Lucene search
K

9 matches found

NVD
NVD
added 2026/06/22 10:16 p.m.8 views

CVE-2025-71344

picklescan before 0.0.30 affected versions 0.0.26 and earlier fails to detect the ensurepip.runpip built-in function when scanning pickle files, allowing attackers to execute arbitrary code. Malicious pickle files embedding ensurepip.runpip calls in reduce methods bypass picklescan detection and...

8.1CVSS0.00367EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 5:17 p.m.13 views

CVE-2026-53872

picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to externa...

8.7CVSS0.00509EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 3:5 p.m.10 views

EUVD-2026-37741

picklescan before 1.0.3 contains a scanning bypass vulnerability in the scanpytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the reduce trick. Attackers can craft malicious PyTorch payloads that evade picklescan detection while remaining executable,...

7.1CVSS6AI score0.00434EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/17 3:5 p.m.13 views

EUVD-2025-210270

picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and accessing raw memory. Attackers can craft malicious pickle files using ctypes.WinDLL to load kernel32.dll and execute arbitrary commands, bypassing sandbo...

9.8CVSS6.5AI score0.00757EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/29 10:44 p.m.2 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via using the numpy.f2py.crackfortran.parameval function. An attacker can execute arbitrary code by crafting ...

8.4CVSS7.7AI score
Exploits0References3
OSV
OSV
added 2025/09/17 10:15 a.m.4 views

CVE-2025-10155

An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...

7.8CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2025/09/10 5:15 p.m.2 views

Protection Mechanism Failure

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Protection Mechanism Failure via the unsafeglobals check. An attacker can bypass detection of malicious content by crafting malicious pickle...

8.6CVSS6.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.9 views

PT-2026-51384

Name of the Vulnerable Software and Affected Versions picklescan versions 0.0.26 and earlier Description The software fails to detect the ensurepip. run pip built-in function when scanning pickle files. Attackers can craft malicious pickle files by embedding calls to ensurepip. run pip within...

8.1CVSS6AI score0.00367EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/03/03 7:59 p.m.25 views

PyTorch Model Files Can Bypass Pickle Scanners via Unexpected Pickle Extensions

CVE-2025-1889 Summary Picklescan fails to detect hidden pickle files embedded in PyTorch model archives due to its reliance on file extensions for detection. This allows an attacker to embed a secondary, malicious pickle file with a non-standard extension inside a model archive, which remains...

9.8CVSS7.8AI score0.00365EPSS
Exploits2References5Affected Software1
Rows per page
Query Builder