Lucene search
K

33 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2025-71342

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks...

8.1CVSS6.6AI score0.00427EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 10:16 p.m.13 views

CVE-2025-71340

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load, enabling supply chain attacks o...

8.1CVSS0.003EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 9:41 p.m.7 views

CVE-2025-71340

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load, enabling supply chain attacks o...

8.1CVSS6.1AI score0.003EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 9:41 p.m.24 views

CVE-2025-71340 picklescan - Remote Code Execution via idlelib.pyshell.ModifiedInterpreter.runcode

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load, enabling supply chain attacks o...

8.1CVSS0.003EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52617

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.30 Description The software fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode within reduce methods. This allows attackers to embed undetected code in pickle files...

8.1CVSS6AI score0.003EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.11 views

CVE-2026-31228

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...

9.8CVSS6.5AI score0.0061EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 12:0 a.m.8 views

CVE-2026-31228

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...

6.5AI score0.0061EPSS
Exploits0References2
Elastic
Elastic
added 2026/03/19 4:59 p.m.11 views

Elasticsearch 8.19.8, 9.1.8 Security Update (ESA-2026-18)

Deserialization of Untrusted Data in Elasticsearch Leading to Remote Code Execution Dependency on Vulnerable Third-Party Component CWE-1395 exists in PyTorch used by the machine learning model loading component in Elasticsearch that can allow an attacker to achieve remote code execution via Objec...

9.8CVSS8AI score0.01878EPSS
Exploits1
OSV
OSV
added 2025/12/30 3:24 p.m.1 views

GHSA-46H3-79WF-XR6C Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.attrgetter

Summary Picklescan uses operator.attrgetter, which is a built-in python library function to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the operator.attrgetter function in the reduce method. - Then,...

9.3CVSS7.7AI score0.00445EPSS
Exploits0References4
OSV
OSV
added 2025/12/29 8:3 p.m.4 views

GHSA-X843-G5MX-G377 Picklescan is vulnerable to RCE through missing detection when calling built-in python operator.methodcaller

Summary Picklescan uses operator.methodcaller, which is a built-in python library function to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the operator.methodcaller function in method reduce. - Then,...

8.7CVSS7.7AI score0.00444EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2025/12/03 9:30 a.m.1 views

Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code

Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively bypassing the tool's protections. Picklescan, developed and maintained by Matthieu Maitre...

9.8CVSS8.2AI score0.01428EPSS
Exploits3
Github Security Blog
Github Security Blog
added 2025/09/10 5:15 p.m.10 views

Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports

Summary The vulnerability allows malicious actors to bypass PickleScan's unsafe globals check, leading to potential arbitrary code execution. The issue stems from PickleScan's strict check for full module names against its list of unsafe globals. By using subclasses of dangerous imports instead o...

9.3CVSS8AI score0.00761EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/26 9:40 p.m.8 views

Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start

Summary Using asyncio.unixevents.UnixSubprocessTransport.start function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

7.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/26 9:39 p.m.2 views

GHSA-49GJ-C84Q-6QM9 Picklescan is missing detection when calling built-in python cProfile.run

Summary Using cProfile.run function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.run function in reduce method Then when the victim after checkin...

8.1CVSS7.9AI score0.00585EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/08/26 9:38 p.m.8 views

Picklescan is missing detection when calling built-in python doctest.debug_script

Summary Using doctest.debugscript function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to doctest.debugscript function in reduce method Then when the victim...

7.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/26 9:36 p.m.5 views

Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand

Summary Using idlelib.pyshell.ModifiedInterpreter.runcommand function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

7.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/26 9:35 p.m.6 views

Picklescan is missing detection when calling built-in python idlelib.run.Executive.runcode

Summary Using idlelib.run.Executive.runcode function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.run.Executive.runcode function in reduce method...

7.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/26 9:34 p.m.7 views

Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label

Summary Using lib2to3.pgen2.pgen.ParserGenerator.makelabel function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

7.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/26 9:34 p.m.6 views

GHSA-XP4F-HRF8-RXW7 Picklescan is missing detection when calling built-in python ensurepip._run_pip

Summary Using ensurepip.runpip function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to ensurepip.runpip function in reduce method Then when the victim after...

8.1CVSS7.9AI score0.00367EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/08/26 6:37 p.m.6 views

Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.fetch_completions

Summary Using idlelib.autocomplete.AutoComplete.fetchcompletions, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

7.9AI score
Exploits0References3Affected Software1
Rows per page
Query Builder