Lucene search
+L

12 matches found

nessus
nessus
added 2026/07/09 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-54499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders...

7.5CVSS6.4AI score0.00317EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/07/04 12:0 a.m.19 views

PT-2026-55704

Name of the Vulnerable Software and Affected Versions Trail of Bits fickling versions 0.1.10 and earlier Description An improper input validation issue exists in the denylist logic used to analyze pickle opcode imports. The UNSAFE IMPORTS denylist in fickle.py fails to include critical Python...

8.8CVSS6.2AI score0.00342EPSS
Exploits1References12
githubexploit
githubexploit
added 2026/02/15 12:22 p.m.168 views

modelscan-bypass-poc

⚠️ ModelScan Bypass PoC — Security Research WARNING: This...

6.3AI score
Exploits0
githubexploit
githubexploit
added 2026/02/15 12:16 p.m.170 views

modelscan-bypass-poc

⚠️ ModelScan Bypass PoC — Security Research WARNING: This...

6.3AI score
Exploits0
veracode
veracode
added 2025/09/24 6:0 a.m.7 views

Insecure Deserialization

picklescan is vulnerable to insecure deserialization. The vulnerability is due to executing remote pickle files using profile.Profile.run, which allows an attacker to run arbitrary code on the system...

7.7AI score
Exploits0
veracode
veracode
added 2025/09/23 9:1 a.m.7 views

Insecure Deserialization

picklescan is vulnerable to insecure deserialization. The vulnerability is due to the use of torch.utils.bottleneck.main.runautogradprof function to execute remote pickle files, which allows an attacker to run arbitrary code on the system...

8AI score
Exploits0
veracode
veracode
added 2025/09/16 6:10 a.m.5 views

Insecure Deserialization

picklescan is vulnerable to Insecure Deserialization. The vulnerability is due to the use of torch.utils.collectenv.run function to execute remote pickle files, which allows an attacker to execute arbitrary code...

7.7AI score
Exploits0
veracode
veracode
added 2025/09/15 7:20 a.m.6 views

Insecure Deserialization

picklescan is vulnerable to insecure deserialization. The vulnerability is due to the use of torch.utils.bottleneck.main.runcprofile function to execute remote pickle files, which allows an attacker to run arbitrary code...

7.5AI score
Exploits0
github
github
added 2025/08/26 9:36 p.m.6 views

Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand

Summary Using idlelib.pyshell.ModifiedInterpreter.runcommand function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

7.9AI score
Exploits0References3Affected Software1
github
github
added 2025/08/26 9:34 p.m.11 views

Picklescan is missing detection when calling built-in python ensurepip._run_pip

Summary Using ensurepip.runpip function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to ensurepip.runpip function in reduce method Then when the victim after...

8.1CVSS7.9AI score0.00367EPSS
Exploits0References3Affected Software1
ossf
ossf
added 2024/10/08 10:29 a.m.8 views

Malicious code in fake-usreagant (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ef713dc551a4b2eb9b0c94b270f4c214aa90e688076e15bb263b3bb5f3b8484b Package imitates the legitimate fake-useragent, however it has a few suspicious additions: fake.py L149 calls a function from 'urllib2' module, which contains ...

7.1AI score
Exploits0References1
osv
osv
added 2024/10/08 10:29 a.m.13 views

MAL-2024-12270 Malicious code in fake-usreagant (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ef713dc551a4b2eb9b0c94b270f4c214aa90e688076e15bb263b3bb5f3b8484b Package imitates the legitimate fake-useragent, however it has a few suspicious additions: fake.py L149 calls a function from 'urllib2' module, which contains ...

7AI score
Exploits0References1
Rows per page
Query Builder