Lucene search
+L

4 matches found

cve
cve
added 2026/07/04 1:23 a.m.23 views

CVE-2025-71342

CVE-2025-71342 affects picklescan prior to 0.0.30, which fails to detect malicious pickle files that use idlelib.run.Executive.runcode in reduce methods. This can allow code embedded in pickle files to execute during pickle.load, enabling remote code execution in PyTorch models and related supply...

8.1CVSS6.6AI score0.00427EPSS
Exploits0References2
cve
cve
added 2026/06/25 9:41 p.m.19 views

CVE-2025-71340

CVE-2025-71340 affects the picklescan tool up to version 0.0.26, where malicious pickle files can invoke idlelib.pyshell.ModifiedInterpreter.runcode via reduce , allowing code execution when loaded with pickle.load(). This enables supply‑chain attacks on PyTorch models and saved Python objects. T...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
veracode
veracode
added 2025/09/24 6:35 a.m.7 views

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to the idlelib.run.Executive.runcode function executing arbitrary pickle files, which allows an attacker to run malicious code remotely...

7.8AI score
Exploits0
github
github
added 2025/08/26 9:35 p.m.8 views

Picklescan is missing detection when calling built-in python idlelib.run.Executive.runcode

Summary Using idlelib.run.Executive.runcode function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.run.Executive.runcode function in reduce method...

7.9AI score
Exploits0References3Affected Software1
Rows per page
Query Builder