9 matches found
CVE-2025-71355
CVE-2025-71355 : Picklescan prior to 0.0.25 fails to detect unsafe global functions in the Numpy library, enabling an attacker to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing._private.utils.runstring withi...
EUVD-2018-0029
Malware in sbrugna...
Remote Code Execution (RCE)
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution RCE due to using the torch.dynamo.guards.GuardBuilder.get function. An attacker can execute arbitrary code by crafting a...
CVE-2018-7889
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
conference-scheduler-cli Arbitrary Code Execution
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
Design/Logic Flaw
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
CVE-2018-14572
In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
Calibre Arbitrary Code Execution Vulnerability
Calibre is a free and open source e-book management software. The software provides functions such as formatting books and categorizing and organizing e-books. A security vulnerability exists in the gui2/viewer/bookmarkmanager.py file in Calibre version 3.18. The vulnerability can be exploited by...
CVE-2018-7889
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...