Lucene search
K

23 matches found

Cvelist
Cvelist
added 6 days ago21 views

CVE-2025-71363 picklescan - Arbitrary Code Execution via Undetected cProfile.run in Pickle Deserialization

picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with cProfile.run payloads that bypass picklescan detection and achieve code execution upon deserializatio...

8.1CVSS0.00585EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-54009

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.30 Description The software fails to detect cProfile.run function calls within pickle reduce methods. This allows remote attackers to craft malicious pickle files containing cProfile.run payloads that bypass...

8.1CVSS6.6AI score0.00585EPSS
Exploits0References5
NVD
NVD
added 2026/06/21 2:16 p.m.11 views

CVE-2025-71378

picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load...

8.1CVSS0.00338EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.7 views

CVE-2025-71378

picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load...

8.1CVSS6.4AI score0.00338EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/21 1:26 p.m.5 views

EUVD-2025-210294

picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load...

8.1CVSS6.4AI score0.00338EPSS
Exploits1References2
Veracode
Veracode
added 2026/01/20 11:25 a.m.5 views

Improper Handling Of Unsafe Deserialization

fickling is vulnerable to improper handling of unsafe deserialization. The vulnerability is due to Fickling not treating Python’s cProfile module as unsafe, which results in malicious pickles using cProfile.run being misclassified as SUSPICIOUS instead of OVERTLYMALICIOUS, allowing an attacker to...

9.3CVSS6AI score0.0044EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.4 views

CVE-2026-22607

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...

9.3CVSS7.1AI score0.0044EPSS
Exploits1References1
NVD
NVD
added 2026/01/10 2:15 a.m.3 views

CVE-2026-22607

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...

9.3CVSS0.0044EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/10 1:35 a.m.26 views

CVE-2026-22607 Fickling Blocklist Bypass: cProfile.run()

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...

9.3CVSS0.0044EPSS
Exploits1References3
OSV
OSV
added 2026/01/10 1:35 a.m.4 views

CVE-2026-22607 Fickling Blocklist Bypass: cProfile.run()

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...

9.3CVSS7AI score0.0044EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.4 views

PT-2026-2227

Name of the Vulnerable Software and Affected Versions Fickling versions up to and including 0.1.6 Description Fickling, a Python pickling decompiler and static analyzer, incorrectly classifies pickles utilizing the cProfile.run function as SUSPICIOUS instead of OVERTLY MALICIOUS. This...

9.3CVSS7.1AI score0.0044EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.6 views

Fickling 代码问题漏洞

Fickling is an open source decompiler and static analyzer for Python by Trail of Bits. A code issue vulnerability exists in Fickling version 0.1.6 and earlier, which stems from failing to mark the cProfile module as insecure, which could lead to the execution of attacker-controlled code...

9.3CVSS6.8AI score0.0044EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/01/09 9:4 p.m.9 views

Fickling Blocklist Bypass: cProfile.run()

Fickling's assessment cProfile was added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/dc8ae12966edee27a78fe05c5745171a2b138d43. Original report Description Summary Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because ...

9.3CVSS8.2AI score0.0044EPSS
Exploits1References11Affected Software1
OSV
OSV
added 2026/01/09 9:4 p.m.3 views

GHSA-P523-JQ9W-64X9 Fickling Blocklist Bypass: cProfile.run()

Fickling's assessment cProfile was added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/dc8ae12966edee27a78fe05c5745171a2b138d43. Original report Description Summary Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because ...

9.3CVSS6.4AI score0.0044EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-29468

Malicious code in bioql PyPI...

6.6AI score
Exploits0References3
Veracode
Veracode
added 2025/09/24 5:33 a.m.6 views

Remote Code Execution (RCE)

cProfile is vulnerable to Remote Code Execution RCE.The vulnerability is due to unsafe deserialization/execution because cProfile.runctx can be abused to execute code from untrusted pickle files passed into its execution context...

8AI score
Exploits0
OSV
OSV
added 2025/08/26 9:39 p.m.2 views

GHSA-49GJ-C84Q-6QM9 Picklescan is missing detection when calling built-in python cProfile.run

Summary Using cProfile.run function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.run function in reduce method Then when the victim after checkin...

7.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/08/26 9:38 p.m.5 views

Picklescan is missing detection when calling built-in python cProfile.runctx

Summary Using cProfile.runctx function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.runctx function in reduce method Then when the victim after...

7.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/26 9:38 p.m.5 views

GHSA-9W88-8RMG-7G2P Picklescan is missing detection when calling built-in python cProfile.runctx

Summary Using cProfile.runctx function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.runctx function in reduce method Then when the victim after...

8.1CVSS7.9AI score0.00338EPSS
Exploits1References3
OSV
OSV
added 2025/08/22 4:56 p.m.0 views

GHSA-4R9R-CH6F-VXMX Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile

Summary Using torch.utils.bottleneck.main.runcprofile function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.utils.bottleneck.main.runcprofile function in...

7.9AI score
Exploits0References5
Rows per page
Query Builder