Lucene search
K

6 matches found

CVE
CVE
added yesterday3 views

CVE-2025-71355

CVE-2025-71355 : Picklescan prior to 0.0.25 fails to detect unsafe global functions in the Numpy library, enabling an attacker to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing._private.utils.runstring withi...

7.6CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 2026/05/27 6:46 a.m.12 views

EUVD-2026-32105

The affiliate-toolkit plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 3.8.5. This is due to the plugin using the BladeOne templating engine's runString method which compiles user-supplied template content into PHP code and executes it via eval...

7.2CVSS6.7AI score0.00581EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 6:46 a.m.7 views

CVE-2026-6169

The affiliate-toolkit plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 3.8.5. This is due to the plugin using the BladeOne templating engine's runString method which compiles user-supplied template content into PHP code and executes it via eval...

7.2CVSS6.7AI score0.00581EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/27 6:46 a.m.31 views

CVE-2026-6169 affiliate-toolkit <= 3.8.5 - Authenticated (Editor+) Remote Code Execution

The affiliate-toolkit plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 3.8.5. This is due to the plugin using the BladeOne templating engine's runString method which compiles user-supplied template content into PHP code and executes it via eval...

7.2CVSS0.00581EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-43569

The affiliate-toolkit plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 3.8.5. This is due to the plugin using the BladeOne templating engine's runString method which compiles user-supplied template content into PHP code and executes it via eval...

7.2CVSS6.7AI score0.00581EPSS
Exploits0References6
Snyk
Snyk
added 2025/04/07 6:54 p.m.5 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data in scanner.py, which does not include numpy.testing.private.utils or other modules that can be leveraged for...

8.8CVSS7.4AI score
Exploits0References2
Rows per page
Query Builder