4 matches found
CVE-2025-71325
picklescan before 0.0.27 contains a parsing logic error in the listglobals function when handling STACKGLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigg...
CVE-2025-71325 picklescan - Detection Bypass via STACK_GLOBAL Opcode Parsing Logic Flaw
picklescan before 0.0.27 contains a parsing logic error in the listglobals function when handling STACKGLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigg...
Hugging Face smolagents: Unsafe deserialization in Remote Python Executor leads to RCE
Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face smolagents. Authentication is not required to exploit this...
EUVD-2025-29466
Malicious code in bioql PyPI...