Lucene search
K

8 matches found

NVD
NVD
added 2026/06/17 5:16 p.m.17 views

CVE-2025-71325

picklescan before 0.0.27 contains a parsing logic error in the listglobals function when handling STACKGLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigg...

9.8CVSS0.00475EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 3:5 p.m.18 views

CVE-2025-71325 picklescan - Detection Bypass via STACK_GLOBAL Opcode Parsing Logic Flaw

picklescan before 0.0.27 contains a parsing logic error in the listglobals function when handling STACKGLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigg...

9.8CVSS0.00475EPSS
Exploits0References3
CVE
CVE
added 2026/06/16 6:17 p.m.66 views

CVE-2026-47750

The CVE-2026-47750 issue affects stable-diffusion.cpp in its pickle (.ckpt) parser (src/model.cpp). A heap buffer overflow occurs in the GLOBAL opcode handler due to missing validation while locating newline-delimited fields; a crafted .ckpt from an untrusted source can cause the parser to copy w...

7.8CVSS5.8AI score0.0018EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/06/16 6:17 p.m.22 views

CVE-2026-47750 stable-diffusion.cpp: Heap buffer overflow in GLOBAL opcode parsing for PyTorch checkpoint files

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode...

7.8CVSS0.0018EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-49830

Name of the Vulnerable Software and Affected Versions stable-diffusion.cpp versions prior to master-584-0a7ae07 Description The pickle .ckpt parser in src/model.cpp contains a heap buffer overflow in the GLOBAL opcode handler. This occurs due to missing validation when searching for...

7.8CVSS6AI score0.0018EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2025/11/25 11:15 p.m.4 views

CVE-2025-64713

WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. Prior to version 2.4.4, an out-of-bounds array access issue exists in WAMR's fast interpreter mode during WASM bytecode loading. When framerefbottom and frameoffsetbottom arrays are at capacity and a GETGLOBALI32...

7.4CVSS6.9AI score0.00284EPSS
Exploits1References2
NVD
NVD
added 2025/11/25 11:15 p.m.4 views

CVE-2025-64713

WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. Prior to version 2.4.4, an out-of-bounds array access issue exists in WAMR's fast interpreter mode during WASM bytecode loading. When framerefbottom and frameoffsetbottom arrays are at capacity and a GETGLOBALI32...

7.4CVSS0.00284EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/12 12:13 a.m.6 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the STACKGLOBAL opcode parsing process. An attacker can bypass detection mechanisms by crafting a malicio...

9.6CVSS7AI score
Exploits0References2
Rows per page
Query Builder