Lucene search
K

13 matches found

CVE
CVE
added 3 days ago13 views

CVE-2025-71356

CVE-2025-71356 affects picklescan prior to 0.0.28, which fails to detect malicious torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression calls embedded in pickle files. This enables arbitrary code execution when such pickle files are loaded by victims, as attackers can embed p...

8.1CVSS6.2AI score0.003EPSS
Exploits0References2
Cvelist
Cvelist
added last week20 views

CVE-2025-71371 picklescan - Remote Code Execution via code.InteractiveInterpreter Detection Bypass

picklescan before 0.0.29 fails to detect malicious pickle files using code.InteractiveInterpreter.runcode in reduce methods. Attackers can craft pickle payloads that bypass picklescan detection and execute arbitrary code when loaded via pickle.load...

8.1CVSS0.00499EPSS
Exploits0References2
Cvelist
Cvelist
added last week21 views

CVE-2025-71363 picklescan - Arbitrary Code Execution via Undetected cProfile.run in Pickle Deserialization

picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with cProfile.run payloads that bypass picklescan detection and achieve code execution upon deserializatio...

8.1CVSS0.00585EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 1:16 p.m.10 views

CVE-2025-71365

picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded...

8.1CVSS0.003EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 12:13 p.m.36 views

CVE-2026-56315 picklescan - Remote Code Execution via Unblocked Standard Library Modules

picklescan before 1.0.4 fails to block at least seven Python standard library modules including uuid, osxsupport, aixsupport, pyrepl.pager, and imaplib exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files importing these unblocked...

9.8CVSS0.00757EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.30 views

CVE-2025-71348 picklescan - Arbitrary Code Execution via torch.utils._config_module.load_config Bypass

picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils.configmodule.loadconfig function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but executes during pickle.load, enabling remote code execution in supply...

8.1CVSS0.00397EPSS
Exploits1References2
NVD
NVD
added 2026/06/17 5:17 p.m.10 views

CVE-2026-53873

picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level profile.run function, allowing attackers to achieve arbitrary code execution via exec. Attackers can craft malicious pickle files calling profile.runstatement to execute arbitrary...

9.8CVSS0.0046EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/12/30 3:24 p.m.124 views

Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.attrgetter

Summary Picklescan uses operator.attrgetter, which is a built-in python library function to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the operator.attrgetter function in the reduce method. - Then,...

7.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/29 8:3 p.m.10 views

Picklescan is vulnerable to RCE through missing detection when calling built-in python operator.methodcaller

Summary Picklescan uses operator.methodcaller, which is a built-in python library function to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the operator.methodcaller function in method reduce. - Then,...

7.9AI score
Exploits0References4Affected Software1
OSV
OSV
added 2025/09/17 12:15 p.m.9 views

CVE-2025-10157

A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via...

7.8CVSS6.9AI score
Exploits0References3
NVD
NVD
added 2025/09/17 10:15 a.m.10 views

CVE-2025-10155

An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...

9.3CVSS0.00816EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/10 7:51 p.m.4 views

Protection Mechanism Failure

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Protection Mechanism Failure via the scanbytes function. An attacker can bypass detection of malicious content by disguising a standard pickle...

9.3CVSS6.6AI score0.00816EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/08/26 6:35 p.m.9 views

Picklescan has a missing detection when calling built-in python profile.Profile.runctx

Summary Using profile.Profile.runctx, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to profile.Profile.runctx function in reduce method Then when the victim...

7.9AI score
Exploits0References3Affected Software1
Rows per page
Query Builder