CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

39 matches found

CVE-2025-71340

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load, enabling supply chain attacks o...

8.1CVSS0.003EPSS

Exploits0References2

Cvelist•added 3 days ago•21 views

CVE-2025-71340 picklescan - Remote Code Execution via idlelib.pyshell.ModifiedInterpreter.runcode

8.1CVSS0.003EPSS

Exploits0References2

CVE•added 3 days ago•10 views

CVE-2025-71340

CVE-2025-71340 affects the picklescan tool up to version 0.0.26, where malicious pickle files can invoke idlelib.pyshell.ModifiedInterpreter.runcode via reduce , allowing code execution when loaded with pickle.load(). This enables supply‑chain attacks on PyTorch models and saved Python objects. T...

8.1CVSS6.1AI score0.003EPSS

Exploits0References2

NVD•added 4 days ago•7 views

CVE-2025-71354

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. Attackers can craft pickle files with embedded code that bypasses picklescan detection and executes arbitrary commands when pickle.load is called...

8.1CVSS0.00253EPSS

Exploits0References2

NVD•added 4 days ago•4 views

CVE-2025-71361

picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetchtip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load...

8.1CVSS0.00339EPSS

Exploits0References2

Cvelist•added 4 days ago•31 views

CVE-2025-71361 picklescan - Remote Code Execution via Undetected idlelib.calltip.Calltip.fetch_tip

8.1CVSS0.00339EPSS

Exploits0References2

CVE•added 4 days ago•6 views

CVE-2025-71361

CVE-2025-71361 affects the Python package picklescan, specifically versions prior to 0.0.29. The issue is that picklescan fails to detect malicious calls to idlelib.calltip.Calltip.fetch_tip embedded in pickle files, enabling remote code execution when a pickle is loaded (pickle.load()). The CVSS...

8.1CVSS6.4AI score0.00339EPSS

Exploits0References2

EUVD•added 4 days ago•6 views

EUVD-2025-210328

8.1CVSS6.4AI score0.00339EPSS

Exploits0References2

EUVD•added 4 days ago•6 views

EUVD-2025-210327

8.1CVSS6.1AI score0.00253EPSS

Exploits0References2

CVE•added 4 days ago•8 views

CVE-2025-71354

Summary: CVE-2025-71354 affects the Python package picklescan (prior to 0.0.29) via the idlelib.debugobj.ObjectTreeItem.SetText reduce path, allowing crafted pickle payloads to bypass detection and cause arbitrary code execution when pickle.load() is used. Affected software: picklescan (versions ...

8.1CVSS6.1AI score0.00253EPSS

Exploits0References2

NVD•added 5 days ago•8 views

CVE-2025-71376

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...

8.1CVSS0.003EPSS

Exploits0References2

Cvelist•added 5 days ago•30 views

CVE-2025-71376 picklescan - Arbitrary Code Execution via Undetected idlelib.autocomplete.AutoComplete.fetch_completions

8.1CVSS0.003EPSS

Exploits0References2

CVE•added 5 days ago•11 views

CVE-2025-71376

CVE-2025-71376 affects the Python package picklescan prior to 0.0.29. The vulnerability arises because idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods is not detected, allowing attackers to embed code in pickle files that executes arbitrary commands when loaded by victims. T...

8.1CVSS6.1AI score0.003EPSS

Exploits0References2

EUVD•added 5 days ago•6 views

EUVD-2025-210308

8.1CVSS6.1AI score0.003EPSS

Exploits0References2

ATTACKERKB•added 5 days ago•5 views

CVE-2025-71376

8.1CVSS6.1AI score0.003EPSS

Exploits0References3

NVD•added 6 days ago•5 views

CVE-2025-71358

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load...

8.1CVSS0.00248EPSS

Exploits0References2

Cvelist•added 6 days ago•18 views

CVE-2025-71358 picklescan - Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entity

8.1CVSS0.00248EPSS

Exploits0References2

CVE•added 6 days ago•11 views

CVE-2025-71358

CVE-2025-71358 concerns the Python tool picklescan (pre-0.0.29) failing to detect malicious pickle payloads that exploit the function idlelib.autocomplete.AutoComplete.get_entity in reduce methods. When a crafted pickle is loaded with pickle.load(), arbitrary commands can execute, enabling remote...

8.1CVSS6.1AI score0.00248EPSS

Exploits0References2

Snyk•added last week•3 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the runcommand function of idlelib.pyshell.ModifiedInterpreter when handling pickle files in reduce method...

9.6CVSS6.2AI score0.00276EPSS

Exploits1References2

CVE•added last week•10 views

CVE-2025-71357

CVE-2025-71357 affects the Python package picklescan older than 0.0.30. The vulnerability arises from using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods, allowing attackers to embed code in pickle files that can execute remote commands when loaded by a victim. The connected so...

8.1CVSS6AI score0.00276EPSS

Exploits1References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by