Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded yesterday7 views

CVE-2025-71325

picklescan before 0.0.27 contains a parsing logic error in the listglobals function when handling STACKGLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigg...

9.8CVSS
Exploits0References3
CVE
CVEadded yesterday5 views

CVE-2025-71325

CVE-2025-71325 affects picklescan prior to 0.0.27, where a parsing logic flaw in _list_globals with STACK_GLOBAL opcodes fails to track arguments in the correct range. This enables malicious pickle files to bypass detection by crafting arguments at position zero, potentially triggering unexpected...

9.8CVSS5.3AI score
Exploits0References3
Cvelist
Cvelistadded yesterday4 views

CVE-2025-71325 picklescan - Detection Bypass via STACK_GLOBAL Opcode Parsing Logic Flaw

picklescan before 0.0.27 contains a parsing logic error in the listglobals function when handling STACKGLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigg...

9.8CVSS
Exploits0References3
EUVD
EUVDadded yesterday4 views

EUVD-2025-210271

picklescan before 0.0.27 contains a parsing logic error in the listglobals function when handling STACKGLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigg...

9.8CVSS5.2AI score
Exploits0References3
Snyk
Snykadded 2025/08/12 12:13 a.m.2 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the STACKGLOBAL opcode parsing process. An attacker can bypass detection mechanisms by crafting a malicio...

9.6CVSS7AI score
Exploits0References2
OSV
OSVadded 2025/08/12 12:13 a.m.2 views

GHSA-9GVJ-PP9X-GCFR Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass

Details There's a parsing logic error in picklescan and modelscan while trying to deal with opcode STACKGLOBAL. Function listglobals when handling STACKGLOBAL at position n, it is expected to track two arguments but in wrong range. The loop only consider the range from 1 to n-1 but forgets to...

9.3CVSS7AI score
Exploits0References6
Positive Technologies
Positive Technologiesadded 2025/08/12 12:0 a.m.1 views

PT-2025-34324 · Pypi · Picklescan

Details There's a parsing logic error in picklescan and modelscan while trying to deal with opcode STACK GLOBAL. Function list globals when handling STACK GLOBAL at position n, it is expected to track two arguments but in wrong range. The loop only consider the range from 1 to n-1 but forgets to...

9.3CVSS7.1AI score
Exploits0References7
Rows per page
Query Builder