Lucene search
K

12 matches found

CVE
CVE
added yesterday4 views

CVE-2025-71371

CVE-2025-71371 affects picklescan

8.1CVSS6.1AI score
Exploits0References2
NVD
NVD
added 6 days ago10 views

CVE-2025-71340

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load, enabling supply chain attacks o...

8.1CVSS0.003EPSS
Exploits0References2
CVE
CVE
added last week9 views

CVE-2025-71354

Summary: CVE-2025-71354 affects the Python package picklescan (prior to 0.0.29) via the idlelib.debugobj.ObjectTreeItem.SetText reduce path, allowing crafted pickle payloads to bypass detection and cause arbitrary code execution when pickle.load() is used. Affected software: picklescan (versions ...

8.1CVSS6.1AI score0.00253EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 1:16 p.m.10 views

CVE-2025-71376

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...

8.1CVSS0.003EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 p.m.9 views

CVE-2025-71358

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load...

8.1CVSS0.00248EPSS
Exploits0References2
CVE
CVE
added 2026/06/21 1:26 p.m.10 views

CVE-2025-71357

CVE-2025-71357 affects the Python package picklescan older than 0.0.30. The vulnerability arises from using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods, allowing attackers to embed code in pickle files that can execute remote commands when loaded by a victim. The connected so...

8.1CVSS6AI score0.00276EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/03/03 8:5 p.m.4 views

Incomplete List of Disallowed Inputs

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the unsafeglobals function. An attacker can execute arbitrary commands on the target system by crafting...

10CVSS6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.4 views

CVE-2026-22609

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafeimports method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected...

9.3CVSS8.1AI score0.00554EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/10 1:35 a.m.2 views

CVE-2026-22609 Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafeimports method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected...

9.3CVSS7.8AI score0.00554EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.5 views

PT-2026-2229

Name of the Vulnerable Software and Affected Versions Fickling versions prior to 0.1.7 Description Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafe imports method within Fickling’s static analyzer does not identify several high-risk Python modules...

9.3CVSS7.7AI score0.00554EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.11 views

PT-2026-51216

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.30 Description The software fails to detect malicious pickle files that utilize the idlelib.pyshell.ModifiedInterpreter.runcommand function within reduce methods. This allows attackers to embed undetected code ...

8.1CVSS6.5AI score0.00276EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2005/09/17 12:0 a.m.14 views

GLSA-200509-09 : Py2Play: Remote execution of arbitrary Python code

The remote host is affected by the vulnerability described in GLSA-200509-09 Py2Play: Remote execution of arbitrary Python code Arc Riley discovered that Py2Play uses Python pickles to send objects over a peer-to-peer game network, and that clients accept without restriction the objects and code...

7.5CVSS6.2AI score0.0189EPSS
Exploits0References2
Rows per page
Query Builder