3 matches found
EUVD-2025-210306
picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded...
CVE-2025-71365
The CVE affects picklescan (before 0.0.33) where the detector fails to catch malicious pickle payloads that invoke numpy.f2py.crackfortran.myeval via the reduce method, allowing arbitrary code execution when loaded. Root cause: detection bypass in pickle loading path. Impact: remote code executio...
EUVD-2025-205638
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval...