Lucene search
+L

60 matches found

snyk
snyk
added 2026/07/04 3:14 p.m.7 views

Incomplete List of Disallowed Inputs

Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the checksafety function. An attacker can execute arbitrary code by crafting pickle payloads that import unlisted standard...

8.8CVSS6.4AI score0.00342EPSS
Exploits1References2
nvd
nvd
added 2026/07/04 2:16 a.m.10 views

CVE-2025-71353

picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch.dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded...

8.1CVSS0.003EPSS
Exploits0References2
nvd
nvd
added 2026/07/04 2:16 a.m.10 views

CVE-2025-71347

picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.parameval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed undetected code in pickle files that executes during deserialization, enabling arbitrary cod...

8.1CVSS0.00445EPSS
Exploits0References2
osv
osv
added 2026/07/04 1:23 a.m.3 views

CVE-2025-71353 picklescan - Remote Code Execution via torch._dynamo.guards.GuardBuilder.get

picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch.dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded...

7.6CVSS6.1AI score0.003EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/04 1:23 a.m.32 views

CVE-2025-71345 picklescan - Arbitrary Code Execution via torch.utils.bottleneck.__main__.run_autograd_prof

picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.main.runautogradprof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution...

8.1CVSS0.00427EPSS
Exploits0References2
euvd
euvd
added 2026/07/04 1:23 a.m.10 views

EUVD-2025-210411

picklescan before 0.0.30 fails to detect malicious pickle files that exploit lib2to3.pgen2.pgen.ParserGenerator.makelabel function in the reduce method. Attackers can craft malicious pickle files with embedded code that evades detection but executes arbitrary commands when pickle.load is called...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
euvd
euvd
added 2026/07/04 1:23 a.m.11 views

EUVD-2025-210410

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks...

8.1CVSS6.6AI score0.00427EPSS
Exploits0References2
cve
cve
added 2026/06/30 10:8 p.m.12 views

CVE-2025-71371

CVE-2025-71371 affects picklescan

8.1CVSS6.1AI score0.00499EPSS
Exploits0References2
osv
osv
added 2026/06/30 10:8 p.m.3 views

CVE-2025-71350 picklescan - Undetected Remote Code Execution via torch.utils.collect_env.run

picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collectenv.run function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

7.6CVSS6.1AI score0.00395EPSS
Exploits0References4
nvd
nvd
added 2026/06/25 10:16 p.m.14 views

CVE-2025-71340

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load, enabling supply chain attacks o...

8.1CVSS0.003EPSS
Exploits0References2
osv
osv
added 2026/06/25 9:41 p.m.4 views

CVE-2025-71340 picklescan - Remote Code Execution via idlelib.pyshell.ModifiedInterpreter.runcode

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load, enabling supply chain attacks o...

7.6CVSS6.1AI score0.003EPSS
Exploits0References4
cve
cve
added 2026/06/24 11:53 a.m.11 views

CVE-2025-71354

Summary: CVE-2025-71354 affects the Python package picklescan (prior to 0.0.29) via the idlelib.debugobj.ObjectTreeItem.SetText reduce path, allowing crafted pickle payloads to bypass detection and cause arbitrary code execution when pickle.load() is used. Affected software: picklescan (versions ...

8.1CVSS6.1AI score0.00253EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/24 11:53 a.m.6 views

CVE-2025-71354

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. Attackers can craft pickle files with embedded code that bypasses picklescan detection and executes arbitrary commands when pickle.load is called...

8.1CVSS6.1AI score0.00253EPSS
Exploits0References3
nvd
nvd
added 2026/06/23 1:16 p.m.11 views

CVE-2025-71376

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...

8.1CVSS0.003EPSS
Exploits0References2
nvd
nvd
added 2026/06/22 10:16 p.m.10 views

CVE-2025-71358

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load...

8.1CVSS0.00248EPSS
Exploits0References2
cve
cve
added 2026/06/21 1:26 p.m.22 views

CVE-2025-71357

CVE-2025-71357 affects the Python package picklescan older than 0.0.30. The vulnerability arises from using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods, allowing attackers to embed code in pickle files that can execute remote commands when loaded by a victim. The connected so...

8.1CVSS6AI score0.00276EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2026/06/17 3:5 p.m.19 views

CVE-2026-53873 picklescan - Arbitrary Code Execution via profile.run() Blocklist Bypass

picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level profile.run function, allowing attackers to achieve arbitrary code execution via exec. Attackers can craft malicious pickle files calling profile.runstatement to execute arbitrary...

9.8CVSS0.0046EPSS
Exploits0References2
osv
osv
added 2026/06/17 3:5 p.m.2 views

CVE-2026-53873 picklescan - Arbitrary Code Execution via profile.run() Blocklist Bypass

picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level profile.run function, allowing attackers to achieve arbitrary code execution via exec. Attackers can craft malicious pickle files calling profile.runstatement to execute arbitrary...

9.3CVSS6.7AI score0.0046EPSS
Exploits0References4
snyk
snyk
added 2026/03/03 8:5 p.m.6 views

Incomplete List of Disallowed Inputs

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the unsafeglobals function. An attacker can execute arbitrary commands on the target system by crafting...

10CVSS6AI score
Exploits0References2
ptsecurity
ptsecurity
added 2026/03/03 12:0 a.m.17 views

PT-2026-50467

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 1.0.4 Description An incomplete blocklist for the profile module fails to block the module-level profile.run function. This allows attackers to achieve arbitrary code execution via exec by crafting malicious pickle...

9.8CVSS6.4AI score0.0046EPSS
Exploits0References10
Rows per page
Query Builder