Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51510

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 1.0.4 Description The software fails to block at least seven Python standard library modules, including uuid, osx support, aix support, pyrepl.pager, and imaplib. This oversight exposes eight functions that allow...

9.8CVSS6.2AI score0.00757EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/02/20 6:24 p.m.11 views

Fickling has a detection bypass via stdlib network-protocol constructors

Our assessment imtplib, imaplib, ftplib, poplib, telnetlib, and nntplib were added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/6d20564d23acf14b42ec883908aed159be7b9ade. The UnusedVariables heuristic works as expected. Original report Summary Fickling's checksafety...

5.8AI score
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.23 views

PT-2026-51383

Name of the Vulnerable Software and Affected Versions Picklescan versions prior to 0.0.33 Description Picklescan fails to detect the numpy.f2py.crackfortran. eval length gadget within pickle reduce methods. This allows attackers to craft malicious pickle files that execute arbitrary Python code...

8.1CVSS6.2AI score0.00301EPSS
Exploits0References14
RedHat Linux
RedHat Linux
added 2019/11/05 10:28 p.m.9 views

numpy: crafted serialized object passed in numpy.load() in pickle python module allows arbitrary code execution

An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have...

9.8CVSS7.8AI score0.17078EPSS
Exploits2References4
Rows per page
Query Builder