Lucene search
K

30 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.4 views

CVE-2026-3989

SGLangs replayrequestdump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...

7.8CVSS7.1AI score0.00334EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/12 12:30 p.m.9 views

SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization

SGLangs replayrequestdump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...

7.8CVSS5.9AI score0.00334EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/03/12 12:15 p.m.3 views

CVE-2026-3989

SGLangs replayrequestdump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...

7.8CVSS0.00334EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/12 11:37 a.m.23 views

CVE-2026-3989 CVE-2026-3989

SGLangs replayrequestdump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...

0.00334EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/12 11:37 a.m.1 views

CVE-2026-3989

SGLangs replayrequestdump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...

7.8CVSS5.9AI score0.00334EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/03/12 11:37 a.m.19 views

CVE-2026-3989

CVE-2026-3989 affects SGLangs replay_request_dump.py, where an insecure pickle.load() is used without validation. The underlying issue is improper deserialization, enabling execution of attacker-supplied code when a malicious .pkl file is provided to the script. The CVE’s metrics indicate a high-...

7.8CVSS5.9AI score0.00334EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/03 6:30 p.m.9 views

Boltz contains an insecure deserialization vulnerability in its molecule loading functionality

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...

8.4CVSS6.4AI score0.00143EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/03 12:0 a.m.27 views

CVE-2025-70559

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...

0.00223EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 12:0 a.m.4 views

CVE-2025-70559

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...

6.5CVSS6.4AI score0.00223EPSS
Exploits0References4
CVE
CVE
added 2026/02/03 12:0 a.m.14 views

CVE-2025-70559

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation, allowing an attacker who can place a malicious pickle file in a reachable location to trigger arbitrary...

6.5CVSS8.1AI score0.00223EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.18 views

CVE-2025-1889

picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle and include a malicious pickle file with a non-standard file extension. Because the malicious pickle file inclusion is not...

9.8CVSS7.1AI score0.00365EPSS
Exploits2References1
OPENSUSE Linux
OPENSUSE Linux
added 2025/11/11 12:0 a.m.9 views

Security update for python-pdfminer.six (important)

openSUSE Security Update: Security update for python-pdfminer.six Announcement ID: openSUSE-SU-2025:0429-1 Rating: important References: 1253228 Cross-References: CVE-2025-64512 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description:...

8.6CVSS7.2AI score0.00314EPSS
Exploits1References1
NVD
NVD
added 2025/11/10 10:15 p.m.4 views

CVE-2025-64512

Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...

8.6CVSS0.00314EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-5323

Malicious code in bioql PyPI...

9.8CVSS8.8AI score0.01592EPSS
Exploits2References5
Veracode
Veracode
added 2025/09/15 7:38 a.m.5 views

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE.The vulnerability is due to insecure handling of pickle deserialization where the function can execute attacker-controlled reduce payloads and unsafe validation, which allows an attacker to achieve remote code execution by supplying a maliciou...

8.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/08/26 9:38 p.m.5 views

Picklescan is missing detection when calling built-in python cProfile.runctx

Summary Using cProfile.runctx function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.runctx function in reduce method Then when the victim after...

7.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/26 9:38 p.m.8 views

Picklescan is missing detection when calling built-in python doctest.debug_script

Summary Using doctest.debugscript function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to doctest.debugscript function in reduce method Then when the victim...

7.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/26 9:36 p.m.5 views

Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand

Summary Using idlelib.pyshell.ModifiedInterpreter.runcommand function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

7.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/26 9:35 p.m.1 views

GHSA-M869-42CG-3XWR Picklescan is missing detection when calling built-in python idlelib.run.Executive.runcode

Summary Using idlelib.run.Executive.runcode function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.run.Executive.runcode function in reduce method...

8.1CVSS7.9AI score0.00427EPSS
Exploits0References3
OSV
OSV
added 2025/08/22 4:58 p.m.3 views

GHSA-VV6J-3G6G-2PVJ Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config

Summary Using torch.utils.configmodule.loadconfig function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.utils.configmodule.loadconfig function in reduce...

8.1CVSS7.9AI score0.00397EPSS
Exploits1References5
Rows per page
Query Builder