Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/07/04 1:23 a.m.38 views

CVE-2025-71373 picklescan - Remote Code Execution via operator.methodcaller Detection Bypass

picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary code when loaded, compromising systems relying on...

8.1CVSS0.00444EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:12 p.m.8 views

CVE-2025-71365

The CVE affects picklescan (before 0.0.33) where the detector fails to catch malicious pickle payloads that invoke numpy.f2py.crackfortran.myeval via the reduce method, allowing arbitrary code execution when loaded. Root cause: detection bypass in pickle loading path. Impact: remote code executio...

8.1CVSS6.3AI score0.003EPSS
Exploits0References2
CVE
CVE
added 2026/06/21 1:26 p.m.11 views

CVE-2025-71351

CVE-2025-71351 affects picklescan prior to version 0.0.25. The vulnerability arises because timeit.timeit() calls used in the reduce method are not detected by the tool, allowing crafted pickle payloads to bypass detection and trigger remote code execution when pickle.load() is performed. Attacke...

7.6CVSS6.4AI score0.00418EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/12/29 10:44 p.m.9 views

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval

Summary Picklescan uses numpy.f2py.crackfortran.parameval, which is a function in numpy to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the numpy.f2py.crackfortran.parameval function via reduce method....

7.9AI score
Exploits0References5Affected Software1
OSV
OSV
added 2025/08/26 6:35 p.m.4 views

GHSA-G344-HCPH-8VGG Picklescan has a missing detection when calling built-in python trace.Trace.runctx

Summary Using trace.Trace.runctx, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to trace.Trace.runctx function in reduce method Then when the victim after...

8.1CVSS7.9AI score0.00637EPSS
Exploits0References3
Rows per page
Query Builder