Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/30 10:8 p.m.21 views

CVE-2025-71355 Picklescan - Arbitrary Code Execution via Unsafe Numpy Function Detection Bypass

Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing.private.utils.runstring within the reduce method to...

7.6CVSS0.00552EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:8 p.m.11 views

CVE-2025-71355

CVE-2025-71355 : Picklescan prior to 0.0.25 fails to detect unsafe global functions in the Numpy library, enabling an attacker to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing._private.utils.runstring withi...

7.6CVSS6.1AI score0.00552EPSS
Exploits0References2
0day.today
0day.today
added 2025/03/13 12:0 a.m.243 views

asteval 1.06 Arbitrary Code Execution / Sandbox Escape Vulnerabilities

An attacker who can pass input to the asteval library, when this is used with numpy functions in the symbol table the default setting, can bypass restrictions and execute arbitrary code as the user who ran the python process. Versions 1.06 and below are affected. CVE pending Sandboxing Python is...

8.1AI score
Exploits0
Packet Storm
Packet Storm
added 2025/03/12 12:0 a.m.300 views

asteval 1.06 Arbitrary Code Execution / Sandbox Escape

An attacker who can pass input to the asteval library, when this is used with numpy functions in the symbol table the default setting, can bypass restrictions and execute arbitrary code as the user who ran the python process. Versions 1.06 and below are affected. CVE pending Sandboxing Python is...

8.1AI score
Exploits0
Rows per page
Query Builder