Lucene search
K

99 matches found

EUVD
EUVD
added 16 hours ago4 views

EUVD-2025-210385

picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using trace.Trace.run in the reduce method to achieve arbitrary code execution when...

8.1CVSS6.4AI score
Exploits0References3
EUVD
EUVD
added 16 hours ago4 views

EUVD-2025-210389

picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with cProfile.run payloads that bypass picklescan detection and achieve code execution upon deserializatio...

8.1CVSS6.5AI score
Exploits0References3
NVD
NVD
added yesterday3 views

CVE-2025-71350

picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collectenv.run function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS
Exploits0References2
NVD
NVD
added yesterday3 views

CVE-2025-71349

picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using trace.Trace.run in the reduce method to achieve arbitrary code execution when...

8.1CVSS
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2025-71368

picklescan before 0.0.30 fails to detect the doctest.debugscript function when analyzing pickle files, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files embedding doctest.debugscript calls that bypass picklescan detection and execute arbitrary command...

8.1CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday15 views

CVE-2025-71368 picklescan - Arbitrary Code Execution via Undetected doctest.debug_script

picklescan before 0.0.30 fails to detect the doctest.debugscript function when analyzing pickle files, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files embedding doctest.debugscript calls that bypass picklescan detection and execute arbitrary command...

8.1CVSS
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2025-71352

The CVE-2025-71352 entry affects the Python-based tool picklescan (pre-0.0.29). The issue: picklescan fails to detect the built-in Python function trace.Trace.runctx when it is used inside pickle file reduce methods, enabling remote attackers to craft malicious pickle files that bypass detection ...

8.1CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added yesterday14 views

CVE-2025-71352 picklescan - Remote Code Execution via Undetected trace.Trace.runctx in Pickle Files

picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and...

8.1CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday13 views

CVE-2025-71350 picklescan - Undetected Remote Code Execution via torch.utils.collect_env.run

picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collectenv.run function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2025-71350

CVE-2025-71350 concerns the Python package picklescan, with version pre-0.0.28 vulnerable. The issue arises because picklescan fails to detect malicious pickle payloads that leverage torch.utils.collect_env.run within reduce methods, enabling attackers to embed code in pickle files that may execu...

8.1CVSS5.9AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2025-71349

The affected software is picklescan with versions before 0.0.29. The vulnerability arises because the tool fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing an attacker to embed malicious code. Remote attackers can craft pickle files that use trace.Trace....

8.1CVSS6.4AI score
Exploits0References2
Cvelist
Cvelist
added yesterday14 views

CVE-2025-71349 picklescan - Arbitrary Code Execution via Undetected trace.Trace.run in Pickle Files

picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using trace.Trace.run in the reduce method to achieve arbitrary code execution when...

8.1CVSS
Exploits0References2
NVD
NVD
added 2026/06/24 1:16 p.m.9 views

CVE-2025-71354

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. Attackers can craft pickle files with embedded code that bypasses picklescan detection and executes arbitrary commands when pickle.load is called...

8.1CVSS0.00253EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 1:16 p.m.7 views

CVE-2025-71361

picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetchtip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load...

8.1CVSS0.00339EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.6 views

CVE-2025-71361

picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetchtip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load...

8.1CVSS6.4AI score0.00339EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 11:53 a.m.7 views

EUVD-2025-210328

picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetchtip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load...

8.1CVSS6.4AI score0.00339EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 11:53 a.m.7 views

CVE-2025-71361

CVE-2025-71361 affects the Python package picklescan, specifically versions prior to 0.0.29. The issue is that picklescan fails to detect malicious calls to idlelib.calltip.Calltip.fetch_tip embedded in pickle files, enabling remote code execution when a pickle is loaded (pickle.load()). The CVSS...

8.1CVSS6.4AI score0.00339EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 11:53 a.m.33 views

CVE-2025-71361 picklescan - Remote Code Execution via Undetected idlelib.calltip.Calltip.fetch_tip

picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetchtip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load...

8.1CVSS0.00339EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 11:53 a.m.8 views

EUVD-2025-210327

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. Attackers can craft pickle files with embedded code that bypasses picklescan detection and executes arbitrary commands when pickle.load is called...

8.1CVSS6.1AI score0.00253EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 1:16 p.m.11 views

CVE-2026-56315

picklescan before 1.0.4 fails to block at least seven Python standard library modules including uuid, osxsupport, aixsupport, pyrepl.pager, and imaplib exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files importing these unblocked...

9.8CVSS0.00757EPSS
Exploits0References2
Rows per page
Query Builder