CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

119 matches found

Snyk•added 2026/05/12 6:30 p.m.•4 views

Deserialization of Untrusted Data

Overview ludwig is a Declarative machine learning: End-to-end machine learning pipelines using data-driven configurations. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the predict method. An attacker can execute arbitrary code by supplying a maliciousl...

9.8CVSS6.1AI score0.00513EPSS

Exploits0References2

RedhatCVE•added 2026/03/26 3:18 p.m.•2 views

CVE-2026-3989

SGLangs replayrequestdump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...

7.8CVSS7.1AI score0.00033EPSS

Exploits0References1

EUVD•added 2026/03/12 12:30 p.m.•1 views

EUVD-2026-11561

5.9AI score0.00033EPSS

Exploits0References3

OSV•added 2026/03/12 12:30 p.m.•2 views

GHSA-HVWJ-8W5G-28RG SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization

7.8CVSS6AI score0.00033EPSS

Exploits0References6

Github Security Blog•added 2026/03/12 12:30 p.m.•4 views

SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization

7.8CVSS5.9AI score0.00033EPSS

Exploits0References6Affected Software1

NVD•added 2026/03/12 12:15 p.m.•1 views

CVE-2026-3989

7.8CVSS0.00033EPSS

Exploits0References4

ATTACKERKB•added 2026/03/12 11:37 a.m.•0 views

CVE-2026-3989

7.8CVSS5.9AI score0.00033EPSS

Exploits0References5Affected Software1

CVE•added 2026/03/12 11:37 a.m.•3 views

CVE-2026-3989

SGLangs’ replay_request_dump.py is affected by CVE-2026-3989 due to an insecure pickle.load() without validation in the deserialization process. The vulnerability arises when a malicious .pkl file is provided, allowing attacker-controlled code execution on the device running the script. The descr...

7.8CVSS5.9AI score0.00033EPSS

Exploits0References4

Cvelist•added 2026/03/12 11:37 a.m.•20 views

CVE-2026-3989 CVE-2026-3989

0.00033EPSS

Exploits0References4

Packet Storm News•added 2026/02/23 12:0 a.m.•1 views

SafePickle: Robust and Generic ML Detection of Malicious Pickle-Based ML Models

Model repositories such as Hugging Face increasingly distribute machine learning artifacts serialized with Python's pickle format, exposing users to remote code execution RCE risks during model loading. Recent defenses, such as PickleBall, rely on per-library policy synthesis that requires comple...

6.6AI score

Exploits0

SUSE CVE•added 2026/02/04 12:26 a.m.•3 views

SUSE CVE-2025-70559

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...

6.5CVSS7.9AI score0.00114EPSS

Exploits0References3

Github Security Blog•added 2026/02/03 6:30 p.m.•5 views

Boltz contains an insecure deserialization vulnerability in its molecule loading functionality

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...

8.4CVSS6.4AI score0.00153EPSS

Exploits0References4Affected Software1

OSV•added 2026/02/03 6:16 p.m.•1 views

CVE-2025-70559

6.5CVSS6.4AI score

Exploits0References2

UbuntuCve•added 2026/02/03 6:16 p.m.•1 views

CVE-2025-70559

6.5CVSS6.4AI score0.00114EPSS

Exploits0References4

Veracode•added 2026/02/03 1:4 p.m.•3 views

Insecure Deserialization

Fickling is vulnerable to Insecure Deserialization. The vulnerability is due to missing marshal and types modules from the unsafe import block list, which allows an attacker to craft a malicious pickle file that bypasses Fickling’s analysis and executes arbitrary code when deserialized by a...

8.5CVSS5.9AI score0.00044EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/02/03 12:0 a.m.•23 views

CVE-2025-70559

0.00114EPSS

Exploits0References2

CVE•added 2026/02/03 12:0 a.m.•6 views

CVE-2025-70559

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation, allowing an attacker who can place a malicious pickle file in a reachable location to trigger arbitrary...

6.5CVSS8.1AI score0.00114EPSS

Exploits0References2

Positive Technologies•added 2026/02/03 12:0 a.m.•4 views

PT-2026-5985

Name of the Vulnerable Software and Affected Versions Boltz version 2.0.0 Description The software contains an insecure deserialization issue in its molecule loading functionality. It utilizes Python pickle to deserialize molecule data files without proper validation. An attacker capable of placi...

8.4CVSS6.3AI score0.00153EPSS

Exploits0References8

ATTACKERKB•added 2026/02/03 12:0 a.m.•1 views

CVE-2025-70559

8.6CVSS6.4AI score0.00119EPSS

Exploits1References3

Veracode•added 2026/01/20 11:54 a.m.•4 views

Insecure Deserialization

fickling is vulnerable to Insecure Deserialization. The vulnerability is due to Fickling not treating Python’s runpy module as unsafe, which allows an attacker to craft a malicious pickle using runpy.runpath or runpy.runmodule that is misclassified as suspicious rather than overtly malicious,...

9.3CVSS6AI score0.00101EPSS

Exploits1References6Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by