Lucene search
K

557 matches found

OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-1013 Seg fault in `ndarray_tensor_bridge` due to zero and large inputs

Impact If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. E.g. the following raises an error: python np.ones0, 231, 231 An example of a proof of concept: python import numpy as np import tensorflow as tf inputval =...

4.8CVSS5.9AI score0.0033EPSS
Exploits1References6
Snyk
Snyk
added 2026/07/05 12:28 p.m.8 views

Authorization Bypass Through User-Controlled Key

Overview langgraph is a Building stateful, multi-actor applications with LLMs Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a key collision in the defaultcachekey and freeze functions of langgraph/internal/cache.py, where freeze reduce...

4.2CVSS6AI score0.0016EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/04 3:11 a.m.6 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the numpy.f2py.crackfortran process. An attacker can execute arbitrary code by crafting malicious pickle...

8.1CVSS6.2AI score0.003EPSS
Exploits0References2
NVD
NVD
added 2026/07/04 2:16 a.m.10 views

CVE-2025-71362

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

8.1CVSS0.003EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.38 views

CVE-2025-71372 Picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran.getlincoef Gadget

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypassing Picklescan's safety checks and enabling...

8.1CVSS0.00379EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.8 views

CVE-2025-71362

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

8.1CVSS6.1AI score0.003EPSS
Exploits0References3
CVE
CVE
added 2026/07/04 1:23 a.m.14 views

CVE-2025-71362

The vulnerability CVE-2025-71362 affects the Python tool picklescan prior to version 0.0.33. It fails to detect unsafe deserialization when numpy.f2py.crackfortran calls eval on arbitrary strings, allowing an attacker to embed malicious code in pickle files that executes upon loading from untrust...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.30 views

CVE-2025-71362 picklescan - Arbitrary Code Execution via Unsafe Deserialization in numpy.f2py.crackfortran

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

8.1CVSS0.003EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.35 views

CVE-2025-71347 picklescan - Undetected Remote Code Execution via numpy.f2py.crackfortran.param_eval

picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.parameval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed undetected code in pickle files that executes during deserialization, enabling arbitrary cod...

8.1CVSS0.00445EPSS
Exploits0References2
CVE
CVE
added 2026/07/04 1:23 a.m.23 views

CVE-2025-71347

The vulnerability concerns picklescan prior to 0.0.33, which fails to detect malicious pickle files that rely on numpy.f2py.crackfortran.param_eval in reduce methods. This allows remote attackers to embed code that executes during deserialization in applications that load untrusted pickle data, e...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2025-210388

Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing.private.utils.runstring within the reduce method to...

7.6CVSS6.1AI score0.00552EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:16 p.m.6 views

CVE-2025-71355

Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing.private.utils.runstring within the reduce method to...

7.6CVSS0.00552EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.22 views

CVE-2025-71355 Picklescan - Arbitrary Code Execution via Unsafe Numpy Function Detection Bypass

Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing.private.utils.runstring within the reduce method to...

7.6CVSS0.00552EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:8 p.m.15 views

CVE-2025-71355

CVE-2025-71355 : Picklescan prior to 0.0.25 fails to detect unsafe global functions in the Numpy library, enabling an attacker to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing._private.utils.runstring withi...

7.6CVSS6.1AI score0.00552EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54008

Name of the Vulnerable Software and Affected Versions Picklescan versions prior to 0.0.25 Description Picklescan fails to detect unsafe global functions within the Numpy library, which allows attackers to bypass static analysis. This issue enables the execution of arbitrary code during...

7.6CVSS6.4AI score0.00552EPSS
Exploits0References6
NVD
NVD
added 2026/06/23 1:16 p.m.13 views

CVE-2025-71365

picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded...

8.1CVSS0.003EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:12 p.m.4 views

CVE-2025-71365

picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded...

8.1CVSS6.3AI score0.003EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 12:12 p.m.33 views

CVE-2025-71365 picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran.myeval Detection Bypass

picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded...

8.1CVSS0.003EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:12 p.m.11 views

CVE-2025-71365

The CVE affects picklescan (before 0.0.33) where the detector fails to catch malicious pickle payloads that invoke numpy.f2py.crackfortran.myeval via the reduce method, allowing arbitrary code execution when loaded. Root cause: detection bypass in pickle loading path. Impact: remote code executio...

8.1CVSS6.3AI score0.003EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:12 p.m.8 views

EUVD-2025-210306

picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded...

8.1CVSS6.3AI score0.003EPSS
Exploits0References2
Rows per page
Query Builder