12 matches found
CVE-2025-71339
Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.evallength gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded by victims who trust Picklescan's safety validation...
Blind Spots in the Guard: How Domain-Camouflaged Injection Attacks Evade Detection in Multi-Agent LLM Systems
Injection detectors deployed to protect LLM agents are calibrated on static, template-based payloads that announce themselves as override directives. We identify a systematic blind spot: when payloads are generated to mimic the domain vocabulary and authority structures of the target document, wh...
EUVD-2025-29506
Malicious code in bioql PyPI...
Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start
Summary Using asyncio.unixevents.UnixSubprocessTransport.start function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...
Picklescan is missing detection when calling built-in python cProfile.run
Summary Using cProfile.run function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.run function in reduce method Then when the victim after checkin...
GHSA-9W88-8RMG-7G2P Picklescan is missing detection when calling built-in python cProfile.runctx
Summary Using cProfile.runctx function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.runctx function in reduce method Then when the victim after...
GHSA-XP4F-HRF8-RXW7 Picklescan is missing detection when calling built-in python ensurepip._run_pip
Summary Using ensurepip.runpip function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to ensurepip.runpip function in reduce method Then when the victim after...
Picklescan is missing detection when calling built-in python ensurepip._run_pip
Summary Using ensurepip.runpip function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to ensurepip.runpip function in reduce method Then when the victim after...
Picklescan has a missing detection when calling built-in python library idlelib.calltip.get_entity
Summary Using idlelib.calltip.getentity function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.calltip.getentity function in reduce method Then whe...
Picklescan has a missing detection when calling built-in python code.InteractiveInterpreter
Summary Using code.InteractiveInterpreter.runcode, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to code.InteractiveInterpreter.runcode function in reduce meth...
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.fetch_completions
Summary Using idlelib.autocomplete.AutoComplete.fetchcompletions, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...
GHSA-X696-VM39-CP64 Picklescan has a missing detection when calling built-in python profile.Profile.run
Summary Using profile.Profile.run, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to profile.Profile.run function in reduce method Then when the victim after...