Lucene search
K

20 matches found

EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2025-210392

picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when used in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files that bypass picklescan detection and achieve code execution upon...

8.1CVSS6.5AI score0.00638EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:16 p.m.6 views

CVE-2025-71363

picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with cProfile.run payloads that bypass picklescan detection and achieve code execution upon deserializatio...

8.1CVSS0.00585EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:16 p.m.7 views

CVE-2025-71374

picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when used in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files that bypass picklescan detection and achieve code execution upon...

8.1CVSS0.00638EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:8 p.m.15 views

CVE-2025-71374

CVE-2025-71374 affects picklescan prior to 0.0.29. The library fails to detect the built-in Python profile.Profile.run function when used in pickle reduce methods, enabling remote attackers to craft malicious pickle files that bypass detection and achieve code execution upon deserialization. The ...

8.1CVSS6.5AI score0.00638EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.26 views

CVE-2025-71374 picklescan - Arbitrary Code Execution via Undetected profile.Profile.run

picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when used in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files that bypass picklescan detection and achieve code execution upon...

8.1CVSS0.00638EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 10:8 p.m.4 views

CVE-2025-71374 picklescan - Arbitrary Code Execution via Undetected profile.Profile.run

picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when used in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files that bypass picklescan detection and achieve code execution upon...

7.6CVSS6.6AI score0.00638EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 10:8 p.m.12 views

CVE-2025-71363

CVE-2025-71363 affects the picklescan tool prior to 0.0.30. It fails to detect cProfile.run calls within pickle reduce methods, enabling remote attackers to craft malicious pickle files with cProfile.run payloads that bypass picklescan detection and cause code execution during deserialization.

8.1CVSS6.5AI score0.00585EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.20 views

PT-2026-54012

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.29 Description The software fails to detect the built-in Python profile.Profile.run function when it is utilized within pickle reduce methods. This allows remote attackers to craft malicious pickle files that...

8.1CVSS6.4AI score0.00638EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-455 PickleScan's profile.run blocklist mismatch allows exec() bypass

Summary picklescan v1.0.3 blocks profile.Profile.run and profile.Profile.runctx but does NOT block the module-level profile.run function. A malicious pickle calling profile.runstatement achieves arbitrary code execution via exec while picklescan reports 0 issues. This is because the blocklist ent...

9.8CVSS6.5AI score0.0046EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/17 3:5 p.m.19 views

CVE-2026-53873 picklescan - Arbitrary Code Execution via profile.run() Blocklist Bypass

picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level profile.run function, allowing attackers to achieve arbitrary code execution via exec. Attackers can craft malicious pickle files calling profile.runstatement to execute arbitrary...

9.8CVSS0.0046EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/03 8:3 p.m.18 views

Incomplete List of Disallowed Inputs

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the unsafeglobals function. An attacker can execute arbitrary code by crafting a malicious pickle that...

10CVSS6.4AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/03 8:3 p.m.11 views

PickleScan's profile.run blocklist mismatch allows exec() bypass

Summary picklescan v1.0.3 blocks profile.Profile.run and profile.Profile.runctx but does NOT block the module-level profile.run function. A malicious pickle calling profile.runstatement achieves arbitrary code execution via exec while picklescan reports 0 issues. This is because the blocklist ent...

9.8CVSS6.6AI score0.0046EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/03 8:3 p.m.5 views

GHSA-7WX9-6375-F5WH PickleScan's profile.run blocklist mismatch allows exec() bypass

Summary picklescan v1.0.3 blocks profile.Profile.run and profile.Profile.runctx but does NOT block the module-level profile.run function. A malicious pickle calling profile.runstatement achieves arbitrary code execution via exec while picklescan reports 0 issues. This is because the blocklist ent...

9.8CVSS6.6AI score0.0046EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.17 views

PT-2026-50467

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 1.0.4 Description An incomplete blocklist for the profile module fails to block the module-level profile.run function. This allows attackers to achieve arbitrary code execution via exec by crafting malicious pickle...

9.8CVSS6.4AI score0.0046EPSS
Exploits0References10
EUVD
EUVD
added 2026/01/10 1:35 a.m.3 views

EUVD-2026-1687

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...

9.3CVSS6.6AI score0.0044EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-29524

Malicious code in bioql PyPI...

6.6AI score
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29438

Malicious code in bioql PyPI...

6.6AI score
Exploits0References3
Veracode
Veracode
added 2025/09/24 6:0 a.m.6 views

Insecure Deserialization

picklescan is vulnerable to insecure deserialization. The vulnerability is due to executing remote pickle files using profile.Profile.run, which allows an attacker to run arbitrary code on the system...

7.7AI score
Exploits0
OSV
OSV
added 2025/08/26 6:35 p.m.4 views

GHSA-X696-VM39-CP64 Picklescan has a missing detection when calling built-in python profile.Profile.run

Summary Using profile.Profile.run, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to profile.Profile.run function in reduce method Then when the victim after...

8.1CVSS7.9AI score0.00638EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/08/26 6:35 p.m.15 views

Picklescan has a missing detection when calling built-in python profile.Profile.run

Summary Using profile.Profile.run, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to profile.Profile.run function in reduce method Then when the victim after...

7.9AI score
Exploits0References3Affected Software1
Rows per page
Query Builder