Lucene search
K

5 matches found

CVE
CVE
added 2026/07/04 1:23 a.m.15 views

CVE-2025-71366

CVE-2025-71366 affects picklescan versions before 0.0.28. The flaw is a failure to detect malicious torch.utils.bottleneck.main .run_cprofile calls inside pickle files, allowing remote attackers to embed undetected code that executes when a victim loads the pickle. The available documents do not ...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/04 1:23 a.m.10 views

EUVD-2025-210420

picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.main.runcprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References2
OSV
OSV
added 2026/07/04 1:23 a.m.3 views

CVE-2025-71366 picklescan - Arbitrary Code Execution via torch.utils.bottleneck.__main__.run_cprofile

picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.main.runcprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files...

7.6CVSS6.6AI score0.00445EPSS
Exploits0References4
Veracode
Veracode
added 2025/09/15 7:20 a.m.5 views

Insecure Deserialization

picklescan is vulnerable to insecure deserialization. The vulnerability is due to the use of torch.utils.bottleneck.main.runcprofile function to execute remote pickle files, which allows an attacker to run arbitrary code...

7.5AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/08/22 4:56 p.m.7 views

Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile

Summary Using torch.utils.bottleneck.main.runcprofile function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.utils.bottleneck.main.runcprofile function in...

7.9AI score
Exploits0References5Affected Software1
Rows per page
Query Builder