Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/07/04 1:23 a.m.38 views

CVE-2025-71372 Picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran.getlincoef Gadget

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypassing Picklescan's safety checks and enabling...

8.1CVSS0.00379EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:4 p.m.10 views

CVE-2025-71339

Affected software/component: Picklescan (versions prior to 0.0.33). Vulnerability/gadget: The numpy.f2py.crackfortran._eval_length gadget in pickle reduce methods can bypass safety validation, enabling arbitrary code execution when loading crafted pickle files. Impact (as stated): Arbitrary Pytho...

8.1CVSS6.2AI score0.00301EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.20 views

CVE-2025-71339 Picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran._eval_length Gadget

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.evallength gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded by victims who trust Picklescan's safety validation...

8.1CVSS0.00301EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/01 6:37 a.m.4 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the scanner.py deserialization scanning logic. An attacker can achieve remote code execution by crafting ...

8.6CVSS6.7AI score
Exploits0References3
Rows per page
Query Builder