Lucene search
+L

1690 matches found

osv
osv
added 2026/07/04 1:23 a.m.3 views

CVE-2025-71367 picklescan - Remote Code Execution via _operator.attrgetter Detection Bypass

picklescan before 0.0.34 fails to detect operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using operator.attrgetter in reduce methods to execute arbitrary code when pickle.load processes the file...

7.6CVSS6.3AI score0.00445EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/07/04 1:23 a.m.8 views

CVE-2025-71366

picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.main.runcprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References3
euvd
euvd
added 2026/07/04 1:23 a.m.10 views

EUVD-2025-210420

picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.main.runcprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/04 1:23 a.m.39 views

CVE-2025-71366 picklescan - Arbitrary Code Execution via torch.utils.bottleneck.__main__.run_cprofile

picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.main.runcprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files...

8.1CVSS0.00445EPSS
Exploits0References2
cve
cve
added 2026/07/04 1:23 a.m.18 views

CVE-2025-71366

CVE-2025-71366 affects picklescan versions before 0.0.28. The flaw is a failure to detect malicious torch.utils.bottleneck.main .run_cprofile calls inside pickle files, allowing remote attackers to embed undetected code that executes when a victim loads the pickle. The available documents do not ...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References2
osv
osv
added 2026/07/04 1:23 a.m.4 views

CVE-2025-71366 picklescan - Arbitrary Code Execution via torch.utils.bottleneck.__main__.run_cprofile

picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.main.runcprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files...

7.6CVSS6.6AI score0.00445EPSS
Exploits0References4
cve
cve
added 2026/07/04 1:23 a.m.25 views

CVE-2025-71364

CVE-2025-71364 affects picklescan prior to 0.0.30, which fails to detect the builtin function asyncio.unix_events._UnixSubprocessTransport._start inside pickle reduce methods. This allows an attacker to craft malicious pickle payloads that evade detection and execute arbitrary commands upon loadi...

8.1CVSS6.5AI score0.00555EPSS
Exploits0References2
cve
cve
added 2026/07/04 1:23 a.m.15 views

CVE-2025-71362

The vulnerability CVE-2025-71362 affects the Python tool picklescan prior to version 0.0.33. It fails to detect unsafe deserialization when numpy.f2py.crackfortran calls eval on arbitrary strings, allowing an attacker to embed malicious code in pickle files that executes upon loading from untrust...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
euvd
euvd
added 2026/07/04 1:23 a.m.8 views

EUVD-2025-210419

picklescan before 0.0.30 fails to detect the asyncio.unixevents.UnixSubprocessTransport.start function in pickle reduce methods, allowing remote code execution. Attackers can craft malicious pickle files embedding this built-in function that evade detection but execute arbitrary commands when...

8.1CVSS6.5AI score0.00555EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/04 1:23 a.m.9 views

CVE-2025-71362

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

8.1CVSS6.1AI score0.003EPSS
Exploits0References3
euvd
euvd
added 2026/07/04 1:23 a.m.8 views

EUVD-2025-210418

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/04 1:23 a.m.32 views

CVE-2025-71364 picklescan - Arbitrary Code Execution via Undetected asyncio.unix_events._UnixSubprocessTransport._start

picklescan before 0.0.30 fails to detect the asyncio.unixevents.UnixSubprocessTransport.start function in pickle reduce methods, allowing remote code execution. Attackers can craft malicious pickle files embedding this built-in function that evade detection but execute arbitrary commands when...

8.1CVSS0.00555EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/04 1:23 a.m.31 views

CVE-2025-71362 picklescan - Arbitrary Code Execution via Unsafe Deserialization in numpy.f2py.crackfortran

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

8.1CVSS0.003EPSS
Exploits0References2
osv
osv
added 2026/07/04 1:23 a.m.3 views

CVE-2025-71362 picklescan - Arbitrary Code Execution via Unsafe Deserialization in numpy.f2py.crackfortran

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

7.6CVSS6.1AI score0.003EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/07/04 1:23 a.m.6 views

CVE-2025-71364

picklescan before 0.0.30 fails to detect the asyncio.unixevents.UnixSubprocessTransport.start function in pickle reduce methods, allowing remote code execution. Attackers can craft malicious pickle files embedding this built-in function that evade detection but execute arbitrary commands when...

8.1CVSS6.5AI score0.00555EPSS
Exploits0References3
osv
osv
added 2026/07/04 1:23 a.m.4 views

CVE-2025-71364 picklescan - Arbitrary Code Execution via Undetected asyncio.unix_events._UnixSubprocessTransport._start

picklescan before 0.0.30 fails to detect the asyncio.unixevents.UnixSubprocessTransport.start function in pickle reduce methods, allowing remote code execution. Attackers can craft malicious pickle files embedding this built-in function that evade detection but execute arbitrary commands when...

7.6CVSS6.5AI score0.00555EPSS
Exploits0References4
euvd
euvd
added 2026/07/04 1:23 a.m.8 views

EUVD-2025-210417

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
osv
osv
added 2026/07/04 1:23 a.m.3 views

CVE-2025-71360 picklescan - Remote Code Execution via Undetected idlelib.calltip.get_entity

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

7.6CVSS6.1AI score0.003EPSS
Exploits0References4
cve
cve
added 2026/07/04 1:23 a.m.19 views

CVE-2025-71360

The CVE-2025-71360 entry concerns picklescan prior to 0.0.29, where the tool fails to detect malicious pickle payloads that rely on idlelib.calltip.get_entity within reduce methods. Impact: attackers could embed code in pickle files that executes remote commands when loaded by victims. The vulner...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/04 1:23 a.m.6 views

CVE-2025-71360

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS6.1AI score0.003EPSS
Exploits0References3
Rows per page
Query Builder