18 matches found
Improper Handling Of Unsafe Deserialization
fickling is vulnerable to improper handling of unsafe deserialization. The vulnerability is due to Fickling not treating Python’s cProfile module as unsafe, which results in malicious pickles using cProfile.run being misclassified as SUSPICIOUS instead of OVERTLYMALICIOUS, allowing an attacker to...
CVE-2026-22607
Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...
CVE-2026-22607
Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...
CVE-2026-22607 Fickling Blocklist Bypass: cProfile.run()
Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...
CVE-2026-22607 Fickling Blocklist Bypass: cProfile.run()
Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...
PT-2026-2227
Name of the Vulnerable Software and Affected Versions Fickling versions up to and including 0.1.6 Description Fickling, a Python pickling decompiler and static analyzer, incorrectly classifies pickles utilizing the cProfile.run function as SUSPICIOUS instead of OVERTLY MALICIOUS. This...
Fickling 代码问题漏洞
Fickling is an open source decompiler and static analyzer for Python by Trail of Bits. A code issue vulnerability exists in Fickling version 0.1.6 and earlier, which stems from failing to mark the cProfile module as insecure, which could lead to the execution of attacker-controlled code...
GHSA-P523-JQ9W-64X9 Fickling Blocklist Bypass: cProfile.run()
Fickling's assessment cProfile was added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/dc8ae12966edee27a78fe05c5745171a2b138d43. Original report Description Summary Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because ...
Fickling Blocklist Bypass: cProfile.run()
Fickling's assessment cProfile was added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/dc8ae12966edee27a78fe05c5745171a2b138d43. Original report Description Summary Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because ...
EUVD-2025-29468
Malicious code in bioql PyPI...
Remote Code Execution (RCE)
cProfile is vulnerable to Remote Code Execution RCE.The vulnerability is due to unsafe deserialization/execution because cProfile.runctx can be abused to execute code from untrusted pickle files passed into its execution context...
GHSA-49GJ-C84Q-6QM9 Picklescan is missing detection when calling built-in python cProfile.run
Summary Using cProfile.run function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.run function in reduce method Then when the victim after checkin...
GHSA-9W88-8RMG-7G2P Picklescan is missing detection when calling built-in python cProfile.runctx
Summary Using cProfile.runctx function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.runctx function in reduce method Then when the victim after...
Picklescan is missing detection when calling built-in python cProfile.runctx
Summary Using cProfile.runctx function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.runctx function in reduce method Then when the victim after...
Remote Code Execution (RCE)
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution RCE via the bottleneckmain.runcprofile function. An attacker can craft a malicious pickle file that leverages this functi...
GHSA-4R9R-CH6F-VXMX Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile
Summary Using torch.utils.bottleneck.main.runcprofile function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.utils.bottleneck.main.runcprofile function in...
Zabbix SQL injection vulnerability analysis and solution-vulnerability warning-the black bar safety net
Vulnerability scope Where the use Zabbix2. 2. x, 3.0. x website in 3. 0. 4 version have repair may cause the sensitive data leakage, server by a malicious attacker to control and cause more harm. Zabbix description zabbix is a WEB-based interface to provide distributed system monitoring and netwo...
Moderate: Red Hat Security Advisory: python security, bug fix, and enhancement update
Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which gi...