Insecure Deserialization

Fickling is vulnerable to Insecure Deserialization. The vulnerability is due to missing marshal and types modules from the unsafe import block list, which allows an attacker to craft a malicious pickle file that bypasses Fickling’s analysis and executes arbitrary code when deserialized by a...

CVE-2025-67748

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by pty missing from the block list of unsafe module imports. This led to unsafe pickles based on pty.spawn being incorrectly flagged as LIKELYSAFE, and was fixed in version 0.1.6. This impact...

PT-2023-32430 · WordPress · Rtmedia

Name of the Vulnerable Software and Affected Versions: rtMedia for WordPress, BuddyPress and bbPress versions prior to 4.6.16 Description: The issue is related to the unsafe loading of import file contents, leading to remote code execution by privileged users. Recommendations: For versions prior ...

WordPress 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A remote code execution vulnerability exists in WordPress Business Directory Plugin versions prior t...