Lucene search
K

9 matches found

NVD
NVD
added 2026/06/21 2:16 p.m.10 views

CVE-2025-71357

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS0.00276EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/21 1:26 p.m.7 views

EUVD-2025-210293

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS6AI score0.00276EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.30 views

CVE-2025-71357 picklescan - Arbitrary Code Execution via Undetected idlelib.pyshell.ModifiedInterpreter.runcommand

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS0.00276EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-29495

Malicious code in bioql PyPI...

6.6AI score
Exploits0References3
OSV
OSV
added 2025/08/26 9:36 p.m.3 views

GHSA-J343-8V2J-FF7W Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand

Summary Using idlelib.pyshell.ModifiedInterpreter.runcommand function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

8.1CVSS7.9AI score0.00276EPSS
Exploits1References3
OSV
OSV
added 2025/08/26 6:37 p.m.1 views

GHSA-7CQ8-MJ8X-J263 Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.fetch_completions

Summary Using idlelib.autocomplete.AutoComplete.fetchcompletions, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

7.9AI score
Exploits0References3
OSV
OSV
added 2025/08/26 6:37 p.m.6 views

GHSA-6W4W-5W54-RJVR Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity

Summary Using idlelib.autocomplete.AutoComplete.getentity, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.autocomplete.AutoComplete.getentity functio...

8.1CVSS7.9AI score0.00248EPSS
Exploits0References3
OSV
OSV
added 2025/08/26 6:36 p.m.1 views

GHSA-3VG9-H568-4W9M Picklescan has a missing detection when calling built-in python idlelib.debugobj.ObjectTreeItem

Summary Using idlelib.debugobj.ObjectTreeItem.SetText, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.debugobj.ObjectTreeItem.SetText function in...

8.1CVSS7.9AI score0.00253EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.11 views

PT-2026-51385

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.29 Description An issue exists where the software fails to detect malicious pickle files that utilize the get entity function within the idlelib.autocomplete.AutoComplete module in reduce methods. This allows...

8.1CVSS6.3AI score0.00248EPSS
Exploits0References8
Rows per page
Query Builder