Lucene search
K

46 matches found

NVD
NVD
added 5 days ago5 views

CVE-2025-71374

picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when used in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files that bypass picklescan detection and achieve code execution upon...

8.1CVSS0.00638EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.6 views

CVE-2025-71354

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. Attackers can craft pickle files with embedded code that bypasses picklescan detection and executes arbitrary commands when pickle.load is called...

8.1CVSS6.1AI score0.00253EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 5:17 p.m.12 views

CVE-2026-53875

picklescan before 1.0.3 contains a scanning bypass vulnerability in the scanpytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the reduce trick. Attackers can craft malicious PyTorch payloads that evade picklescan detection while remaining executable,...

7.1CVSS0.00434EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/03/12 12:0 a.m.3 views

Microsoft Windows Active Setup Persistence Module

This Metasploit module leverages the Windows Active Setup mechanism to establish persistence while integrating multiple evasion and stealth techniques designed to reduce forensic visibility and bypass detection mechanisms...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/01 5:31 p.m.183 views

Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft

🏛️CTT -Microsoft Office OLE Manifold BYPASS CVE-2026-21509 Stan...

7.8CVSS7.5AI score0.72152EPSS
Exploits12
EUVD
EUVD
added 2026/01/10 1:35 a.m.5 views

EUVD-2026-1686

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools like picklescan do not block pydoc.locate. Chaining these two together can achieve RCE while the scanner still...

9.3CVSS6.4AI score0.00346EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.5 views

PT-2025-52338

Name of the Vulnerable Software and Affected Versions BullWall Ransomware Containment versions 4.6.0.0 through 4.6.1.4 Description BullWall Ransomware Containment does not fully inspect files to identify ransomware. An attacker with valid credentials can bypass detection by encrypting a file whil...

7.1CVSS6.6AI score0.00196EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.5 views

PT-2025-52339

Name of the Vulnerable Software and Affected Versions BullWall Ransomware Containment versions 4.6.0.0 through 4.6.1.4 Description BullWall Ransomware Containment does not monitor certain file paths, such as $recycle.bin. An attacker with file write permissions could bypass detection by renaming ...

8.8CVSS6.6AI score0.00326EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2008-5520

Malware in sbrugna...

9.3CVSS6.4AI score0.02951EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-3220

Malware in sbrugna...

5.1CVSS6.4AI score0.01723EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2008-5512

Malware in sbrugna...

9.3CVSS6.4AI score0.02902EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2012-1463

Malware in sbrugna...

4.3CVSS6.4AI score0.77942EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-5523

Malware in sbrugna...

9.3CVSS6.4AI score0.01905EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2025/09/08 12:0 a.m.4 views

Breaking SafetyCore: Exploring the Risks of On-Device AI Deployment

Due to hardware and software improvements, an increasing number of AI models are deployed on-device. This shift enhances privacy and reduces latency, but also introduces security risks distinct from traditional software. In this article, we examine these risks through the real-world case study of...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/09/02 1:30 a.m.7 views

aide: improper output neutralization enables bypassing

A flaw was found in AIDE. This flaw allows an attacker to craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and tamper with the log output. A local user may exploit this to bypass AIDE's detection of malicious files...

6.2CVSS7.3AI score0.0021EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.9 views

PT-2026-51384

Name of the Vulnerable Software and Affected Versions picklescan versions 0.0.26 and earlier Description The software fails to detect the ensurepip. run pip built-in function when scanning pickle files. Attackers can craft malicious pickle files by embedding calls to ensurepip. run pip within...

8.1CVSS6AI score0.00367EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/08/25 11:24 a.m.8 views

aide: improper output neutralization enables bypassing

A flaw was found in AIDE. This flaw allows an attacker to craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and tamper with the log output. A local user may exploit this to bypass AIDE's detection of malicious files...

6.2CVSS7.3AI score0.0021EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/08/14 3:53 p.m.4 views

CVE-2025-54389 AIDE improper output neutralization vulnerability

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

6.2CVSS6.9AI score0.0021EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2022-39957

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional charset...

7.5CVSS7.1AI score0.00771EPSS
Exploits0References3
OSV
OSV
added 2024/10/22 7:15 p.m.6 views

CVE-2024-45335

Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection...

5.5CVSS5.8AI score0.00171EPSS
Exploits0References1
Rows per page
Query Builder