CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1085105 matches found

CVE-2025-71358 picklescan - Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entity

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load...

8.1CVSS0.00248EPSS

Exploits0References2

EUVD•added 4 days ago•4 views

EUVD-2025-210303

8.1CVSS6.1AI score0.00248EPSS

Exploits0References2

CVE•added 4 days ago•8 views

CVE-2025-71358

CVE-2025-71358 concerns the Python tool picklescan (pre-0.0.29) failing to detect malicious pickle payloads that exploit the function idlelib.autocomplete.AutoComplete.get_entity in reduce methods. When a crafted pickle is loaded with pickle.load(), arbitrary commands can execute, enabling remote...

8.1CVSS6.1AI score0.00248EPSS

Exploits0References2

Cvelist•added 4 days ago•18 views

CVE-2025-71344 picklescan - Arbitrary Code Execution via Undetected ensurepip._run_pip Function

picklescan before 0.0.30 affected versions 0.0.26 and earlier fails to detect the ensurepip.runpip built-in function when scanning pickle files, allowing attackers to execute arbitrary code. Malicious pickle files embedding ensurepip.runpip calls in reduce methods bypass picklescan detection and...

8.1CVSS0.00367EPSS

Exploits0References2

EUVD•added 4 days ago•5 views

EUVD-2025-210302

8.1CVSS6.8AI score0.00367EPSS

Exploits0References2

Cvelist•added 4 days ago•18 views

CVE-2025-71339 Picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran._eval_length Gadget

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.evallength gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded by victims who trust Picklescan's safety validation...

8.1CVSS0.00301EPSS

Exploits0References2

CVE•added 4 days ago•8 views

CVE-2025-71339

Affected software/component: Picklescan (versions prior to 0.0.33). Vulnerability/gadget: The numpy.f2py.crackfortran._eval_length gadget in pickle reduce methods can bypass safety validation, enabling arbitrary code execution when loading crafted pickle files. Impact (as stated): Arbitrary Pytho...

8.1CVSS6.2AI score0.00301EPSS

Exploits0References2

EUVD•added 4 days ago•6 views

EUVD-2025-210301

8.1CVSS6.2AI score0.00301EPSS

Exploits0References2

CVE•added 4 days ago•7 views

CVE-2025-71344

CVE-2025-71344 affects picklescan prior to 0.0.30 (vulnerable: 0.0.26 and earlier). Malicious pickle files that embed ensurepip._run_pip calls in reduce can bypass detection and enable remote code execution when pickle.load() is used. No exploitation details are provided beyond this description.

8.1CVSS6.8AI score0.00367EPSS

Exploits0References2

CVE•added 4 days ago•61 views

CVE-2026-45034

Summary: PhpSpreadsheet before 1.30.5 contains a bypass in File::prohibitWrappers that can be exploited via phar:// wrapper paths (e.g., phar:///path/file.phar/inner). When input contains three or more slashes after the scheme, parse_url can return false, skipping the check and allowing phar wrap...

9.2CVSS5.9AI score0.00351EPSS

Exploits1References1

Cvelist•added 4 days ago•23 views

CVE-2026-45034 PhpSpreadsheet: File::prohibitWrappers bypass

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.5, CVE-2026-34084 was patched by the helper File::prohibitWrappers. The helper calls parseurl$filename, PHPURLSCHEME and then checks isstring$scheme && strlen$scheme 1 to reject stream wrappers such as...

9.2CVSS0.00351EPSS

Exploits1References1