Lucene search
K

4 matches found

NVD
NVD
added 2026/03/20 8:16 p.m.4 views

CVE-2026-33139

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a security validation bypass in the plugin system. The validateplugincode function in pluginsystem.py, performs static AST analysis...

8.3CVSS0.00169EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.4 views

CVE-2026-22607

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...

9.3CVSS7.1AI score0.0044EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/10 1:35 a.m.4 views

CVE-2026-22608 Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools like picklescan do not block pydoc.locate. Chaining these two together can achieve RCE while the scanner still...

9.3CVSS6.5AI score0.00346EPSS
Exploits0References3
OSV
OSV
added 2026/01/10 1:35 a.m.5 views

CVE-2026-22606 Fickling has a bypass via runpy.run_path() and runpy.run_module()

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.runpath or runpy.runmodule is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user...

9.3CVSS7AI score0.00425EPSS
Exploits1References5
Rows per page
Query Builder