Lucene search
K

37 matches found

NVD
NVD
added 2026/06/17 5:16 p.m.8 views

CVE-2025-71322

PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan...

8.8CVSS0.00384EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 3:4 p.m.16 views

CVE-2025-71322 PickleScan - Unsafe Globals Check Bypass via pty.spawn Function

PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan...

8.8CVSS0.00384EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 3:4 p.m.7 views

EUVD-2025-210269

PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan...

8.8CVSS6AI score0.00384EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 3:4 p.m.7 views

CVE-2025-71322

CVE-2025-71322 affects PickleScan prior to 0.0.33, where the unsafe-globals check omits pty.spawn. Attackers can craft pickle payloads using pty.spawn to bypass checks and achieve arbitrary code execution during file processing. The connected records confirm the root cause (missing pty.spawn in u...

8.8CVSS6.1AI score0.00384EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/03 8:4 p.m.1 views

Permissive List of Allowed Inputs

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Permissive List of Allowed Inputs in the unsafeglobals function that does not block pkgutil.resolvename Python stdlib function. An attacker can...

10CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 2026/03/03 8:3 p.m.15 views

Incomplete List of Disallowed Inputs

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the unsafeglobals function. An attacker can execute arbitrary code by crafting a malicious pickle that...

10CVSS6.4AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/12/29 3:26 p.m.3 views

Picklescan Bypasses Unsafe Globals Check using pty.spawn

Summary The vulnerability allows malicious actors to bypass PickleScan's unsafe globals check, leading to potential arbitrary code execution. The issue stems from the absence of the pty library more specifically, of the pty.spawn function from PickleScan's list of unsafe globals. This vulnerabili...

8.8CVSS8.3AI score0.00384EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2025/12/29 3:26 p.m.3 views

EUVD-2025-205588

Picklescan Bypasses Unsafe Globals Check using pty.spawn...

6.4AI score
Exploits0References5
OSV
OSV
added 2025/12/29 3:26 p.m.1 views

GHSA-HGRH-QX5J-JFWX Picklescan Bypasses Unsafe Globals Check using pty.spawn

Summary The vulnerability allows malicious actors to bypass PickleScan's unsafe globals check, leading to potential arbitrary code execution. The issue stems from the absence of the pty library more specifically, of the pty.spawn function from PickleScan's list of unsafe globals. This vulnerabili...

8.8CVSS8.2AI score0.00384EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.11 views

PT-2026-50453

Name of the Vulnerable Software and Affected Versions PickleScan versions prior to 0.0.33 Description PickleScan fails to include the pty.spawn function in its list of unsafe globals, which allows attackers to bypass security checks. By crafting malicious pickle payloads using the pty.spawn...

8.8CVSS6.5AI score0.00384EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/12/16 12:25 a.m.5 views

CVE-2025-66434

An SSTI Server-Side Template Injection vulnerability exists in the getdunninglettertext method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates bodytext using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

8.8CVSS7.5AI score0.00507EPSS
Exploits1References1
CVE
CVE
added 2025/12/15 12:0 a.m.15 views

CVE-2025-66438

CVE-2025-66438 describes a Server-Side Template Injection in Frappe ERPNext up to version 15.89.0, exploiting the Print Format rendering workflow. An authenticated attacker with permissions to create/modify a Print Format can inject arbitrary Jinja expressions into the html field. Saving the mali...

9.8CVSS6.1AI score0.00429EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2025-29711

Malicious code in bioql PyPI...

9.3CVSS6.3AI score0.00761EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-11963

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00189EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/09/19 12:31 p.m.9 views

CVE-2025-10157

A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via...

9.3CVSS6.7AI score0.00761EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/09/17 12:30 p.m.10 views

Duplicate Advisory: Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f7qq-56ww-84cr. This link is maintained to preserve external references. Original Description A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a...

9.3CVSS6.9AI score0.00761EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/09/17 12:30 p.m.2 views

GHSA-HF6H-9WQ7-HMJG Duplicate Advisory: Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f7qq-56ww-84cr. This link is maintained to preserve external references. Original Description A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a...

9.3CVSS6.9AI score0.00761EPSS
Exploits1References4
NVD
NVD
added 2025/09/17 12:15 p.m.19 views

CVE-2025-10157

A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via...

9.3CVSS0.00761EPSS
Exploits1References3
OSV
OSV
added 2025/09/17 12:15 p.m.7 views

PYSEC-2025-153

A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via...

7.8CVSS5.9AI score0.00761EPSS
Exploits1References3
PyPA
PyPA
added 2025/09/17 12:15 p.m.10 views

PYSEC-2025-153

A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via...

9.3CVSS7.5AI score0.00761EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder