Lucene search
+L

8 matches found

EUVD
EUVD
added 2026/07/04 1:23 a.m.8 views

EUVD-2025-210417

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.22 views

CVE-2025-71358 picklescan - Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entity

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load...

8.1CVSS0.00248EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:4 p.m.4 views

CVE-2025-71358

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load...

8.1CVSS6.1AI score0.00248EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 9:4 p.m.3 views

CVE-2025-71358 picklescan - Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entity

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load...

7.6CVSS6.1AI score0.00248EPSS
Exploits0References4
Veracode
Veracode
added 2025/09/24 5:45 a.m.7 views

Insecure Deserialization

picklescan is vulnerable to insecure deserialization. The vulnerability is due to using the getentity function to execute a remote pickle file, which allows an attacker to run arbitrary code...

7.5AI score
Exploits0
Veracode
Veracode
added 2025/09/22 9:41 a.m.6 views

Insecure Deserialization

picklescan is vulnerable to Insecure Deserialization. The vulnerability is due to the use of AutoComplete.getentity to execute remote pickle files, which allows an attacker to run arbitrary code on the target system...

7.9AI score
Exploits0
OSV
OSV
added 2025/08/26 6:37 p.m.7 views

GHSA-6W4W-5W54-RJVR Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity

Summary Using idlelib.autocomplete.AutoComplete.getentity, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.autocomplete.AutoComplete.getentity functio...

8.1CVSS7.9AI score0.00248EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.12 views

PT-2026-55673

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.29 Description The software fails to detect malicious pickle files that utilize the idlelib.calltip.get entity function within reduce methods. This allows attackers to embed undetected code in pickle files, whi...

8.1CVSS6.6AI score0.003EPSS
Exploits0References11
Rows per page
Query Builder