Lucene search
K

1615 matches found

EUVD
EUVD
added 2026/07/04 1:23 a.m.8 views

EUVD-2025-210423

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypassing Picklescan's safety checks and enabling...

8.1CVSS6.3AI score0.00379EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/04 1:23 a.m.10 views

EUVD-2025-210422

picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote attackers can embed undetected malicious code in pickle files that executes during deserialization,...

8.1CVSS6.3AI score0.00445EPSS
Exploits0References2
CVE
CVE
added 2026/07/04 1:23 a.m.19 views

CVE-2025-71372

Summary: CVE-2025-71372 affects Picklescan prior to 0.0.33. The vulnerability arises from failure to detect the numpy.f2py.crackfortran.getlincoef gadget within pickle reduce methods, enabling an attacker to craft malicious pickle files that execute arbitrary Python code when loaded and could poi...

8.1CVSS6.3AI score0.00379EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/04 1:23 a.m.8 views

EUVD-2025-210421

picklescan before 0.0.34 fails to detect operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using operator.attrgetter in reduce methods to execute arbitrary code when pickle.load processes the file...

8.1CVSS6.3AI score0.00445EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.35 views

CVE-2025-71367 picklescan - Remote Code Execution via _operator.attrgetter Detection Bypass

picklescan before 0.0.34 fails to detect operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using operator.attrgetter in reduce methods to execute arbitrary code when pickle.load processes the file...

8.1CVSS0.00445EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.10 views

CVE-2025-71367

picklescan before 0.0.34 fails to detect operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using operator.attrgetter in reduce methods to execute arbitrary code when pickle.load processes the file...

8.1CVSS6.3AI score0.00445EPSS
Exploits0References3
CVE
CVE
added 2026/07/04 1:23 a.m.16 views

CVE-2025-71367

CVE-2025-71367 affects picklescan before 0.0.34. The root cause is a failure to detect _operator.attrgetter calls inside pickle payloads, allowing remote attackers to craft malicious pickle files using _operator.attrgetter in reduce methods and achieve arbitrary code execution when pickle.load() ...

8.1CVSS6.3AI score0.00445EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/04 1:23 a.m.9 views

EUVD-2025-210420

picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.main.runcprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.38 views

CVE-2025-71366 picklescan - Arbitrary Code Execution via torch.utils.bottleneck.__main__.run_cprofile

picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.main.runcprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files...

8.1CVSS0.00445EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.7 views

CVE-2025-71366

picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.main.runcprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References3
CVE
CVE
added 2026/07/04 1:23 a.m.13 views

CVE-2025-71366

CVE-2025-71366 affects picklescan versions before 0.0.28. The flaw is a failure to detect malicious torch.utils.bottleneck.main .run_cprofile calls inside pickle files, allowing remote attackers to embed undetected code that executes when a victim loads the pickle. The available documents do not ...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.8 views

CVE-2025-71362

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

8.1CVSS6.1AI score0.003EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.31 views

CVE-2025-71364 picklescan - Arbitrary Code Execution via Undetected asyncio.unix_events._UnixSubprocessTransport._start

picklescan before 0.0.30 fails to detect the asyncio.unixevents.UnixSubprocessTransport.start function in pickle reduce methods, allowing remote code execution. Attackers can craft malicious pickle files embedding this built-in function that evade detection but execute arbitrary commands when...

8.1CVSS0.00555EPSS
Exploits0References2
CVE
CVE
added 2026/07/04 1:23 a.m.21 views

CVE-2025-71364

CVE-2025-71364 affects picklescan prior to 0.0.30, which fails to detect the builtin function asyncio.unix_events._UnixSubprocessTransport._start inside pickle reduce methods. This allows an attacker to craft malicious pickle payloads that evade detection and execute arbitrary commands upon loadi...

8.1CVSS6.5AI score0.00555EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.5 views

CVE-2025-71364

picklescan before 0.0.30 fails to detect the asyncio.unixevents.UnixSubprocessTransport.start function in pickle reduce methods, allowing remote code execution. Attackers can craft malicious pickle files embedding this built-in function that evade detection but execute arbitrary commands when...

8.1CVSS6.5AI score0.00555EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.30 views

CVE-2025-71362 picklescan - Arbitrary Code Execution via Unsafe Deserialization in numpy.f2py.crackfortran

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

8.1CVSS0.003EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/04 1:23 a.m.7 views

EUVD-2025-210418

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/04 1:23 a.m.7 views

EUVD-2025-210419

picklescan before 0.0.30 fails to detect the asyncio.unixevents.UnixSubprocessTransport.start function in pickle reduce methods, allowing remote code execution. Attackers can craft malicious pickle files embedding this built-in function that evade detection but execute arbitrary commands when...

8.1CVSS6.5AI score0.00555EPSS
Exploits0References2
CVE
CVE
added 2026/07/04 1:23 a.m.14 views

CVE-2025-71362

The vulnerability CVE-2025-71362 affects the Python tool picklescan prior to version 0.0.33. It fails to detect unsafe deserialization when numpy.f2py.crackfortran calls eval on arbitrary strings, allowing an attacker to embed malicious code in pickle files that executes upon loading from untrust...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/04 1:23 a.m.8 views

EUVD-2025-210417

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
Rows per page
Query Builder