Lucene search
K

24 matches found

EUVD
EUVD
added 5 days ago5 views

EUVD-2025-210387

picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and...

8.1CVSS6.1AI score0.00637EPSS
Exploits0References3
NVD
NVD
added 6 days ago4 views

CVE-2025-71352

picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and...

8.1CVSS0.00637EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago24 views

CVE-2025-71352 picklescan - Remote Code Execution via Undetected trace.Trace.runctx in Pickle Files

picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and...

8.1CVSS0.00637EPSS
Exploits0References2
CVE
CVE
added 6 days ago11 views

CVE-2025-71352

The CVE-2025-71352 entry affects the Python-based tool picklescan (pre-0.0.29). The issue: picklescan fails to detect the built-in Python function trace.Trace.runctx when it is used inside pickle file reduce methods, enabling remote attackers to craft malicious pickle files that bypass detection ...

8.1CVSS6.1AI score0.00637EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago13 views

PT-2026-54007

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.29 Description The software fails to detect the built-in Python trace.Trace.runctx function when it is used within pickle file reduce methods. This allows remote attackers to craft malicious pickle files...

8.1CVSS6.2AI score0.00637EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 1:16 p.m.11 views

CVE-2025-71341

picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution whe...

8.1CVSS0.00466EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:12 p.m.6 views

EUVD-2025-210305

picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution whe...

8.1CVSS6.5AI score0.00466EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:12 p.m.13 views

CVE-2025-71341

CVE-2025-71341 : The affected component is picklescan (versions before 0.0.29). The root cause is that the analyzer fails to detect the profile.Profile.runctx function when inspecting pickle files, specifically in the reduce method. This enables remote attackers to craft pickle payloads that embe...

8.1CVSS6.5AI score0.00466EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 12:12 p.m.31 views

CVE-2025-71341 picklescan - Remote Code Execution via Undetected profile.Profile.runctx

picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution whe...

8.1CVSS0.00466EPSS
Exploits0References2
NVD
NVD
added 2026/06/21 2:16 p.m.12 views

CVE-2025-71378

picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load...

8.1CVSS0.00338EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.7 views

CVE-2025-71378

picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load...

8.1CVSS6.4AI score0.00338EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/21 1:26 p.m.5 views

EUVD-2025-210294

picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load...

8.1CVSS6.4AI score0.00338EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-29482

Malicious code in bioql PyPI...

6.6AI score
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29453

Malicious code in bioql PyPI...

6.6AI score
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-29468

Malicious code in bioql PyPI...

6.6AI score
Exploits0References3
Veracode
Veracode
added 2025/09/25 10:5 a.m.5 views

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization/execution because trace.Trace.runctx can be used to execute code from untrusted pickle or otherwise crafted inputs in the interpreter context, allowing arbitrary code execution...

8.2AI score
Exploits0
Veracode
Veracode
added 2025/09/24 5:33 a.m.6 views

Remote Code Execution (RCE)

cProfile is vulnerable to Remote Code Execution RCE.The vulnerability is due to unsafe deserialization/execution because cProfile.runctx can be abused to execute code from untrusted pickle files passed into its execution context...

8AI score
Exploits0
Veracode
Veracode
added 2025/09/23 7:46 a.m.7 views

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to insecure deserialization because profile.Profile.runctx can be abused to execute malicious pickle files...

7.8AI score
Exploits0
OSV
OSV
added 2025/08/26 9:38 p.m.5 views

GHSA-9W88-8RMG-7G2P Picklescan is missing detection when calling built-in python cProfile.runctx

Summary Using cProfile.runctx function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.runctx function in reduce method Then when the victim after...

8.1CVSS7.9AI score0.00338EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/08/26 9:38 p.m.5 views

Picklescan is missing detection when calling built-in python cProfile.runctx

Summary Using cProfile.runctx function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.runctx function in reduce method Then when the victim after...

7.9AI score
Exploits0References3Affected Software1
Rows per page
Query Builder