Lucene search
K

14 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.5 views

CVE-2025-71353

picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch.dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded...

8.1CVSS6.1AI score0.003EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 10:8 p.m.14 views

CVE-2025-71368

Summary: CVE-2025-71368 affects picklescan prior to 0.0.30, which fails to detect the doctest.debug_script function when analyzing pickle files. This allows remote attackers to craft malicious pickle payloads embedding doctest.debug_script that bypass picklescan detection and trigger arbitrary co...

8.1CVSS6.1AI score0.00769EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 p.m.9 views

CVE-2025-71339

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.evallength gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded by victims who trust Picklescan's safety validation...

8.1CVSS0.00301EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/21 12:0 a.m.30 views

Blind Spots in the Guard: How Domain-Camouflaged Injection Attacks Evade Detection in Multi-Agent LLM Systems

Injection detectors deployed to protect LLM agents are calibrated on static, template-based payloads that announce themselves as override directives. We identify a systematic blind spot: when payloads are generated to mimic the domain vocabulary and authority structures of the target document, wh...

5.8AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-29506

Malicious code in bioql PyPI...

6.6AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/08/26 9:40 p.m.9 views

Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start

Summary Using asyncio.unixevents.UnixSubprocessTransport.start function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

7.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/26 9:39 p.m.8 views

Picklescan is missing detection when calling built-in python cProfile.run

Summary Using cProfile.run function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.run function in reduce method Then when the victim after checkin...

7.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/26 9:38 p.m.5 views

GHSA-9W88-8RMG-7G2P Picklescan is missing detection when calling built-in python cProfile.runctx

Summary Using cProfile.runctx function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.runctx function in reduce method Then when the victim after...

8.1CVSS7.9AI score0.00338EPSS
Exploits1References3
OSV
OSV
added 2025/08/26 9:34 p.m.7 views

GHSA-XP4F-HRF8-RXW7 Picklescan is missing detection when calling built-in python ensurepip._run_pip

Summary Using ensurepip.runpip function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to ensurepip.runpip function in reduce method Then when the victim after...

8.1CVSS7.9AI score0.00367EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/08/26 9:34 p.m.11 views

Picklescan is missing detection when calling built-in python ensurepip._run_pip

Summary Using ensurepip.runpip function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to ensurepip.runpip function in reduce method Then when the victim after...

8.1CVSS7.9AI score0.00367EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/26 6:39 p.m.12 views

Picklescan has a missing detection when calling built-in python library idlelib.calltip.get_entity

Summary Using idlelib.calltip.getentity function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.calltip.getentity function in reduce method Then whe...

7.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/26 6:37 p.m.8 views

Picklescan has a missing detection when calling built-in python code.InteractiveInterpreter

Summary Using code.InteractiveInterpreter.runcode, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to code.InteractiveInterpreter.runcode function in reduce meth...

7.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/26 6:37 p.m.6 views

Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.fetch_completions

Summary Using idlelib.autocomplete.AutoComplete.fetchcompletions, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

7.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/26 6:35 p.m.4 views

GHSA-X696-VM39-CP64 Picklescan has a missing detection when calling built-in python profile.Profile.run

Summary Using profile.Profile.run, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to profile.Profile.run function in reduce method Then when the victim after...

8.1CVSS7.9AI score0.00638EPSS
Exploits0References3
Rows per page
Query Builder