Lucene search
+L

402 matches found

Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-15531 yashbhalgat HashNeRF-pytorch Checkpoint File run_nerf.py torch.load deserialization

A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected by this issue is the function torch.load of the file runnerf.py of the component Checkpoint File Handler. The manipulation of the argument ckptpath leads to deserialization. The...

5.3CVSS0.00121EPSS
Exploits0References7
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-43277

A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected by this issue is the function torch.load of the file runnerf.py of the component Checkpoint File Handler. The manipulation of the argument ckptpath leads to deserialization. The...

5.3CVSS5.6AI score0.00121EPSS
Exploits0References7
NVD
NVD
added 2026/07/04 2:16 a.m.16 views

CVE-2025-71356

picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolicshapes.ShapeEnv.evaluateguardsexpression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when loaded by victims...

8.1CVSS0.003EPSS
Exploits0References2
NVD
NVD
added 2026/07/04 2:16 a.m.12 views

CVE-2025-71369

picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote attackers can embed undetected malicious code in pickle files that executes during deserialization,...

8.1CVSS0.00445EPSS
Exploits0References2
NVD
NVD
added 2026/07/04 2:16 a.m.10 views

CVE-2025-71345

picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.main.runautogradprof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution...

8.1CVSS0.00427EPSS
Exploits0References2
OSV
OSV
added 2026/07/04 1:23 a.m.7 views

CVE-2025-71369 picklescan - Unsafe Deserialization via torch.utils.data.datapipes.utils.decoder.basichandlers

picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote attackers can embed undetected malicious code in pickle files that executes during deserialization,...

7.6CVSS6.3AI score0.00445EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.11 views

CVE-2025-71369

picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote attackers can embed undetected malicious code in pickle files that executes during deserialization,...

8.1CVSS6.3AI score0.00445EPSS
Exploits0References3
CVE
CVE
added 2026/07/04 1:23 a.m.20 views

CVE-2025-71369

CVE-2025-71369 affects the Python utility picklescan (versions prior to 0.0.28). The vulnerability arises when pickle files leverage torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, enabling bypass of safety checks and allowing remote code execution during deserialization...

8.1CVSS6.3AI score0.00445EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.39 views

CVE-2025-71366 picklescan - Arbitrary Code Execution via torch.utils.bottleneck.__main__.run_cprofile

picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.main.runcprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files...

8.1CVSS0.00445EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.5 views

CVE-2025-71356

picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolicshapes.ShapeEnv.evaluateguardsexpression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when loaded by victims...

8.1CVSS6.2AI score0.003EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/04 1:23 a.m.8 views

EUVD-2025-210415

picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolicshapes.ShapeEnv.evaluateguardsexpression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when loaded by victims...

8.1CVSS6.2AI score0.003EPSS
Exploits0References2
CVE
CVE
added 2026/07/04 1:23 a.m.21 views

CVE-2025-71356

CVE-2025-71356 affects picklescan prior to 0.0.28, which fails to detect malicious torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression calls embedded in pickle files. This enables arbitrary code execution when such pickle files are loaded by victims, as attackers can embed p...

8.1CVSS6.2AI score0.003EPSS
Exploits0References2
OSV
OSV
added 2026/07/04 1:23 a.m.3 views

CVE-2025-71353 picklescan - Remote Code Execution via torch._dynamo.guards.GuardBuilder.get

picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch.dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded...

7.6CVSS6.1AI score0.003EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.32 views

CVE-2025-71345 picklescan - Arbitrary Code Execution via torch.utils.bottleneck.__main__.run_autograd_prof

picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.main.runautogradprof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution...

8.1CVSS0.00427EPSS
Exploits0References2
OSV
OSV
added 2026/07/04 1:23 a.m.4 views

CVE-2025-71345 picklescan - Arbitrary Code Execution via torch.utils.bottleneck.__main__.run_autograd_prof

picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.main.runautogradprof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution...

7.6CVSS6.2AI score0.00427EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.15 views

PT-2026-55676

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.28 Description The software fails to detect malicious function calls to torch.utils.bottleneck. main .run cprofile within pickle files. This flaw allows remote attackers to bypass safety checks by embedding...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/01 4:36 p.m.8 views

EUVD-2026-41089

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...

8.8CVSS6.6AI score0.00493EPSS
Exploits1References5
CVE
CVE
added 2026/06/30 10:8 p.m.25 views

CVE-2025-71350

CVE-2025-71350 concerns the Python package picklescan, with version pre-0.0.28 vulnerable. The issue arises because picklescan fails to detect malicious pickle payloads that leverage torch.utils.collect_env.run within reduce methods, enabling attackers to embed code in pickle files that may execu...

8.1CVSS5.9AI score0.00395EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 10:8 p.m.4 views

CVE-2025-71350 picklescan - Undetected Remote Code Execution via torch.utils.collect_env.run

picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collectenv.run function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

7.6CVSS6.1AI score0.00395EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-54006

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.28 Description The software fails to detect malicious pickle files that utilize the torch.utils.collect env.run function within reduce methods. This allows attackers to embed hidden code in pickle files, which...

8.1CVSS6.2AI score0.00395EPSS
Exploits0References5
Rows per page
Query Builder