Lucene search
K

8 matches found

ATTACKERKB
ATTACKERKB
added 21 hours ago7 views

CVE-2025-71372

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypassing Picklescan's safety checks and enabling...

8.1CVSS6.3AI score
Exploits0References3
CVE
CVE
added 21 hours ago7 views

CVE-2025-71372

Summary: CVE-2025-71372 affects Picklescan prior to 0.0.33. The vulnerability arises from failure to detect the numpy.f2py.crackfortran.getlincoef gadget within pickle reduce methods, enabling an attacker to craft malicious pickle files that execute arbitrary Python code when loaded and could poi...

8.1CVSS6.3AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/12/30 3:18 p.m.8 views

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef

Summary Picklescan uses the numpy.f2py.crackfortran.getlincoef function a NumPy F2PY helper to execute arbitrary Python code during unpickling. Details Picklescan fails to detect a malicious pickle that uses the gadget numpy.f2py.crackfortran.getlincoef in reduce, allowing arbitrary command...

8AI score
Exploits0References5Affected Software1
Snyk
Snyk
added 2025/12/30 3:18 p.m.1 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the getlincoef function. An attacker can execute arbitrary code by crafting a malicious pickle file that...

8.4CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 2025/12/30 3:18 p.m.5 views

EUVD-2025-205782

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef...

6.4AI score
Exploits0References5
OSV
OSV
added 2025/12/30 3:18 p.m.5 views

GHSA-RRXM-2PVV-M66X Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef

Summary Picklescan uses the numpy.f2py.crackfortran.getlincoef function a NumPy F2PY helper to execute arbitrary Python code during unpickling. Details Picklescan fails to detect a malicious pickle that uses the gadget numpy.f2py.crackfortran.getlincoef in reduce, allowing arbitrary command...

9.2CVSS7.8AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/12/29 3:27 p.m.7 views

Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef

Summary An unsafe deserialization vulnerability allows an attacker to execute arbitrary code on the host when loading a malicious pickle payload from an untrusted source. Details The numpy.f2py.crackfortran module exposes many functions that call eval on arbitrary strings of values. This is the...

7.8AI score
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/12/29 3:27 p.m.4 views

EUVD-2025-205587

Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef...

6.4AI score
Exploits0References5
Rows per page
Query Builder