12 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-54499
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders...
PT-2026-55704
Name of the Vulnerable Software and Affected Versions Trail of Bits fickling versions 0.1.10 and earlier Description An improper input validation issue exists in the denylist logic used to analyze pickle opcode imports. The UNSAFE IMPORTS denylist in fickle.py fails to include critical Python...
modelscan-bypass-poc
⚠️ ModelScan Bypass PoC — Security Research WARNING: This...
modelscan-bypass-poc
⚠️ ModelScan Bypass PoC — Security Research WARNING: This...
Insecure Deserialization
picklescan is vulnerable to insecure deserialization. The vulnerability is due to executing remote pickle files using profile.Profile.run, which allows an attacker to run arbitrary code on the system...
Insecure Deserialization
picklescan is vulnerable to insecure deserialization. The vulnerability is due to the use of torch.utils.bottleneck.main.runautogradprof function to execute remote pickle files, which allows an attacker to run arbitrary code on the system...
Insecure Deserialization
picklescan is vulnerable to Insecure Deserialization. The vulnerability is due to the use of torch.utils.collectenv.run function to execute remote pickle files, which allows an attacker to execute arbitrary code...
Insecure Deserialization
picklescan is vulnerable to insecure deserialization. The vulnerability is due to the use of torch.utils.bottleneck.main.runcprofile function to execute remote pickle files, which allows an attacker to run arbitrary code...
Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand
Summary Using idlelib.pyshell.ModifiedInterpreter.runcommand function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...
Picklescan is missing detection when calling built-in python ensurepip._run_pip
Summary Using ensurepip.runpip function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to ensurepip.runpip function in reduce method Then when the victim after...
Malicious code in fake-usreagant (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ef713dc551a4b2eb9b0c94b270f4c214aa90e688076e15bb263b3bb5f3b8484b Package imitates the legitimate fake-useragent, however it has a few suspicious additions: fake.py L149 calls a function from 'urllib2' module, which contains ...
MAL-2024-12270 Malicious code in fake-usreagant (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ef713dc551a4b2eb9b0c94b270f4c214aa90e688076e15bb263b3bb5f3b8484b Package imitates the legitimate fake-useragent, however it has a few suspicious additions: fake.py L149 calls a function from 'urllib2' module, which contains ...