Lucene search
K

43 matches found

NVD
NVD
added 4 days ago11 views

CVE-2025-71375

picklescan before 0.0.34 fails to detect the operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load...

8.1CVSS0.00365EPSS
Exploits0References2
CVE
CVE
added 4 days ago11 views

CVE-2025-71373

CVE-2025-71373 : picklescan before 0.0.33 fails to detect operator.methodcaller calls in pickle files, allowing remote attackers to craft payloads that execute arbitrary code when loaded, compromising systems relying on picklescan for validation.

8.1CVSS6.3AI score0.00444EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago34 views

CVE-2025-71367 picklescan - Remote Code Execution via _operator.attrgetter Detection Bypass

picklescan before 0.0.34 fails to detect operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using operator.attrgetter in reduce methods to execute arbitrary code when pickle.load processes the file...

8.1CVSS0.00445EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2025-71367

picklescan before 0.0.34 fails to detect operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using operator.attrgetter in reduce methods to execute arbitrary code when pickle.load processes the file...

8.1CVSS6.3AI score0.00445EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago8 views

EUVD-2025-210421

picklescan before 0.0.34 fails to detect operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using operator.attrgetter in reduce methods to execute arbitrary code when pickle.load processes the file...

8.1CVSS6.3AI score0.00445EPSS
Exploits0References2
CVE
CVE
added 4 days ago14 views

CVE-2025-71367

CVE-2025-71367 affects picklescan before 0.0.34. The root cause is a failure to detect _operator.attrgetter calls inside pickle payloads, allowing remote attackers to craft malicious pickle files using _operator.attrgetter in reduce methods and achieve arbitrary code execution when pickle.load() ...

8.1CVSS6.3AI score0.00445EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago35 views

CVE-2025-71347 picklescan - Undetected Remote Code Execution via numpy.f2py.crackfortran.param_eval

picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.parameval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed undetected code in pickle files that executes during deserialization, enabling arbitrary cod...

8.1CVSS0.00445EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:16 p.m.4 views

CVE-2025-71371

picklescan before 0.0.29 fails to detect malicious pickle files using code.InteractiveInterpreter.runcode in reduce methods. Attackers can craft pickle payloads that bypass picklescan detection and execute arbitrary code when loaded via pickle.load...

8.1CVSS0.00499EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 6:35 p.m.3 views

GHSA-5GP7-4733-2W2V Duplicate Advisory: Picklescan Bypasses Unsafe Globals Check using pty.spawn

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hgrh-qx5j-jfwx. This link is maintained to preserve external references. Original Description PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to...

8.8CVSS6.1AI score0.00384EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 5:16 p.m.9 views

CVE-2025-71322

PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan...

8.8CVSS0.00384EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 3:4 p.m.18 views

CVE-2025-71322 PickleScan - Unsafe Globals Check Bypass via pty.spawn Function

PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan...

8.8CVSS0.00384EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 3:4 p.m.8 views

EUVD-2025-210269

PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan...

8.8CVSS6AI score0.00384EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.9 views

CVE-2021-47935

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

8.8CVSS6.7AI score0.00927EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.14 views

CVE-2026-25874

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable...

9.8CVSS6.6AI score0.15547EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

aiter 代码问题漏洞

aiter is a high-performance AI operator library open source by AMD ROCm™ Software, providing optimized GPU cores for inference and training. Versions of aiter prior to 0.1.14 contain code vulnerabilities. These vulnerabilities stem from unauthenticated remote code execution in the MessageQueue.re...

9.8CVSS6.7AI score0.01104EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

Amazon SageMaker Python SDK 安全漏洞

Amazon SageMaker Python SDK is a development toolkit provided by Amazon, Inc., for building, training, and deploying machine learning models. Versions of the Amazon SageMaker Python SDK prior to v2.257.2 and v3.8.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of...

7.2CVSS6AI score0.0039EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 6:16 p.m.8 views

CVE-2026-31232

The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading process. When loading model files .pt from a user-specified directory via the --modeldir argument, the code uses torch.load without...

8.8CVSS0.00458EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Horovod 安全漏洞

Horovod is a distributed training framework developed by Horovod OpenSource, based on TensorFlow, Keras, PyTorch, and Apache MXNet. Horovod versions 0.28.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of authentication and authorization controls in the...

9.8CVSS6.2AI score0.00687EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-40119

The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading process. When loading model files .pt from a user-specified directory via the --model dir argument, the code uses torch.load withou...

6.5AI score0.00458EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

CosyVoice 安全漏洞

CosyVoice is an open-source voice generation and AI voice cloning platform developed by FunAudioLLM. CosyVoice has a security vulnerability. This vulnerability arises from the model loading process, where the .pt files in the user-specified directory are loaded using torch.load, without enabling...

8.8CVSS6.1AI score0.00458EPSS
Exploits0References2
Rows per page
Query Builder