Lucene search
K

67 matches found

RedhatCVE
RedhatCVE
added last week4 views

CVE-2026-14534

A flaw was found in the fickling library, which is designed to safely handle Python pickle data. The library's security checks in versions up to and including 0.1.10 fail to properly identify and block certain dangerous Python standard library modules during deserialization. This oversight allows...

8.8CVSS6.2AI score0.00342EPSS
Exploits1References7
Snyk
Snyk
added 2026/07/04 3:15 p.m.6 views

Protection Mechanism Failure

Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Protection Mechanism Failure due to shared mutable state in the shortencode function. An attacker can execute arbitrary code by providing a malicious pickle payload...

9.8CVSS6.3AI score0.00321EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/04 3:12 a.m.8 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the asyncio.unixevents.UnixSubprocessTransport.start function. An attacker can execute arbitrary commands...

8.1CVSS6.2AI score0.00555EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:16 p.m.6 views

CVE-2025-71352

picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and...

8.1CVSS0.00637EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-456 PickleScan's pkgutil.resolve_name has a universal blocklist bypass

Summary pkgutil.resolvename is a Python stdlib function that resolves any "module:attribute" string to the corresponding Python object at runtime. By using pkgutil.resolvename as the first REDUCE call in a pickle, an attacker can obtain a reference to ANY blocked function e.g., os.system,...

10CVSS5.8AI score0.00623EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/21 3:13 p.m.4 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the cProfile.runctx function in pickle file reduce methods. An attacker can execute arbitrary code by...

8.1CVSS6.2AI score0.00338EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.12 views

CVE-2026-31237

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 through its predict method. When a user provides a dataset file path to the predict method, the framework automatically determines the file format. If the file is a pickle .pkl file, it is loaded using...

9.8CVSS6.3AI score0.006EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 4:16 p.m.14 views

CVE-2026-31224

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the MultitaskClassifier.load method of the MultitaskClassifier class. The method loads model weight files using torch.load without enabling the security-restrictive weightsonly=True parameter. This...

8.8CVSS0.00392EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 12:0 a.m.19 views

CVE-2026-31229

The ART (Adversarial Robustness Toolbox) package up to v1.20.1 contains an insecure deserialization vulnerability in its Kubeflow component’s model loading path. Loading model weights (e.g., model.pt) uses torch.load() without weights_only=True, allowing arbitrary Python object deserialization vi...

9.8CVSS6.3AI score0.006EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40053

The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 2025-20-27 contains an insecure deserialization vulnerability CWE-502. The script uses torch.load to process PyTorch checkpoint files .pt without enabling the security-restrictiv...

6.3AI score0.00486EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/21 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-33155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler...

8.7CVSS6.1AI score0.00452EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/03 8:3 p.m.18 views

Incomplete List of Disallowed Inputs

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the unsafeglobals function. An attacker can execute arbitrary code by crafting a malicious pickle that...

10CVSS6.4AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/02/13 12:28 a.m.6 views

SUSE CVE-2025-69872

DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...

9.8CVSS6.4AI score0.00521EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-69872

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve...

9.8CVSS8.1AI score0.00521EPSS
Exploits1References3
OSV
OSV
added 2026/02/11 9:30 p.m.4 views

GHSA-W8V5-VHQR-4H9V DiskCache has unsafe pickle deserialization

DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...

7CVSS7.6AI score0.00521EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/11 12:0 a.m.2 views

CVE-2025-69872

DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...

6.4AI score0.00521EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.7 views

CVE-2025-69872

DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...

9.8CVSS7.6AI score0.00521EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/11 12:0 a.m.24 views

CVE-2025-69872

DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...

0.00521EPSS
Exploits1References2
OSV
OSV
added 2026/02/11 12:0 a.m.5 views

CVE-2025-69872

DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...

9.8CVSS6.4AI score0.00521EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.10 views

DiskCache 安全漏洞

DiskCache: Disk Backed Cache is a disk backup cache tool developed by Grant Jenks. Versions of DiskCache 5.6.3 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the default use of Python pickle for serialization, which could allow attackers to execute arbitrary co...

9.8CVSS7.6AI score0.00521EPSS
Exploits1References2
Rows per page
Query Builder