Lucene search
K

32 matches found

NVD
NVD
added 2026/07/04 2:16 a.m.12 views

CVE-2025-71360

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS0.003EPSS
Exploits0References2
NVD
NVD
added 2026/07/04 2:16 a.m.11 views

CVE-2025-71342

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks...

8.1CVSS0.00427EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.6 views

CVE-2025-71364

picklescan before 0.0.30 fails to detect the asyncio.unixevents.UnixSubprocessTransport.start function in pickle reduce methods, allowing remote code execution. Attackers can craft malicious pickle files embedding this built-in function that evade detection but execute arbitrary commands when...

8.1CVSS6.5AI score0.00555EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/04 1:23 a.m.9 views

EUVD-2025-210414

picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch.dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 9:41 p.m.26 views

CVE-2025-71340 picklescan - Remote Code Execution via idlelib.pyshell.ModifiedInterpreter.runcode

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load, enabling supply chain attacks o...

8.1CVSS0.003EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 1:16 p.m.11 views

CVE-2025-71376

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...

8.1CVSS0.003EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:12 p.m.7 views

EUVD-2025-210307

picklescan before 0.0.28 fails to detect malicious torch.jit.unsupportedtensorops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and execute arbitrary code when loaded via pickle.load...

8.1CVSS6.2AI score0.00379EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.5 views

CVE-2025-71357

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS6AI score0.00276EPSS
Exploits1References3
OSV
OSV
added 2026/06/21 1:26 p.m.3 views

CVE-2025-71351 picklescan - Remote Code Execution via timeit.timeit() Detection Bypass

picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit in the reduce method, allowing remote code execution. Attackers can craft pickle files that import dangerous libraries like os and execute arbitrary system commands, which evade picklescan detection and execute...

7.6CVSS6.5AI score0.00418EPSS
Exploits0References4
OSV
OSV
added 2026/06/17 6:35 p.m.6 views

GHSA-4MPJ-78P6-RJ59 Duplicate Advisory: PickleScan's profile.run blocklist mismatch allows exec() bypass

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7wx9-6375-f5wh. This link is maintained to preserve external references. Original Description picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level...

9.8CVSS6.3AI score0.0046EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 5:16 p.m.10 views

CVE-2025-71320

picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller functions, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using these unblocked functions to achieve arbitrary code execution when...

9.8CVSS0.00623EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 5:16 p.m.11 views

CVE-2025-71322

PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan...

8.8CVSS0.00384EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 3:5 p.m.11 views

EUVD-2025-210271

picklescan before 0.0.27 contains a parsing logic error in the listglobals function when handling STACKGLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigg...

9.8CVSS5.2AI score0.00475EPSS
Exploits0References3
OSV
OSV
added 2026/06/17 3:4 p.m.2 views

CVE-2025-71322 PickleScan - Unsafe Globals Check Bypass via pty.spawn Function

PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan...

8.7CVSS6.6AI score0.00384EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/17 3:4 p.m.22 views

CVE-2025-71322 PickleScan - Unsafe Globals Check Bypass via pty.spawn Function

PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan...

8.8CVSS0.00384EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 3:4 p.m.18 views

CVE-2025-71322

CVE-2025-71322 affects PickleScan prior to 0.0.33, where the unsafe-globals check omits pty.spawn. Attackers can craft pickle payloads using pty.spawn to bypass checks and achieve arbitrary code execution during file processing. The connected records confirm the root cause (missing pty.spawn in u...

8.8CVSS6.1AI score0.00384EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 3:4 p.m.21 views

EUVD-2025-210268

picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.fileutil.writefile. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code...

9.8CVSS6AI score0.00624EPSS
Exploits0References2
OSV
OSV
added 2026/03/03 8:3 p.m.5 views

GHSA-7WX9-6375-F5WH PickleScan's profile.run blocklist mismatch allows exec() bypass

Summary picklescan v1.0.3 blocks profile.Profile.run and profile.Profile.runctx but does NOT block the module-level profile.run function. A malicious pickle calling profile.runstatement achieves arbitrary code execution via exec while picklescan reports 0 issues. This is because the blocklist ent...

9.8CVSS6.6AI score0.0046EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/08 5:25 p.m.4 views

EUVD-2026-1561

picklescan has Arbitrary file read using io.FileIO...

6.4AI score
Exploits0References5
OSV
OSV
added 2025/12/29 3:26 p.m.1 views

GHSA-HGRH-QX5J-JFWX Picklescan Bypasses Unsafe Globals Check using pty.spawn

Summary The vulnerability allows malicious actors to bypass PickleScan's unsafe globals check, leading to potential arbitrary code execution. The issue stems from the absence of the pty library more specifically, of the pty.spawn function from PickleScan's list of unsafe globals. This vulnerabili...

8.8CVSS8.2AI score0.00384EPSS
Exploits0References7
Rows per page
Query Builder