Lucene search
+L

97 matches found

Vulnrichment
Vulnrichment
added 2026/01/10 1:35 a.m.2 views

CVE-2026-22609 Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafeimports method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected...

9.3CVSS7.8AI score0.00554EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/01/10 1:35 a.m.34 views

CVE-2026-22609 Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafeimports method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected...

9.3CVSS0.00554EPSS
Exploits1References6
OSV
OSV
added 2026/01/10 1:35 a.m.6 views

CVE-2026-22609 Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafeimports method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected...

9.3CVSS7.9AI score0.00554EPSS
Exploits1References8
CVE
CVE
added 2026/01/10 1:35 a.m.20 views

CVE-2026-22608

CVE-2026-22608 (Fickling) affects the Python tool Fickling (pickling decompiler/static analyzer). Before version 0.1.7, ctypes and pydoc were not explicitly blocked, allowing chaining (via pydoc.locate to get ctypes.windll.kernel32.WinExec) to achieve remote code execution while the file is repor...

9.3CVSS6.5AI score0.00346EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/01/10 1:35 a.m.33 views

CVE-2026-22608 Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools like picklescan do not block pydoc.locate. Chaining these two together can achieve RCE while the scanner still...

9.3CVSS0.00346EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/10 1:35 a.m.5 views

EUVD-2026-1686

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools like picklescan do not block pydoc.locate. Chaining these two together can achieve RCE while the scanner still...

9.3CVSS6.4AI score0.00346EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/01/10 1:35 a.m.4 views

CVE-2026-22608 Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools like picklescan do not block pydoc.locate. Chaining these two together can achieve RCE while the scanner still...

9.3CVSS6.5AI score0.00346EPSS
Exploits0References3
OSV
OSV
added 2026/01/10 1:35 a.m.8 views

CVE-2026-22608 Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools like picklescan do not block pydoc.locate. Chaining these two together can achieve RCE while the scanner still...

9.3CVSS6.7AI score0.00346EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/10 1:35 a.m.28 views

CVE-2026-22607 Fickling Blocklist Bypass: cProfile.run()

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...

9.3CVSS0.0044EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/10 1:35 a.m.3 views

CVE-2026-22607 Fickling Blocklist Bypass: cProfile.run()

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...

9.3CVSS6.8AI score0.0044EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/10 1:35 a.m.3 views

EUVD-2026-1687

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...

9.3CVSS6.6AI score0.0044EPSS
Exploits1References10
CVE
CVE
added 2026/01/10 1:35 a.m.18 views

CVE-2026-22607

Summary (CVE-2026-22607 – Fickling) Fickling (Python pickling decompiler/static analyzer) versions up to and including 0.1.6 fail to treat the Python module cProfile as unsafe. This causes a malicious pickle using cProfile.run() to be classified as SUSPICIOUS rather than OVERTLY_MALICIOUS, potent...

9.3CVSS6.8AI score0.0044EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/01/10 1:35 a.m.5 views

CVE-2026-22607 Fickling Blocklist Bypass: cProfile.run()

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...

9.3CVSS7AI score0.0044EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/10 1:35 a.m.24 views

CVE-2026-22606 Fickling has a bypass via runpy.run_path() and runpy.run_module()

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.runpath or runpy.runmodule is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user...

9.3CVSS0.00425EPSS
Exploits1References3
CVE
CVE
added 2026/01/10 1:35 a.m.23 views

CVE-2026-22606

CVE-2026-22606 affects Fickling (Python pickling decompiler/static analyzer) up to version 0.1.6. The root cause is that the runpy module (including run_path and run_module) was not treated as unsafe, causing some malicious pickles to be classified as SUSPICIOUS rather than OVERTLY_MALICIOUS. Thi...

9.3CVSS6.8AI score0.00425EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/10 1:35 a.m.1 views

CVE-2026-22606 Fickling has a bypass via runpy.run_path() and runpy.run_module()

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.runpath or runpy.runmodule is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user...

9.3CVSS6.8AI score0.00425EPSS
Exploits1References3
OSV
OSV
added 2026/01/10 1:35 a.m.5 views

CVE-2026-22606 Fickling has a bypass via runpy.run_path() and runpy.run_module()

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.runpath or runpy.runmodule is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user...

9.3CVSS7AI score0.00425EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.5 views

Fickling 代码问题漏洞

Fickling is an open source decompiler and static analyzer for Python by Trail of Bits. Fickling 0.1.7 before the version of the code problem vulnerability , the vulnerability stems from the existence of detection blindness to the builder module , which may lead to detection bypass...

9.3CVSS6.7AI score0.00264EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.8 views

Fickling 代码问题漏洞

Fickling is an open source decompiler and static analyzer for Python by Trail of Bits. A code issue vulnerability exists in Fickling version 0.1.6 and earlier, which stems from failing to mark the cProfile module as insecure, which could lead to the execution of attacker-controlled code...

9.3CVSS6.8AI score0.0044EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.4 views

Fickling 代码问题漏洞

Fickling is an open source decompiler and static analyzer for Python by Trail of Bits. A code issue vulnerability exists in Fickling version 0.1.6 and earlier, which stems from failing to mark the runpy module as unsafe, which could lead to the execution of attacker-controlled code...

9.3CVSS6.8AI score0.00425EPSS
Exploits1References3
Rows per page
Query Builder