EUVD-2026-38437

picklescan before 1.0.4 fails to block at least seven Python standard library modules including uuid, osxsupport, aixsupport, pyrepl.pager, and imaplib exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files importing these unblocked...

CVE-2025-67747

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing marshal and types from the block list of unsafe module imports. Fickling started blocking both modules to address this issue. This allows an attacker to craft a malicious pickle file that can bypass...

CVE-2025-67748 Fickling has Code Injection vulnerability via pty.spawn()

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by pty missing from the block list of unsafe module imports. This led to unsafe pickles based on pty.spawn being incorrectly flagged as LIKELYSAFE, and was fixed in version 0.1.6. This impact...

PT-2025-51355

Name of the Vulnerable Software and Affected Versions Fickling versions prior to 0.1.6 Description Fickling, a Python pickling decompiler and static analyzer, contained a bypass related to missing unsafe module imports. Specifically, the pty module was not included in the block list, leading to...

CVE-2009-0367

The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module...

CVE-2009-0367

The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module...