Lucene search
+L

418 matches found

cert
cert
added 21 hours ago3 views

SGLang contains a vulnerable pickle deserialization vulnerability through the expert-parallel subsystem

Overview A Pickle deserialization vulnerability has been discovered within the SGLang project, enabling an attacker to perform remote code execution RCE on the target vulnerable server. In order for an attacker to exploit this vulnerability, the expert-parallel backup subsystem must be enabled, a...

9.1CVSS6.4AI score
Exploits0References6
cve
cve
added 2026/07/08 10:23 p.m.30 views

CVE-2026-54499

CVE-2026-54499 affects Stanza prior to 1.12.2, where model loading uses torch.load(..., weights_only=True) and on an attacker-controllable pickle.UnpicklingError falls back to weights_only=False, enabling arbitrary pickle code execution when loading a malicious .pt pretrain/file. The vulnerabilit...

7.5CVSS6.3AI score0.00317EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2026/07/08 10:23 p.m.35 views

CVE-2026-54499 Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders

Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders such as stanza.models.common.pretrain.Pretrain.load attempt torch.load..., weightsonly=True but fall back to torch.load...,...

7.5CVSS0.00317EPSS
Exploits1References4
osv
osv
added 2026/07/08 10:23 p.m.3 views

CVE-2026-54499 Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders

Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders such as stanza.models.common.pretrain.Pretrain.load attempt torch.load..., weightsonly=True but fall back to torch.load...,...

7.5CVSS6.3AI score0.00317EPSS
Exploits1References6
redhatcve
redhatcve
added 2026/07/07 3:16 p.m.6 views

CVE-2026-14535

A flaw was found in the fickling library, versions up to and including 0.1.11. A logic error in the security analysis passes allows an attacker to bypass intended safety checks during pickle deserialization. This vulnerability enables the invocation of arbitrary standard library modules, leading ...

9.8CVSS6AI score0.00321EPSS
Exploits1References7
osv
osv
added 2026/07/07 2:34 p.m.4 views

PYSEC-2026-1514 LangChain pickle deserialization of untrusted data

A vulnerability in the FAISS.deserializefrombytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects versions prior to 0.2.4...

8.4CVSS6.4AI score0.00358EPSS
Exploits1References7
nvd
nvd
added 2026/07/04 2:16 p.m.13 views

CVE-2026-14535

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...

9.8CVSS0.00321EPSS
Exploits1References4
euvd
euvd
added 2026/07/04 1:31 p.m.10 views

EUVD-2026-41676

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...

8.8CVSS5.9AI score0.00321EPSS
Exploits1References4
cve
cve
added 2026/07/04 1:31 p.m.25 views

CVE-2026-14535

Summary: CVE-2026-14535 affects Trail of Bits fickling up to version 0.1.11. A logic error in the UnsafeImportsML and MLAllowlist passes causes shared mutable state (AnalysisContext.reported_shortened_code) to poison deduplication, rendering MLAllowlist dead code and allowing certain pickle paylo...

9.8CVSS5.9AI score0.00321EPSS
Exploits1References4Affected Software1
osv
osv
added 2026/07/04 1:31 p.m.3 views

CVE-2026-14535 Fickling MLAllowlist analysis pass rendered inoperative by shared mutable state in AnalysisContext.shorten_code()

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...

8.8CVSS5.9AI score0.00321EPSS
Exploits1References7
euvd
euvd
added 2026/07/04 1:25 p.m.11 views

EUVD-2026-41675

Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...

8.8CVSS5.8AI score0.00342EPSS
Exploits1References4
cve
cve
added 2026/07/04 1:25 p.m.31 views

CVE-2026-14534

The CVE-2026-14534 issue affects the Python package fickling, up to version 0.1.10. The root cause is that the UNSAFE_IMPORTS denylist omits three standard library modules — _posixsubprocess, site, and atexit — causing check_safety() to return LIKELY_SAFE and allowing pickle payloads to deseriali...

8.8CVSS5.8AI score0.00342EPSS
Exploits1References4Affected Software1
nvd
nvd
added 2026/07/04 2:16 a.m.12 views

CVE-2025-71359

picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load...

8.1CVSS0.00427EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/04 1:23 a.m.40 views

CVE-2025-71369 picklescan - Unsafe Deserialization via torch.utils.data.datapipes.utils.decoder.basichandlers

picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote attackers can embed undetected malicious code in pickle files that executes during deserialization,...

8.1CVSS0.00445EPSS
Exploits0References2
osv
osv
added 2026/07/04 1:23 a.m.7 views

CVE-2025-71369 picklescan - Unsafe Deserialization via torch.utils.data.datapipes.utils.decoder.basichandlers

picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote attackers can embed undetected malicious code in pickle files that executes during deserialization,...

7.6CVSS6.3AI score0.00445EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/07/04 1:23 a.m.11 views

CVE-2025-71369

picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote attackers can embed undetected malicious code in pickle files that executes during deserialization,...

8.1CVSS6.3AI score0.00445EPSS
Exploits0References3
cve
cve
added 2026/07/04 1:23 a.m.15 views

CVE-2025-71362

The vulnerability CVE-2025-71362 affects the Python tool picklescan prior to version 0.0.33. It fails to detect unsafe deserialization when numpy.f2py.crackfortran calls eval on arbitrary strings, allowing an attacker to embed malicious code in pickle files that executes upon loading from untrust...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
euvd
euvd
added 2026/07/04 1:23 a.m.16 views

EUVD-2025-210416

picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load...

8.1CVSS6.3AI score0.00427EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/04 1:23 a.m.8 views

CVE-2025-71347

picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.parameval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed undetected code in pickle files that executes during deserialization, enabling arbitrary cod...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/04 1:23 a.m.6 views

CVE-2025-71345

picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.main.runautogradprof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution...

8.1CVSS6.3AI score0.00427EPSS
Exploits0References3
Rows per page
Query Builder