Lucene search
K

9 matches found

CVE
CVE
added 2026/06/30 10:8 p.m.11 views

CVE-2025-71355

CVE-2025-71355 : Picklescan prior to 0.0.25 fails to detect unsafe global functions in the Numpy library, enabling an attacker to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing._private.utils.runstring withi...

7.6CVSS6.1AI score0.00552EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-0029

Malware in sbrugna...

7.8CVSS7.6AI score0.02391EPSS
Exploits1References6
Snyk
Snyk
added 2025/08/22 4:56 p.m.1 views

Remote Code Execution (RCE)

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution RCE due to using the torch.dynamo.guards.GuardBuilder.get function. An attacker can execute arbitrary code by crafting a...

6.7CVSS8.2AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2022/05/20 11:34 p.m.19 views

CVE-2018-7889

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...

7.8CVSS7.9AI score0.04665EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2018/10/29 7:5 p.m.24 views

conference-scheduler-cli Arbitrary Code Execution

In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...

7.8CVSS7.9AI score0.02391EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2018/08/28 7:29 p.m.16 views

Design/Logic Flaw

In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...

6.8CVSS7.9AI score0.02391EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/08/28 7:0 p.m.52 views

CVE-2018-14572

In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...

7.8AI score0.02391EPSS
Exploits1References2
CNVD
CNVD
added 2018/03/09 12:0 a.m.3 views

Calibre Arbitrary Code Execution Vulnerability

Calibre is a free and open source e-book management software. The software provides functions such as formatting books and categorizing and organizing e-books. A security vulnerability exists in the gui2/viewer/bookmarkmanager.py file in Calibre version 3.18. The vulnerability can be exploited by...

7.8CVSS7.8AI score0.04665EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2018/03/08 9:29 p.m.19 views

CVE-2018-7889

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...

7.8CVSS7.3AI score0.04665EPSS
Exploits1References3
Rows per page
Query Builder