Lucene search
K

37 matches found

Snyk
Snyk
added 2026/07/04 3:11 a.m.6 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the numpy.f2py.crackfortran process. An attacker can execute arbitrary code by crafting malicious pickle...

8.1CVSS6.2AI score0.003EPSS
Exploits0References2
NVD
NVD
added 2026/07/04 2:16 a.m.10 views

CVE-2025-71362

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

8.1CVSS0.003EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.40 views

CVE-2025-71372 Picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran.getlincoef Gadget

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypassing Picklescan's safety checks and enabling...

8.1CVSS0.00379EPSS
Exploits0References2
OSV
OSV
added 2026/07/04 1:23 a.m.3 views

CVE-2025-71362 picklescan - Arbitrary Code Execution via Unsafe Deserialization in numpy.f2py.crackfortran

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

7.6CVSS6.1AI score0.003EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.31 views

CVE-2025-71362 picklescan - Arbitrary Code Execution via Unsafe Deserialization in numpy.f2py.crackfortran

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

8.1CVSS0.003EPSS
Exploits0References2
CVE
CVE
added 2026/07/04 1:23 a.m.14 views

CVE-2025-71362

The vulnerability CVE-2025-71362 affects the Python tool picklescan prior to version 0.0.33. It fails to detect unsafe deserialization when numpy.f2py.crackfortran calls eval on arbitrary strings, allowing an attacker to embed malicious code in pickle files that executes upon loading from untrust...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
CVE
CVE
added 2026/07/04 1:23 a.m.24 views

CVE-2025-71347

The vulnerability concerns picklescan prior to 0.0.33, which fails to detect malicious pickle files that rely on numpy.f2py.crackfortran.param_eval in reduce methods. This allows remote attackers to embed code that executes during deserialization in applications that load untrusted pickle data, e...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 1:16 p.m.14 views

CVE-2025-71365

picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded...

8.1CVSS0.003EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:12 p.m.4 views

CVE-2025-71365

picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded...

8.1CVSS6.3AI score0.003EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 12:12 p.m.9 views

EUVD-2025-210306

picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded...

8.1CVSS6.3AI score0.003EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:12 p.m.13 views

CVE-2025-71365

The CVE affects picklescan (before 0.0.33) where the detector fails to catch malicious pickle payloads that invoke numpy.f2py.crackfortran.myeval via the reduce method, allowing arbitrary code execution when loaded. Root cause: detection bypass in pickle loading path. Impact: remote code executio...

8.1CVSS6.3AI score0.003EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:4 p.m.12 views

CVE-2025-71339

Affected software/component: Picklescan (versions prior to 0.0.33). Vulnerability/gadget: The numpy.f2py.crackfortran._eval_length gadget in pickle reduce methods can bypass safety validation, enabling arbitrary code execution when loading crafted pickle files. Impact (as stated): Arbitrary Pytho...

8.1CVSS6.2AI score0.00301EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.21 views

CVE-2025-71339 Picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran._eval_length Gadget

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.evallength gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded by victims who trust Picklescan's safety validation...

8.1CVSS0.00301EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/01 6:37 a.m.4 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the scanner.py deserialization scanning logic. An attacker can achieve remote code execution by crafting ...

8.6CVSS6.7AI score
Exploits0References3
OSV
OSV
added 2025/12/30 3:20 p.m.4 views

GHSA-6556-FWC2-FG2P Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length

Summary Picklescan uses the numpy.f2py.crackfortran.evallength function a NumPy F2PY helper to execute arbitrary Python code during unpickling. Details Picklescan fails to detect a malicious pickle that uses the gadget numpy.f2py.crackfortran.evallength in reduce, allowing arbitrary command...

7.6CVSS7.8AI score0.00301EPSS
Exploits0References5
OSV
OSV
added 2025/12/30 3:18 p.m.8 views

GHSA-RRXM-2PVV-M66X Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef

Summary Picklescan uses the numpy.f2py.crackfortran.getlincoef function a NumPy F2PY helper to execute arbitrary Python code during unpickling. Details Picklescan fails to detect a malicious pickle that uses the gadget numpy.f2py.crackfortran.getlincoef in reduce, allowing arbitrary command...

9.2CVSS7.8AI score0.00379EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/30 3:18 p.m.5 views

EUVD-2025-205782

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef...

6.4AI score
Exploits0References5
Snyk
Snyk
added 2025/12/29 10:44 p.m.2 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via using the numpy.f2py.crackfortran.parameval function. An attacker can execute arbitrary code by crafting ...

8.4CVSS7.7AI score
Exploits0References3
EUVD
EUVD
added 2025/12/29 10:44 p.m.5 views

EUVD-2025-205659

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.parameval...

6.4AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/12/29 10:44 p.m.9 views

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval

Summary Picklescan uses numpy.f2py.crackfortran.parameval, which is a function in numpy to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the numpy.f2py.crackfortran.parameval function via reduce method....

7.9AI score
Exploits0References5Affected Software1
Rows per page
Query Builder