Lucene search
K

6 matches found

CVE
CVE
added 6 hours ago4 views

CVE-2025-71372

Summary: CVE-2025-71372 affects Picklescan prior to 0.0.33. The vulnerability arises from failure to detect the numpy.f2py.crackfortran.getlincoef gadget within pickle reduce methods, enabling an attacker to craft malicious pickle files that execute arbitrary Python code when loaded and could poi...

8.1CVSS6.3AI score
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 p.m.9 views

CVE-2025-71339

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.evallength gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded by victims who trust Picklescan's safety validation...

8.1CVSS0.00301EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:4 p.m.4 views

CVE-2025-71339

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.evallength gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded by victims who trust Picklescan's safety validation...

8.1CVSS6.2AI score0.00301EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 9:4 p.m.7 views

EUVD-2025-210301

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.evallength gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded by victims who trust Picklescan's safety validation...

8.1CVSS6.2AI score0.00301EPSS
Exploits0References2
OSV
OSV
added 2026/01/09 9:5 p.m.2 views

GHSA-5HVC-6WX8-MVV4 Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection

Fickling's assessment pydoc and ctypes were added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/b793563e60a5e039c5837b09d7f4f6b92e6040d1. Original report Summary Both ctypes and pydoc modules arent explictly blocked. Even other existing pickle scanning tools like...

9.3CVSS5.9AI score0.00346EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/12/30 3:18 p.m.7 views

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef

Summary Picklescan uses the numpy.f2py.crackfortran.getlincoef function a NumPy F2PY helper to execute arbitrary Python code during unpickling. Details Picklescan fails to detect a malicious pickle that uses the gadget numpy.f2py.crackfortran.getlincoef in reduce, allowing arbitrary command...

8AI score
Exploits0References5Affected Software1
Rows per page
Query Builder