Lucene search
K

8 matches found

NVD
NVD
added 2026/06/22 10:16 p.m.9 views

CVE-2025-71344

picklescan before 0.0.30 affected versions 0.0.26 and earlier fails to detect the ensurepip.runpip built-in function when scanning pickle files, allowing attackers to execute arbitrary code. Malicious pickle files embedding ensurepip.runpip calls in reduce methods bypass picklescan detection and...

8.1CVSS0.00367EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 9:4 p.m.7 views

EUVD-2025-210302

picklescan before 0.0.30 affected versions 0.0.26 and earlier fails to detect the ensurepip.runpip built-in function when scanning pickle files, allowing attackers to execute arbitrary code. Malicious pickle files embedding ensurepip.runpip calls in reduce methods bypass picklescan detection and...

8.1CVSS6.8AI score0.00367EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:4 p.m.10 views

CVE-2025-71344

CVE-2025-71344 affects picklescan prior to 0.0.30 (vulnerable: 0.0.26 and earlier). Malicious pickle files that embed ensurepip._run_pip calls in reduce can bypass detection and enable remote code execution when pickle.load() is used. No exploitation details are provided beyond this description.

8.1CVSS6.8AI score0.00367EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.21 views

CVE-2025-71344 picklescan - Arbitrary Code Execution via Undetected ensurepip._run_pip Function

picklescan before 0.0.30 affected versions 0.0.26 and earlier fails to detect the ensurepip.runpip built-in function when scanning pickle files, allowing attackers to execute arbitrary code. Malicious pickle files embedding ensurepip.runpip calls in reduce methods bypass picklescan detection and...

8.1CVSS0.00367EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-29528

Malicious code in bioql PyPI...

6.6AI score
Exploits0References3
OSV
OSV
added 2025/08/26 9:34 p.m.6 views

GHSA-XP4F-HRF8-RXW7 Picklescan is missing detection when calling built-in python ensurepip._run_pip

Summary Using ensurepip.runpip function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to ensurepip.runpip function in reduce method Then when the victim after...

8.1CVSS7.9AI score0.00367EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.10 views

PT-2026-51384

Name of the Vulnerable Software and Affected Versions picklescan versions 0.0.26 and earlier Description The software fails to detect the ensurepip. run pip built-in function when scanning pickle files. Attackers can craft malicious pickle files by embedding calls to ensurepip. run pip within...

8.1CVSS6AI score0.00367EPSS
Exploits0References11
OPENSUSE Linux
OPENSUSE Linux
added 2021/12/16 12:0 a.m.58 views

Security update for python3 (moderate)

openSUSE Security Update: Security update for python3 Announcement ID: openSUSE-SU-2021:4104-1 Rating: moderate References: 1180125 1183374 1183858 1185588 1187668 1189241 1189287 Cross-References: CVE-2021-3426 CVE-2021-3733 CVE-2021-3737 CVSS scores: CVE-2021-3426 NVD : 5.7...

6.5CVSS6.7AI score0.11586EPSS
Exploits2References7
Rows per page
Query Builder