Lucene search
K

5 matches found

NVD
NVD
added 2026/06/30 11:16 p.m.4 views

CVE-2025-71363

picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with cProfile.run payloads that bypass picklescan detection and achieve code execution upon deserializatio...

8.1CVSS0.00585EPSS
Exploits0References2
OSV
OSV
added 2025/08/26 9:40 p.m.3 views

GHSA-Q77W-MWJJ-7MQX Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start

Summary Using asyncio.unixevents.UnixSubprocessTransport.start function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

8.1CVSS7.9AI score0.00555EPSS
Exploits0References3
OSV
OSV
added 2025/08/26 9:35 p.m.1 views

GHSA-M869-42CG-3XWR Picklescan is missing detection when calling built-in python idlelib.run.Executive.runcode

Summary Using idlelib.run.Executive.runcode function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.run.Executive.runcode function in reduce method...

8.1CVSS7.9AI score0.00427EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/08/26 6:38 p.m.7 views

Picklescan has a missing detection when calling built-in python idlelib.calltip.Calltip

Summary Using idlelib.calltip.Calltip.fetchtip, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.calltip.Calltip.fetchtip function in reduce method The...

8.1CVSS7.9AI score0.00339EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/22 4:58 p.m.7 views

Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper

Summary Using torch.jit.unsupportedtensorops.execWrapper function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.jit.unsupportedtensorops.execWrapper function...

7.9AI score
Exploits0References5Affected Software1
Rows per page
Query Builder