Lucene search
K

6 matches found

EUVD
EUVD
added 2026/06/23 12:12 p.m.8 views

EUVD-2025-210308

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 12:12 p.m.34 views

CVE-2025-71376 picklescan - Arbitrary Code Execution via Undetected idlelib.autocomplete.AutoComplete.fetch_completions

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...

8.1CVSS0.003EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:12 p.m.17 views

CVE-2025-71376

CVE-2025-71376 affects the Python package picklescan prior to 0.0.29. The vulnerability arises because idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods is not detected, allowing attackers to embed code in pickle files that executes arbitrary commands when loaded by victims. T...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-29458

Malicious code in bioql PyPI...

6.6AI score
Exploits0References3
Veracode
Veracode
added 2025/09/22 9:40 a.m.7 views

Insecure Deserialization

picklescan is vulnerable to Insecure Deserialization. The vulnerability is due to the use of AutoComplete.fetchcompletions executing remote pickle files, which allows an attacker to run arbitrary code on the system...

7.7AI score
Exploits0
OSV
OSV
added 2025/08/26 6:37 p.m.2 views

GHSA-7CQ8-MJ8X-J263 Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.fetch_completions

Summary Using idlelib.autocomplete.AutoComplete.fetchcompletions, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

8.1CVSS7.9AI score0.003EPSS
Exploits0References3
Rows per page
Query Builder