Lucene search
+L

7 matches found

cve
cve
added 2026/07/04 1:23 a.m.19 views

CVE-2025-71369

CVE-2025-71369 affects the Python utility picklescan (versions prior to 0.0.28). The vulnerability arises when pickle files leverage torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, enabling bypass of safety checks and allowing remote code execution during deserialization...

8.1CVSS6.3AI score0.00445EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/04 1:23 a.m.10 views

CVE-2025-71369

picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote attackers can embed undetected malicious code in pickle files that executes during deserialization,...

8.1CVSS6.3AI score0.00445EPSS
Exploits0References3
cvelist
cvelist
added 2026/07/04 1:23 a.m.40 views

CVE-2025-71369 picklescan - Unsafe Deserialization via torch.utils.data.datapipes.utils.decoder.basichandlers

picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote attackers can embed undetected malicious code in pickle files that executes during deserialization,...

8.1CVSS0.00445EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29488

Malicious code in bioql PyPI...

6.6AI score
Exploits0References5
snyk
snyk
added 2025/08/22 4:57 p.m.2 views

Remote Code Execution (RCE)

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution RCE due to using torch.utils.data.datapipes.utils.decoder.basichandlers function. An attacker can execute arbitrary code ...

6.7CVSS8.2AI score
Exploits0References2
osv
osv
added 2025/08/22 4:57 p.m.2 views

GHSA-H3QP-7FH3-F8H4 Picklescan missing detection when calling pytorch function torch.utils.data.datapipes.utils.decoder.basichandlers

Summary Using torch.utils.data.datapipes.utils.decoder.basichandlers function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

8.1CVSS7.9AI score0.00445EPSS
Exploits0References5
github
github
added 2025/08/22 4:57 p.m.6 views

Picklescan missing detection when calling pytorch function torch.utils.data.datapipes.utils.decoder.basichandlers

Summary Using torch.utils.data.datapipes.utils.decoder.basichandlers function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

7.9AI score
Exploits0References5Affected Software1
Rows per page
Query Builder