Lucene search
K

5 matches found

NVD
NVD
added 2026/06/17 5:17 p.m.13 views

CVE-2026-53875

picklescan before 1.0.3 contains a scanning bypass vulnerability in the scanpytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the reduce trick. Attackers can craft malicious PyTorch payloads that evade picklescan detection while remaining executable,...

7.1CVSS0.00434EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/17 3:5 p.m.11 views

EUVD-2026-37741

picklescan before 1.0.3 contains a scanning bypass vulnerability in the scanpytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the reduce trick. Attackers can craft malicious PyTorch payloads that evade picklescan detection while remaining executable,...

7.1CVSS6AI score0.00434EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/17 3:5 p.m.20 views

CVE-2026-53875 picklescan - Scanning Bypass via Dynamic Eval in scan_pytorch

picklescan before 1.0.3 contains a scanning bypass vulnerability in the scanpytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the reduce trick. Attackers can craft malicious PyTorch payloads that evade picklescan detection while remaining executable,...

7.1CVSS0.00434EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/18 5:45 p.m.13 views

Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER

Summary This is a scanning bypass to scanpytorch function in picklescan. As we can see in the implementation of getmagicnumber that uses pickletools.genopsdata to get the magicnumber with the condition opcode.name includes INT or LONG, but the PyTorch's implemtation simply uses picklemodule.load ...

7.1CVSS5.6AI score0.00434EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/02/18 5:45 p.m.3 views

GHSA-97F8-7CMV-76J2 Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER

Summary This is a scanning bypass to scanpytorch function in picklescan. As we can see in the implementation of getmagicnumber that uses pickletools.genopsdata to get the magicnumber with the condition opcode.name includes INT or LONG, but the PyTorch's implemtation simply uses picklemodule.load ...

7.1CVSS5.6AI score0.00434EPSS
Exploits0References7
Rows per page
Query Builder