Lucene search
K

17 matches found

EUVD
EUVD
added 2026/07/04 1:23 a.m.8 views

EUVD-2025-210419

picklescan before 0.0.30 fails to detect the asyncio.unixevents.UnixSubprocessTransport.start function in pickle reduce methods, allowing remote code execution. Attackers can craft malicious pickle files embedding this built-in function that evade detection but execute arbitrary commands when...

8.1CVSS6.5AI score0.00555EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.6 views

CVE-2025-71364

picklescan before 0.0.30 fails to detect the asyncio.unixevents.UnixSubprocessTransport.start function in pickle reduce methods, allowing remote code execution. Attackers can craft malicious pickle files embedding this built-in function that evade detection but execute arbitrary commands when...

8.1CVSS6.5AI score0.00555EPSS
Exploits0References3
OSV
OSV
added 2026/07/04 1:23 a.m.3 views

CVE-2025-71364 picklescan - Arbitrary Code Execution via Undetected asyncio.unix_events._UnixSubprocessTransport._start

picklescan before 0.0.30 fails to detect the asyncio.unixevents.UnixSubprocessTransport.start function in pickle reduce methods, allowing remote code execution. Attackers can craft malicious pickle files embedding this built-in function that evade detection but execute arbitrary commands when...

7.6CVSS6.5AI score0.00555EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2025-210387

picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and...

8.1CVSS6.1AI score0.00637EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2025-210389

picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with cProfile.run payloads that bypass picklescan detection and achieve code execution upon deserializatio...

8.1CVSS6.5AI score0.00585EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:16 p.m.6 views

CVE-2025-71363

picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with cProfile.run payloads that bypass picklescan detection and achieve code execution upon deserializatio...

8.1CVSS0.00585EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.25 views

CVE-2025-71374 picklescan - Arbitrary Code Execution via Undetected profile.Profile.run

picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when used in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files that bypass picklescan detection and achieve code execution upon...

8.1CVSS0.00638EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.25 views

CVE-2025-71352 picklescan - Remote Code Execution via Undetected trace.Trace.runctx in Pickle Files

picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and...

8.1CVSS0.00637EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.18 views

PT-2026-54007

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.29 Description The software fails to detect the built-in Python trace.Trace.runctx function when it is used within pickle file reduce methods. This allows remote attackers to craft malicious pickle files...

8.1CVSS6.2AI score0.00637EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.19 views

CVE-2025-71339 Picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran._eval_length Gadget

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.evallength gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded by victims who trust Picklescan's safety validation...

8.1CVSS0.00301EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:4 p.m.10 views

CVE-2025-71344

CVE-2025-71344 affects picklescan prior to 0.0.30 (vulnerable: 0.0.26 and earlier). Malicious pickle files that embed ensurepip._run_pip calls in reduce can bypass detection and enable remote code execution when pickle.load() is used. No exploitation details are provided beyond this description.

8.1CVSS6.8AI score0.00367EPSS
Exploits0References2
NVD
NVD
added 2026/06/21 2:16 p.m.12 views

CVE-2025-71378

picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load...

8.1CVSS0.00338EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.7 views

CVE-2025-71378

picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load...

8.1CVSS6.4AI score0.00338EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/21 1:26 p.m.5 views

EUVD-2025-210294

picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load...

8.1CVSS6.4AI score0.00338EPSS
Exploits1References2
CVE
CVE
added 2026/06/21 1:26 p.m.15 views

CVE-2025-71378

The CVE-2025-71378 entry concerns picklescan before 0.0.30 failing to detect cProfile.runctx calls in pickle file reduce methods. This allows a attacker-supplied, malicious pickle file to execute arbitrary code when loaded via pickle.load(), i.e., a remote code execution scenario. The issue is de...

8.1CVSS6.4AI score0.00338EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.14 views

PT-2026-55679

Name of the Vulnerable Software and Affected Versions Picklescan versions prior to 0.0.33 Description Picklescan fails to detect the numpy.f2py.crackfortran.getlincoef gadget within pickle reduce methods. This allows attackers to craft malicious pickle files that execute arbitrary Python code upo...

9.2CVSS6.2AI score0.00379EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.22 views

PT-2026-51383

Name of the Vulnerable Software and Affected Versions Picklescan versions prior to 0.0.33 Description Picklescan fails to detect the numpy.f2py.crackfortran. eval length gadget within pickle reduce methods. This allows attackers to craft malicious pickle files that execute arbitrary Python code...

8.1CVSS6.2AI score0.00301EPSS
Exploits0References14
Rows per page
Query Builder