Lucene search
+L

59 matches found

nvd
nvd
added 2026/07/04 2:16 a.m.11 views

CVE-2025-71375

picklescan before 0.0.34 fails to detect the operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load...

8.1CVSS0.00365EPSS
Exploits0References2
cve
cve
added 2026/07/04 1:23 a.m.25 views

CVE-2025-71364

CVE-2025-71364 affects picklescan prior to 0.0.30, which fails to detect the builtin function asyncio.unix_events._UnixSubprocessTransport._start inside pickle reduce methods. This allows an attacker to craft malicious pickle payloads that evade detection and execute arbitrary commands upon loadi...

8.1CVSS6.5AI score0.00555EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/04 1:23 a.m.38 views

CVE-2025-71360 picklescan - Remote Code Execution via Undetected idlelib.calltip.get_entity

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS0.003EPSS
Exploits0References2
cve
cve
added 2026/07/04 1:23 a.m.19 views

CVE-2025-71360

The CVE-2025-71360 entry concerns picklescan prior to 0.0.29, where the tool fails to detect malicious pickle payloads that rely on idlelib.calltip.get_entity within reduce methods. Impact: attackers could embed code in pickle files that executes remote commands when loaded by victims. The vulner...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
osv
osv
added 2026/07/04 1:23 a.m.5 views

CVE-2025-71342 picklescan - Undetected Remote Code Execution via idlelib.run.Executive.runcode

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks...

7.6CVSS6.6AI score0.00427EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/07/04 12:0 a.m.14 views

PT-2026-55670

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.28 Description The software fails to detect malicious pickle files that exploit the torch. dynamo.guards.GuardBuilder.get function within reduce methods. This allows attackers to craft pickle files containing...

8.1CVSS6.1AI score0.003EPSS
Exploits0References6
euvd
euvd
added 2026/07/01 12:34 a.m.8 views

EUVD-2025-210386

picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collectenv.run function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS5.9AI score0.00395EPSS
Exploits0References3
osv
osv
added 2026/06/30 10:8 p.m.4 views

CVE-2025-71350 picklescan - Undetected Remote Code Execution via torch.utils.collect_env.run

picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collectenv.run function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

7.6CVSS6.1AI score0.00395EPSS
Exploits0References4
nvd
nvd
added 2026/06/23 1:16 p.m.13 views

CVE-2025-71341

picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution whe...

8.1CVSS0.00466EPSS
Exploits0References2
euvd
euvd
added 2026/06/23 12:12 p.m.8 views

EUVD-2025-210305

picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution whe...

8.1CVSS6.5AI score0.00466EPSS
Exploits0References2
nvd
nvd
added 2026/06/22 10:16 p.m.10 views

CVE-2025-71358

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load...

8.1CVSS0.00248EPSS
Exploits0References2
cve
cve
added 2026/06/21 1:26 p.m.23 views

CVE-2025-71357

CVE-2025-71357 affects the Python package picklescan older than 0.0.30. The vulnerability arises from using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods, allowing attackers to embed code in pickle files that can execute remote commands when loaded by a victim. The connected so...

8.1CVSS6AI score0.00276EPSS
Exploits1References2Affected Software1
cnnvd
cnnvd
added 2026/05/13 12:0 a.m.12 views

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from or to a server. There is a security vulnerability in curl, which stems from a failure in OCSP binding detection. This failure may lead to an incorrect assumption that the server’s certificate is valid...

5.3CVSS5.8AI score0.00267EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the MCTP driver failing to release the USB device reference when detection fails, resulting in a...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/06 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the mux mmio driver failing to release the regmap when detection fails...

5.5CVSS5.8AI score0.00126EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/06 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the k3-socinfo driver failing to release the mmio regmap when detection fails, potentially leadin...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/04/24 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the wifi rtw88 driver failing to release the USB device reference when detection fails, resulting...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/04/13 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the acpiecsetup function not properly cleaning up the handler when detection fails, potentially...

7CVSS5.8AI score0.00111EPSS
Exploits0References6
redhatcve
redhatcve
added 2026/01/09 12:45 p.m.10 views

CVE-2005-1711

Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected...

7.5CVSS7.2AI score0.01047EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/12/05 12:0 a.m.7 views

PT-2025-49188

A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning...

5.1CVSS6.6AI score0.00115EPSS
Exploits0References2
Rows per page
Query Builder