Lucene search
+L

8 matches found

EUVD
EUVD
added 2026/07/01 12:34 a.m.9 views

EUVD-2025-210385

picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using trace.Trace.run in the reduce method to achieve arbitrary code execution when...

8.1CVSS6.4AI score0.00562EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:16 p.m.6 views

CVE-2025-71349

picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using trace.Trace.run in the reduce method to achieve arbitrary code execution when...

8.1CVSS0.00562EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.25 views

CVE-2025-71349 picklescan - Arbitrary Code Execution via Undetected trace.Trace.run in Pickle Files

picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using trace.Trace.run in the reduce method to achieve arbitrary code execution when...

8.1CVSS0.00562EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 10:8 p.m.5 views

CVE-2025-71349 picklescan - Arbitrary Code Execution via Undetected trace.Trace.run in Pickle Files

picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using trace.Trace.run in the reduce method to achieve arbitrary code execution when...

7.6CVSS6.6AI score0.00562EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 10:8 p.m.18 views

CVE-2025-71349

The affected software is picklescan with versions before 0.0.29. The vulnerability arises because the tool fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing an attacker to embed malicious code. Remote attackers can craft pickle files that use trace.Trace....

8.1CVSS6.4AI score0.00562EPSS
Exploits0References2
Veracode
Veracode
added 2025/09/23 8:19 a.m.5 views

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization due to trace.Trace.run executing code from untrusted pickle files, which can execute arbitrary code when a malicious pickle is loaded...

8.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/08/26 6:35 p.m.4 views

Picklescan has a missing detection when calling built-in python trace.Trace.run

Summary Using trace.Trace.run, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to trace.Trace.run function in reduce method Then when the victim after checking...

7.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/26 6:35 p.m.3 views

GHSA-5QWP-399C-MJWF Picklescan has a missing detection when calling built-in python trace.Trace.run

Summary Using trace.Trace.run, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to trace.Trace.run function in reduce method Then when the victim after checking...

8.1CVSS7.9AI score0.00562EPSS
Exploits0References3
Rows per page
Query Builder