61 matches found
PT-2026-6414
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...
CVE-2025-70560
Boltz 2.0.0 is affected by an insecure deserialization vulnerability in the molecule loading code path. The software uses Python pickle to deserialize molecule data files without validation, allowing an attacker who can place a crafted pickle in a directory processed by Boltz to achieve arbitrary...
CVE-2025-70560
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...
CVE-2025-70560
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...
CVE-2026-22606 Fickling has a bypass via runpy.run_path() and runpy.run_module()
Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.runpath or runpy.runmodule is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user...
CVE-2026-22606
CVE-2026-22606 affects Fickling (Python pickling decompiler/static analyzer) up to version 0.1.6. The root cause is that the runpy module (including run_path and run_module) was not treated as unsafe, causing some malicious pickles to be classified as SUSPICIOUS rather than OVERTLY_MALICIOUS. Thi...
Deserialization of Untrusted Data
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the getlincoef function. An attacker can execute arbitrary code by crafting a malicious pickle file that...
GHSA-CFFC-MXRF-MHH4 Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval
Summary Picklescan uses numpy.f2py.crackfortran.parameval, which is a function in numpy to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the numpy.f2py.crackfortran.parameval function via reduce method....
Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code
Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively bypassing the tool's protections. Picklescan, developed and maintained by Matthieu Maitre...
EUVD-2013-0012
Malware in sbrugna...
CVE-2025-58757 MONAI's unsafe use of Pickle deserialization may lead to RCE
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the pickleoperations function in monai/data/utils.py automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using pickle.loads . This...
GHSA-49GJ-C84Q-6QM9 Picklescan is missing detection when calling built-in python cProfile.run
Summary Using cProfile.run function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.run function in reduce method Then when the victim after checkin...
Remote Code Execution (RCE)
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution RCE due to using torch.utils.data.datapipes.utils.decoder.basichandlers function. An attacker can execute arbitrary code ...
Remote Code Execution (RCE)
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution RCE due to using the torch.dynamo.guards.GuardBuilder.get function. An attacker can execute arbitrary code by crafting a...
Exploit for Insufficiently Protected Credentials in Rpc.Py_Project Rpc.Py
rpc.py RCE Exploit CVE-2022-35411 This is an updated and im...
Arbitrary Code Execution
InspireMusic is vulnerable to Arbitrary Code Execution. The vulnerability is due to insecure deserialization due to unsafe use of Python's pickle module in the loadstatedict function, which can allow attackers to execute arbitrary code when loading untrusted data...
PT-2025-15902 · Pypi · Picklescan
Summary An unsafe deserialization vulnerability in Python’s pickle module allows an attacker to bypass static analysis tools like Picklescan and execute arbitrary code during deserialization. This can be exploited by import some built-in function in Numpy library that indrectly call some dangerou...
Remote Code Execution (RCE)
Kedro is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization due to the ShelveStore class using Python's shelve module, which relies on pickle for serialization, allowing attackers to craft malicious payloads that execute arbitrary Python code upon...
Remote Code Execution (RCE)
DGL is vulnerable to Remote Code Execution RCE.The vulnerability is due to unsafe deserialization due to the use of Python's pickle module for serializing and deserializing network messages, which can allow attackers to execute arbitrary code remotely...
PT-2026-7636
Name of the Vulnerable Software and Affected Versions DiskCache python-diskcache versions through 5.6.3 Description DiskCache python-diskcache utilizes Python pickle for serialization by default. An attacker who has write access to the cache directory can execute arbitrary code when a victim...