Lucene search
K

341 matches found

EUVD
EUVD
added 2025/12/30 3:20 p.m.5 views

EUVD-2025-205781

Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.evallength...

6.4AI score
Exploits0References5
Snyk
Snyk
added 2025/12/30 3:20 p.m.4 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the numpy.f2py.crackfortran.evallength function. An attacker can execute arbitrary code by crafting a...

8.4CVSS6.1AI score
Exploits0References3
OSV
OSV
added 2025/12/30 3:20 p.m.2 views

GHSA-6556-FWC2-FG2P Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length

Summary Picklescan uses the numpy.f2py.crackfortran.evallength function a NumPy F2PY helper to execute arbitrary Python code during unpickling. Details Picklescan fails to detect a malicious pickle that uses the gadget numpy.f2py.crackfortran.evallength in reduce, allowing arbitrary command...

7.6CVSS7.8AI score0.00301EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/30 3:18 p.m.5 views

EUVD-2025-205782

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef...

6.4AI score
Exploits0References5
OSV
OSV
added 2025/12/30 3:18 p.m.5 views

GHSA-RRXM-2PVV-M66X Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef

Summary Picklescan uses the numpy.f2py.crackfortran.getlincoef function a NumPy F2PY helper to execute arbitrary Python code during unpickling. Details Picklescan fails to detect a malicious pickle that uses the gadget numpy.f2py.crackfortran.getlincoef in reduce, allowing arbitrary command...

9.2CVSS7.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.18 views

PT-2026-51383

Name of the Vulnerable Software and Affected Versions Picklescan versions prior to 0.0.33 Description Picklescan fails to detect the numpy.f2py.crackfortran. eval length gadget within pickle reduce methods. This allows attackers to craft malicious pickle files that execute arbitrary Python code...

8.1CVSS6.2AI score0.00301EPSS
Exploits0References11
EUVD
EUVD
added 2025/12/29 10:44 p.m.3 views

EUVD-2025-205659

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.parameval...

6.4AI score
Exploits0References5
OSV
OSV
added 2025/12/29 10:44 p.m.6 views

GHSA-CFFC-MXRF-MHH4 Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval

Summary Picklescan uses numpy.f2py.crackfortran.parameval, which is a function in numpy to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the numpy.f2py.crackfortran.parameval function via reduce method....

7.7AI score
Exploits0References5
OSV
OSV
added 2025/12/29 8:4 p.m.3 views

GHSA-3329-GHMP-JMV5 Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval

Summary Picklescan uses numpy.f2py.crackfortran.myeval, which is a function in numpy to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the numpy.f2py.crackfortran.myeval function in its reduce method -...

8.7CVSS7.7AI score
Exploits0References4
Snyk
Snyk
added 2025/12/29 8:4 p.m.4 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to using the numpy.f2py.crackfortran.myeval function, which executes a remote pickle file. An attacker ca...

8.4CVSS7.7AI score
Exploits0References3
EUVD
EUVD
added 2025/12/29 8:4 p.m.7 views

EUVD-2025-205638

Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval...

6.4AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/29 8:4 p.m.7 views

Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval

Summary Picklescan uses numpy.f2py.crackfortran.myeval, which is a function in numpy to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the numpy.f2py.crackfortran.myeval function in its reduce method -...

7.9AI score
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/12/29 8:3 p.m.4 views

EUVD-2025-205639

Picklescan is vulnerable to RCE through missing detection when calling built-in python operator.methodcaller...

6.4AI score
Exploits0References4
OSV
OSV
added 2025/12/29 8:3 p.m.4 views

GHSA-X843-G5MX-G377 Picklescan is vulnerable to RCE through missing detection when calling built-in python operator.methodcaller

Summary Picklescan uses operator.methodcaller, which is a built-in python library function to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the operator.methodcaller function in method reduce. - Then,...

8.7CVSS7.7AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/29 8:3 p.m.10 views

Picklescan is vulnerable to RCE through missing detection when calling built-in python operator.methodcaller

Summary Picklescan uses operator.methodcaller, which is a built-in python library function to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the operator.methodcaller function in method reduce. - Then,...

7.9AI score
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/12/29 3:27 p.m.4 views

EUVD-2025-205587

Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef...

6.4AI score
Exploits0References5
OSV
OSV
added 2025/12/29 3:27 p.m.3 views

GHSA-R8G5-CGF2-4M4M Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef

Summary An unsafe deserialization vulnerability allows an attacker to execute arbitrary code on the host when loading a malicious pickle payload from an untrusted source. Details The numpy.f2py.crackfortran module exposes many functions that call eval on arbitrary strings of values. This is the...

9.3CVSS7.7AI score
Exploits0References5
EUVD
EUVD
added 2025/12/29 3:26 p.m.3 views

EUVD-2025-205588

Picklescan Bypasses Unsafe Globals Check using pty.spawn...

6.4AI score
Exploits0References5
EUVD
EUVD
added 2025/12/29 3:24 p.m.5 views

EUVD-2025-205589

Picklescan missing detection when calling pty.spawn...

6.4AI score
Exploits0References5
EUVD
EUVD
added 2025/12/29 3:24 p.m.3 views

EUVD-2025-205590

Picklescan has Incomplete List of Disallowed Inputs...

6.5AI score
Exploits0References5
Rows per page
Query Builder