Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

130 matches found

Github Security Blog
Github Security Blogadded last week7 views

Duplicate Advisory: picklescan missing detection by simple obfuscation of a `builtins.eval` call

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9m3x-qqw2-h32h. This link is maintained to preserve external references. Original Description picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute...

9.8CVSS6AI score0.00519EPSS
Exploits0References4Affected Software1
NVD
NVDadded last week10 views

CVE-2026-53874

picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute arbitrary code by hiding eval calls nested under callable objects via getattr. Attackers can embed malicious code in pickle files that evades detection but executes when the pickle i...

9.8CVSS0.00519EPSS
Exploits0References2
EUVD
EUVDadded last week5 views

EUVD-2026-37740

picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute arbitrary code by hiding eval calls nested under callable objects via getattr. Attackers can embed malicious code in pickle files that evades detection but executes when the pickle i...

9.8CVSS6AI score0.00519EPSS
Exploits0References2
CVE
CVEadded last week10 views

CVE-2026-53874

CVE-2026-53874 affects picklescan up to version 1.0.0, with an unsafe deserialization flaw that allows unauthenticated users to execute arbitrary code by hiding eval calls under callable objects via getattr. When a pickle is loaded from an untrusted source, malicious code embedded in the pickle c...

9.8CVSS6.1AI score0.00519EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/06/17 12:0 a.m.10 views

PT-2026-50468

picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute arbitrary code by hiding eval calls nested under callable objects via getattr. Attackers can embed malicious code in pickle files that evades detection but executes when the pickle i...

9.8CVSS6.1AI score0.00519EPSS
Exploits0References4
AstraLinux
AstraLinuxadded 2026/05/03 11:59 p.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: NFSD: Actions must be defined for the new timedeleg FATTR4 attributes. NFSv4 clients will not send legitimate GETATTR requests for these new attributes, as they are intended to be used only with CBGETATTR and SETATTR. However,...

5.5AI score0.00148EPSS
Exploits0References1
AstraLinux
AstraLinuxadded 2026/05/03 11:59 p.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: smb/server: Fixed the reference count leak in smb2open. When ksmbdvfsgetattr fails, the reference count of ksmbdfile must be released...

5.5CVSS5.2AI score0.00122EPSS
Exploits0References1
AstraLinux
AstraLinuxadded 2026/05/03 11:59 p.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: afs: Fixed dynamic root getattr The recent patch to modify afagetattr to consult the server did not take into account the pseudo-inodes used by the dynamic root-type afa superblock. As a result, there was no way for the superbloc...

5.5CVSS5.5AI score0.00283EPSS
Exploits0References2
AstraLinux
AstraLinuxadded 2026/05/03 11:59 p.m.1 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: The fs subsystem should pass the ATGETATTRNOSEC flag to the getattr interface function. When the vfsgetattrnosec function calls the getattr interface of a file system, the nosec flag should be propagated into this function, so th...

5.5CVSS5.4AI score0.00208EPSS
Exploits0References2
Veracode
Veracodeadded 2026/04/11 5:30 a.m.6 views

Arbitrary Code Execution

Lupa is vulnerable to Arbitrary Code Execution. The vulnerability is due to inconsistent enforcement of attributefilter when attributes are accessed via built-in functions like getattr and setattr, allowing attackers to bypass restrictions and potentially achieve arbitrary code execution...

10CVSS6.1AI score0.00515EPSS
Exploits1References2Affected Software1
EUVD
EUVDadded 2026/04/07 3:48 p.m.2 views

EUVD-2026-19346

Lupa has a Sandbox escape and RCE due to incomplete attributefilter enforcement in getattr / setattr...

7.9CVSS5.9AI score0.00515EPSS
Exploits1References2
OSV
OSVadded 2026/04/07 3:48 p.m.4 views

GHSA-69V7-XPR6-6GJM Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr

Summary The attributefilter in the Lupa library is intended to restrict access to sensitive Python attributes when exposing objects to Lua. However, the filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to...

10CVSS6.5AI score0.00515EPSS
Exploits1References3
Snyk
Snykadded 2026/04/07 3:48 p.m.3 views

Arbitrary Code Injection

Overview lupa is a Python wrapper around Lua and LuaJIT Affected versions of this package are vulnerable to Arbitrary Code Injection incomplete enforcement of the attributefilter in the getattr and setattr built-in functions. An attacker can execute arbitrary commands in the host environment by...

10CVSS6.1AI score0.00515EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2026/04/07 3:48 p.m.5 views

Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr

Summary The attributefilter in the Lupa library is intended to restrict access to sensitive Python attributes when exposing objects to Lua. However, the filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to...

10CVSS6.5AI score0.00515EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVEadded 2026/04/06 7:52 p.m.6 views

CVE-2026-34444

A flaw was found in Lupa, a tool that integrates Lua or LuaJIT2 runtimes into CPython. An attacker can exploit this vulnerability by bypassing attribute filtering mechanisms when accessing attributes through built-in functions like getattr and setattr. This inconsistency in applying security...

10CVSS6AI score0.00515EPSS
Exploits1References4
OSV
OSVadded 2026/04/06 4:16 p.m.3 views

DEBIAN-CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

10CVSS5.8AI score0.00515EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2026/04/06 4:16 p.m.0 views

CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

10CVSS6AI score0.00515EPSS
Exploits1References2
CVE
CVEadded 2026/04/06 3:30 p.m.12 views

CVE-2026-34444

CVE-2026-34444 affects Lupa (Lua/LuaJIT2 runtimes integrated into CPython). The attribute_filter is not consistently applied when attributes are accessed via built-in functions like getattr/setattr, allowing bypass of restrictions and potentially arbitrary code execution. Documented in multiple s...

10CVSS6.2AI score0.00515EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/04/06 3:30 p.m.26 views

CVE-2026-34444 Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

7.9CVSS0.00515EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/04/06 3:30 p.m.3 views

CVE-2026-34444 Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

7.9CVSS6.2AI score0.00515EPSS
Exploits1References1
Rows per page
Query Builder