Lucene search
K

19 matches found

NVD
NVD
added 2026/07/04 2:16 a.m.11 views

CVE-2025-71359

picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load...

8.1CVSS0.00427EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/04 1:23 a.m.6 views

EUVD-2025-210413

picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.parameval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed undetected code in pickle files that executes during deserialization, enabling arbitrary cod...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:16 p.m.7 views

CVE-2025-71374

picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when used in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files that bypass picklescan detection and achieve code execution upon...

8.1CVSS0.00638EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:16 p.m.6 views

CVE-2025-71363

picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with cProfile.run payloads that bypass picklescan detection and achieve code execution upon deserializatio...

8.1CVSS0.00585EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.18 views

PT-2026-54007

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.29 Description The software fails to detect the built-in Python trace.Trace.runctx function when it is used within pickle file reduce methods. This allows remote attackers to craft malicious pickle files...

8.1CVSS6.2AI score0.00637EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 1:16 p.m.13 views

CVE-2025-71365

picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded...

8.1CVSS0.003EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:12 p.m.6 views

EUVD-2025-210305

picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution whe...

8.1CVSS6.5AI score0.00466EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:12 p.m.4 views

CVE-2025-71365

picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded...

8.1CVSS6.3AI score0.003EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 12:12 p.m.33 views

CVE-2025-71365 picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran.myeval Detection Bypass

picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded...

8.1CVSS0.003EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:4 p.m.4 views

CVE-2025-71339

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.evallength gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded by victims who trust Picklescan's safety validation...

8.1CVSS6.2AI score0.00301EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 9:4 p.m.7 views

EUVD-2025-210301

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.evallength gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded by victims who trust Picklescan's safety validation...

8.1CVSS6.2AI score0.00301EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.12 views

PT-2026-51215

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.25 Description The software fails to detect malicious pickle files that utilize the timeit.timeit function within the reduce method. This allows for remote code execution, as attackers can craft pickle files th...

7.6CVSS6.4AI score0.00418EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/08/26 9:38 p.m.8 views

Picklescan is missing detection when calling built-in python doctest.debug_script

Summary Using doctest.debugscript function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to doctest.debugscript function in reduce method Then when the victim...

7.9AI score
Exploits0References3Affected Software1
Snyk
Snyk
added 2025/08/22 4:58 p.m.2 views

Remote Code Execution (RCE)

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution RCE due to insufficient detection in the reduce method involving the torch.jit.unsupportedtensorops.execWrapper function...

6.7CVSS8.1AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/22 4:58 p.m.7 views

Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper

Summary Using torch.jit.unsupportedtensorops.execWrapper function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.jit.unsupportedtensorops.execWrapper function...

7.9AI score
Exploits0References5Affected Software1
OSV
OSV
added 2025/08/22 4:58 p.m.4 views

GHSA-VR7H-P6MM-WPMH Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper

Summary Using torch.jit.unsupportedtensorops.execWrapper function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.jit.unsupportedtensorops.execWrapper function...

8.1CVSS7.9AI score0.00379EPSS
Exploits0References5
Snyk
Snyk
added 2025/08/22 4:57 p.m.2 views

Remote Code Execution (RCE)

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution RCE due to the use of torch.utils.collectenv.run in the reduce method. An attacker can execute arbitrary code by crafting...

6.7CVSS8.7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/22 4:56 p.m.4 views

Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get

Summary Using torch.dynamo.guards.GuardBuilder.get function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.dynamo.guards.GuardBuilder.get function in reduce...

7.9AI score
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2020/05/15 12:0 a.m.5 views

PT-2020-13328

Name of the Vulnerable Software and Affected Versions pandas versions 1.0.0 through 1.0.3 Description The issue allows untrusted files passed to the read pickle function to potentially unserialize and execute commands, specifically if reduce makes an os.system call. It is noted that the read pick...

9.8CVSS9.4AI score0.03387EPSS
Exploits1References15
Rows per page
Query Builder