Lucene search
K

6 matches found

EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2025-210388

Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing.private.utils.runstring within the reduce method to...

7.6CVSS6.1AI score0.00552EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.21 views

CVE-2025-71355 Picklescan - Arbitrary Code Execution via Unsafe Numpy Function Detection Bypass

Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing.private.utils.runstring within the reduce method to...

7.6CVSS0.00552EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/23 12:42 a.m.3 views

CVE-2026-41206 PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in...

6.9CVSS6.3AI score0.00185EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/10 1:35 a.m.4 views

EUVD-2026-1685

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafeimports method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected...

9.3CVSS7.6AI score0.00554EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-5523

Malicious code in bioql PyPI...

9.8CVSS8.8AI score0.01592EPSS
Exploits4References10
Github Security Blog
Github Security Blog
added 2025/03/03 9:30 p.m.21 views

Duplicate Advisory: Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-769v-p64c-89pr. This link is maintained to preserve external references. Original Description picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An...

9.8CVSS7AI score0.00365EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder