35423 matches found
CVE-2025-71344
CVE-2025-71344 affects picklescan prior to 0.0.30 (vulnerable: 0.0.26 and earlier). Malicious pickle files that embed ensurepip._run_pip calls in reduce can bypass detection and enable remote code execution when pickle.load() is used. No exploitation details are provided beyond this description.
Cloud-native Security for your Windows environment: Announcing the Wiz Runtime Sensor for Windows
Secure your Windows fleet without sacrificing performance. Wiz pairs real-time threat detection with a memory-safe architecture that scales efficiently to protect your essential cloud infrastructure...
CVE-2026-55202
A flaw was found in Tinyproxy. This vulnerability allows unauthenticated remote attackers to gain unauthorized access to internal proxy statistics or misroute requests. This is possible due to improper validation of the Host header during stathost detection, which can be exploited by injecting a...
On-Premises API Security on Kubernetes: What It Actually Looks Like in Practice
Let’s Talk About Where Your APIs Actually Run Quick answer: On-premises API security keeps API discovery, detection, and enforcement inside your own perimeter instead of a third-party cloud—the model regulated industries need. Deploying it natively on Kubernetes sidecar sensors → a discovery...
kernel: wifi: mac80211: use safe list iteration in radar detect work
A flaw was found in the Linux kernel's mac80211 wireless subsystem. This vulnerability arises from unsafe list iteration during radar detection work, where a channel context can be freed while still being processed. This can lead to a use-after-free memory error. A successful exploit could result...
kernel: wifi: mac80211: use safe list iteration in radar detect work
A flaw was found in the Linux kernel's mac80211 wireless subsystem. This vulnerability arises from unsafe list iteration during radar detection work, where a channel context can be freed while still being processed. This can lead to a use-after-free memory error. A successful exploit could result...
CVE-2025-71378
picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load...
CVE-2025-71378 picklescan - Remote Code Execution via Undetected cProfile.runctx in Pickle Files
picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load...
CVE-2025-71378
picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load...
CVE-2025-71378
The CVE-2025-71378 entry concerns picklescan before 0.0.30 failing to detect cProfile.runctx calls in pickle file reduce methods. This allows a attacker-supplied, malicious pickle file to execute arbitrary code when loaded via pickle.load(), i.e., a remote code execution scenario. The issue is de...
CVE-2025-71357
CVE-2025-71357 affects the Python package picklescan older than 0.0.30. The vulnerability arises from using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods, allowing attackers to embed code in pickle files that can execute remote commands when loaded by a victim. The connected so...
CVE-2025-71351
CVE-2025-71351 affects picklescan prior to version 0.0.25. The vulnerability arises because timeit.timeit() calls used in the reduce method are not detected by the tool, allowing crafted pickle payloads to bypass detection and trigger remote code execution when pickle.load() is performed. Attacke...
CVE-2025-71348
picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils.configmodule.loadconfig function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but executes during pickle.load, enabling remote code execution in supply...
Malicious code in d0rk3r (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cbc673402f814b065eadc8be2641d761d482c30722fdd8e6b1b7522fde2f478 d0rk3r 1.0.5 is advertised as a Shodan IP scraper with proxy rotation, but the sdist ships no Python source — only LICENSE, README, pyproject.toml,...
Malicious code in d0rk3r-telemetry (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da4542d225ef144ecc5df2f578104ffc12659196c57b2214ecb54f60620601c6 On import d0rk3rtelemetry, the package spawns a background thread that reads installer-owned secrets and POSTs them to an attacker-controlled endpoin...
MAL-2026-6244 Malicious code in d0rk3r-telemetry (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da4542d225ef144ecc5df2f578104ffc12659196c57b2214ecb54f60620601c6 On import d0rk3rtelemetry, the package spawns a background thread that reads installer-owned secrets and POSTs them to an attacker-controlled endpoin...
MAL-2026-6245 Malicious code in request-cache-py (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eafb96e46544cb1351d26caf52bff79055bc205a1f8454737b677fff8fbc6fea request-cache-py impersonates the legitimate requests-cache HTTP caching library. On import requestcachepy, the package's init.py starts a background...
Malicious code in request-cache-py (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eafb96e46544cb1351d26caf52bff79055bc205a1f8454737b677fff8fbc6fea request-cache-py impersonates the legitimate requests-cache HTTP caching library. On import requestcachepy, the package's init.py starts a background...
kernel: wifi: mac80211: use safe list iteration in radar detect work
A flaw was found in the Linux kernel's mac80211 wireless subsystem. This vulnerability arises from unsafe list iteration during radar detection work, where a channel context can be freed while still being processed. This can lead to a use-after-free memory error. A successful exploit could result...
CVE-2026-49337
creationtimestamp| type| source ---|---|--- 2026-06-19 21:57:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moodjnby4t2q...