CVE-2025-71358

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load...

CVE-2025-71358

CVE-2025-71358 concerns the Python tool picklescan (pre-0.0.29) failing to detect malicious pickle payloads that exploit the function idlelib.autocomplete.AutoComplete.get_entity in reduce methods. When a crafted pickle is loaded with pickle.load(), arbitrary commands can execute, enabling remote...

EUVD-2025-210303

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load...

EUVD-2025-29469

Malicious code in bioql PyPI...

EUVD-2025-29454

Malicious code in bioql PyPI...

Picklescan has a missing detection when calling built-in python library idlelib.calltip.get_entity

Summary Using idlelib.calltip.getentity function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.calltip.getentity function in reduce method Then whe...

Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity

Summary Using idlelib.autocomplete.AutoComplete.getentity, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.autocomplete.AutoComplete.getentity functio...