Lucene search
K

10 matches found

EUVD
EUVD
added 2026/06/17 3:5 p.m.7 views

EUVD-2026-37740

picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute arbitrary code by hiding eval calls nested under callable objects via getattr. Attackers can embed malicious code in pickle files that evades detection but executes when the pickle i...

9.8CVSS6AI score0.00519EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/12/30 3:24 p.m.123 views

Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.attrgetter

Summary Picklescan uses operator.attrgetter, which is a built-in python library function to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the operator.attrgetter function in the reduce method. - Then,...

7.8AI score
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/29 10:44 p.m.6 views

GHSA-CFFC-MXRF-MHH4 Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval

Summary Picklescan uses numpy.f2py.crackfortran.parameval, which is a function in numpy to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the numpy.f2py.crackfortran.parameval function via reduce method....

7.7AI score
Exploits0References5
OSV
OSV
added 2025/12/29 8:4 p.m.3 views

GHSA-3329-GHMP-JMV5 Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval

Summary Picklescan uses numpy.f2py.crackfortran.myeval, which is a function in numpy to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the numpy.f2py.crackfortran.myeval function in its reduce method -...

8.7CVSS7.7AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/08/26 9:40 p.m.7 views

Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start

Summary Using asyncio.unixevents.UnixSubprocessTransport.start function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

7.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/26 9:34 p.m.10 views

Picklescan is missing detection when calling built-in python ensurepip._run_pip

Summary Using ensurepip.runpip function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to ensurepip.runpip function in reduce method Then when the victim after...

8.1CVSS7.9AI score0.00367EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/26 9:25 p.m.5 views

Picklescan is missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_autograd_prof

Summary Using torch.utils.bottleneck.\main\.runautogradprof function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.utils.bottleneck.main.runautogradprof...

7.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/26 6:35 p.m.10 views

Picklescan has a missing detection when calling built-in python profile.Profile.run

Summary Using profile.Profile.run, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to profile.Profile.run function in reduce method Then when the victim after...

7.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/26 6:35 p.m.8 views

Picklescan has a missing detection when calling built-in python trace.Trace.runctx

Summary Using trace.Trace.runctx, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to trace.Trace.runctx function in reduce method Then when the victim after...

7.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/22 4:56 p.m.3 views

GHSA-86CJ-95QR-2P4F Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get

Summary Using torch.dynamo.guards.GuardBuilder.get function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.dynamo.guards.GuardBuilder.get function in reduce...

7.9AI score
Exploits0References5
Rows per page
Query Builder