Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/30 10:8 p.m.24 views

CVE-2025-71368 picklescan - Arbitrary Code Execution via Undetected doctest.debug_script

picklescan before 0.0.30 fails to detect the doctest.debugscript function when analyzing pickle files, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files embedding doctest.debugscript calls that bypass picklescan detection and execute arbitrary command...

8.1CVSS0.00769EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:12 p.m.8 views

EUVD-2025-210305

picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution whe...

8.1CVSS6.5AI score0.00466EPSS
Exploits0References2
Veracode
Veracode
added 2026/01/20 10:46 a.m.6 views

Remote Code Execution (RCE)

fickling is vulnerable to Remote Code Execution RCE. The vulnerability is due to the failure to explicitly block dangerous modules such as ctypes and pydoc, which allows an attacker to chain pydoc.locate with ctypes during pickle analysis to achieve RCE while the malicious pickle file is still...

9.3CVSS5.9AI score0.00346EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2025/12/16 12:39 a.m.8 views

EUVD-2025-203478

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by pty missing from the block list of unsafe module imports. This led to unsafe pickles based on pty.spawn being incorrectly flagged as LIKELYSAFE, and was fixed in version 0.1.6. This impact...

8.5CVSS6.3AI score0.00235EPSS
Exploits1References4
Rows per page
Query Builder