Lucene search
K

9 matches found

EUVD
EUVD
added 2026/07/01 12:34 a.m.5 views

EUVD-2025-210387

picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and...

8.1CVSS6.1AI score0.00637EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:16 p.m.4 views

CVE-2025-71352

picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and...

8.1CVSS0.00637EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:8 p.m.13 views

CVE-2025-71352

The CVE-2025-71352 entry affects the Python-based tool picklescan (pre-0.0.29). The issue: picklescan fails to detect the built-in Python function trace.Trace.runctx when it is used inside pickle file reduce methods, enabling remote attackers to craft malicious pickle files that bypass detection ...

8.1CVSS6.1AI score0.00637EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.24 views

CVE-2025-71352 picklescan - Remote Code Execution via Undetected trace.Trace.runctx in Pickle Files

picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and...

8.1CVSS0.00637EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.16 views

PT-2026-54007

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.29 Description The software fails to detect the built-in Python trace.Trace.runctx function when it is used within pickle file reduce methods. This allows remote attackers to craft malicious pickle files...

8.1CVSS6.2AI score0.00637EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-29482

Malicious code in bioql PyPI...

6.6AI score
Exploits0References3
Veracode
Veracode
added 2025/09/25 10:5 a.m.5 views

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization/execution because trace.Trace.runctx can be used to execute code from untrusted pickle or otherwise crafted inputs in the interpreter context, allowing arbitrary code execution...

8.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/08/26 6:35 p.m.8 views

Picklescan has a missing detection when calling built-in python trace.Trace.runctx

Summary Using trace.Trace.runctx, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to trace.Trace.runctx function in reduce method Then when the victim after...

7.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/26 6:35 p.m.4 views

GHSA-G344-HCPH-8VGG Picklescan has a missing detection when calling built-in python trace.Trace.runctx

Summary Using trace.Trace.runctx, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to trace.Trace.runctx function in reduce method Then when the victim after...

8.1CVSS7.9AI score0.00637EPSS
Exploits0References3
Rows per page
Query Builder