Lucene search
+L

5 matches found

cvelist
cvelist
added 2026/06/30 10:8 p.m.25 views

CVE-2025-71363 picklescan - Arbitrary Code Execution via Undetected cProfile.run in Pickle Deserialization

picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with cProfile.run payloads that bypass picklescan detection and achieve code execution upon deserializatio...

8.1CVSS0.00585EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.11 views

PT-2026-54009

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.30 Description The software fails to detect cProfile.run function calls within pickle reduce methods. This allows remote attackers to craft malicious pickle files containing cProfile.run payloads that bypass...

8.1CVSS6.6AI score0.00585EPSS
Exploits0References5
cvelist
cvelist
added 2026/01/10 1:35 a.m.28 views

CVE-2026-22607 Fickling Blocklist Bypass: cProfile.run()

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...

9.3CVSS0.0044EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2026/01/09 12:0 a.m.5 views

PT-2026-2227

Name of the Vulnerable Software and Affected Versions Fickling versions up to and including 0.1.6 Description Fickling, a Python pickling decompiler and static analyzer, incorrectly classifies pickles utilizing the cProfile.run function as SUSPICIOUS instead of OVERTLY MALICIOUS. This...

9.3CVSS7.1AI score0.0044EPSS
Exploits1References23
osv
osv
added 2025/08/26 9:39 p.m.2 views

GHSA-49GJ-C84Q-6QM9 Picklescan is missing detection when calling built-in python cProfile.run

Summary Using cProfile.run function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.run function in reduce method Then when the victim after checkin...

8.1CVSS7.9AI score0.00585EPSS
Exploits0References3
Rows per page
Query Builder