2338 matches found
EUVD-2025-210391
picklescan before 0.0.29 fails to detect malicious pickle files using code.InteractiveInterpreter.runcode in reduce methods. Attackers can craft pickle payloads that bypass picklescan detection and execute arbitrary code when loaded via pickle.load...
CVE-2025-71371
picklescan before 0.0.29 fails to detect malicious pickle files using code.InteractiveInterpreter.runcode in reduce methods. Attackers can craft pickle payloads that bypass picklescan detection and execute arbitrary code when loaded via pickle.load...
CVE-2025-71371
CVE-2025-71371 affects picklescan
PT-2026-54011
Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.29 Description The software fails to detect malicious pickle files that utilize the code.InteractiveInterpreter.runcode function within reduce methods. This allows attackers to craft pickle payloads that bypass...
EulerOS 2.0 SP15 : kernel (EulerOS-SA-2026-2444)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : crypto: algifaead - Revert to operating out-of-placeCVE-2026-31431 bpf: Fix undefined behavior in interpreter sdiv/smod for INTMINCVE-2026-31525...
GHSA-M34P-749J-X6M6 js-toml has silent type confusion via falsy-primitive duplicate-key bypass
Summary js-toml's interpreter checks whether a key already exists in a parser-built container with if objectkey instead of if key in object. When the prior value is a falsy primitive — false, 0, 0n, 0.0, -0, or "" — the duplicate-key branch is skipped and the value is silently overwritten by a...
CVE-2026-48778
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag in config.xml is read by NppXml::value Parameters.cpp:6430 and stored in nppGUI.commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDMFILEOPENCMD File → Open...
CVE-2026-48778 Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag in config.xml is read by NppXml::value Parameters.cpp:6430 and stored in nppGUI.commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDMFILEOPENCMD File → Open...
EUVD-2025-210344
picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load, enabling supply chain attacks o...
CVE-2025-71340 picklescan - Remote Code Execution via idlelib.pyshell.ModifiedInterpreter.runcode
picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load, enabling supply chain attacks o...
PT-2026-52617
Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.30 Description The software fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode within reduce methods. This allows attackers to embed undetected code in pickle files...
ROS-20260623-73-0043
The vulnerability of the bytes.decode function in the CPython interpreter relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
ROS-20260623-73-0046
The vulnerability of the bytes.decode function in the CPython interpreter relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
ROS-20260623-73-0042
The vulnerability of the bytes.decode function in the CPython interpreter relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
Amazon Linux 2 : vim, --advisory ALAS2-2026-3368 (ALAS-2026-3368)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3368 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin...
Deserialization of Untrusted Data
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the runcommand function of idlelib.pyshell.ModifiedInterpreter when handling pickle files in reduce method...
CVE-2025-71357
picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...
CVE-2025-71357 picklescan - Arbitrary Code Execution via Undetected idlelib.pyshell.ModifiedInterpreter.runcommand
picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...
EUVD-2026-37802
Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK installpackages...
Astra Linux – Vulnerability in GhostScript
In Artifex Ghostscript version 10.01.0, there is a buffer overflow that may lead to corruption of data within the PostScript interpreter, specifically in the bcp/sbcp.c file. This issue affects functions such as BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled just...