Lucene search
K

59 matches found

NVD
NVD
added 3 days ago10 views

CVE-2025-71367

picklescan before 0.0.34 fails to detect operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using operator.attrgetter in reduce methods to execute arbitrary code when pickle.load processes the file...

8.1CVSS0.00445EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago38 views

CVE-2025-71375 picklescan - Undetected Remote Code Execution via _operator.methodcaller

picklescan before 0.0.34 fails to detect the operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load...

8.1CVSS0.00365EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-367 Kedro deserialization vulnerability

A Remote Code Execution RCE vulnerability has been identified in the Kedro ShelveStore class version 0.19.8. This vulnerability allows an attacker to execute arbitrary Python code via deserialization of malicious payloads, potentially leading to a full system compromise. The ShelveStore class use...

9.8CVSS7.7AI score0.01035EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/19 9:33 a.m.8 views

CVE-2026-49121

A flaw was found in AI Tensor Engine for ROCm AITER. This vulnerability allows unauthenticated remote attackers to execute arbitrary code by sending a specially crafted data package, known as a pickle payload, to a ZeroMQ ZMQ subscriber socket. This exploitation is possible due to a lack of...

9.8CVSS6.6AI score0.01104EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.15 views

PT-2026-50812

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 6.9 through 9.15 Description In server mode, two state-mutating endpoints in the SQL Editor blueprint are missing the @pga login required authentication decorator, allowing them to be accessed without an authenticated sessio...

9.5CVSS6.5AI score0.0071EPSS
Exploits0References13
EUVD
EUVD
added 2026/06/17 3:5 p.m.7 views

EUVD-2026-37740

picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute arbitrary code by hiding eval calls nested under callable objects via getattr. Attackers can embed malicious code in pickle files that evades detection but executes when the pickle i...

9.8CVSS6AI score0.00519EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:9 p.m.9 views

CVE-2026-35464

pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMINONLYOPTIONS set to block non-admin users from modifying security-critical config options. The storagefolder option is not in this set and passes the existing path restriction because the...

7.5CVSS6.1AI score0.00529EPSS
Exploits2References1
NVD
NVD
added 2026/06/01 7:16 p.m.10 views

CVE-2026-49121

AI Tensor Engine for ROCm AITER through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv function within shmbroadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket...

9.8CVSS0.01104EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/01 5:9 p.m.17 views

EUVD-2026-33717

AI Tensor Engine for ROCm AITER through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv function within shmbroadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket...

9.2CVSS6.7AI score0.01104EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/01 5:9 p.m.8 views

CVE-2026-49121

AI Tensor Engine for ROCm AITER through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv function within shmbroadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket...

9.2CVSS6.7AI score0.01104EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45540

Name of the Vulnerable Software and Affected Versions AI Tensor Engine for ROCm AITER versions prior to 0.1.15 Description An unauthenticated remote code execution issue exists in the MessageQueue.recv function within shm broadcast.py. This occurs because a ZMQ SUB socket lacks authentication,...

9.8CVSS6.7AI score0.01104EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Manga/Image Translator 安全漏洞

Manga/Image Translator is a text-to-image translation tool developed by zyddnys’ individual developers. Manga/Image Translator has a security vulnerability, which stems from insecure deserialization during the shared API server mode. This vulnerability could allow remote attackers to execute...

9.8CVSS6.2AI score0.00622EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/26 6:33 p.m.101 views

IMVU-Exploits

IMVU Exploits IMVU Classic Client v3.6.15 - Complete exploita...

10CVSS5.8AI score0.94354EPSS
Exploits6
Veracode
Veracode
added 2026/05/23 5:55 a.m.5 views

Improper Integrity Verification

Amazon SageMaker Python SDK is vulnerable to improper integrity verification. The vulnerability is due to missing integrity verification in the Triton inference handler, which allows an authenticated attacker with S3 write access to replace model artifacts with a specially crafted pickle payload...

7.2CVSS6.5AI score0.0039EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/14 7:37 p.m.8 views

CVE-2026-8597

Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...

7.2CVSS6.2AI score0.0039EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/14 7:37 p.m.37 views

CVE-2026-8597 Missing integrity verification in Triton inference handler in Amazon SageMaker Python SDK

Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...

7.2CVSS0.0039EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.22 views

PT-2026-41118

Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 2.257.2 Amazon SageMaker Python SDK versions prior to 3.8.0 Description Missing integrity verification in the Triton inference handler allows a remote authenticated actor with S3 write access to th...

7.2CVSS6.2AI score0.0039EPSS
Exploits0References10
OSV
OSV
added 2026/05/12 6:30 p.m.8 views

GHSA-MF8F-X4R3-JM8C Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

9.8CVSS6.4AI score0.00687EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 6:16 p.m.10 views

CVE-2026-31234

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

9.8CVSS0.00687EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.34 views

CVE-2026-31235

The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the augmentimagesworker method without any safety...

0.00472EPSS
Exploits0References2
Rows per page
Query Builder