSS6.1AI score0.003EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/04 1:23 a.m.8 views

EUVD-2025-210418

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
CVE
CVE
added 2026/07/04 1:23 a.m.23 views

CVE-2025-71364

CVE-2025-71364 affects picklescan prior to 0.0.30, which fails to detect the builtin function asyncio.unix_events._UnixSubprocessTransport._start inside pickle reduce methods. This allows an attacker to craft malicious pickle payloads that evade detection and execute arbitrary commands upon loadi...

8.1CVSS6.5AI score0.00555EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.6 views

CVE-2025-71360

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS6.1AI score0.003EPSS
Exploits0References3
CVE
CVE
added 2026/07/04 1:23 a.m.18 views

CVE-2025-71360

The CVE-2025-71360 entry concerns picklescan prior to 0.0.29, where the tool fails to detect malicious pickle payloads that rely on idlelib.calltip.get_entity within reduce methods. Impact: attackers could embed code in pickle files that executes remote commands when loaded by victims. The vulner...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.37 views

CVE-2025-71360 picklescan - Remote Code Execution via Undetected idlelib.calltip.get_entity

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS0.003EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.5 views

CVE-2025-71356

picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolicshapes.ShapeEnv.evaluateguardsexpression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when loaded by victims...

8.1CVSS6.2AI score0.003EPSS
Exploits0References3
Rows per page
Query Builder