14 matches found
EUVD-2025-210413
picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.parameval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed undetected code in pickle files that executes during deserialization, enabling arbitrary cod...
CVE-2026-47161
RELATE is a web-based courseware package. Prior to commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb, RELATE LMS configures its Celery workers to accept and deserialize untrusted 'pickle' data. An attacker who can reach the message broker can execute arbitrary commands on the host server. Combined...
PT-2026-44080
Name of the Vulnerable Software and Affected Versions RELATE versions prior to commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb Description RELATE LMS configures its Celery workers to accept and deserialize untrusted pickle data. Pickle is a Python module used for serializing and deserializing...
SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket
SGLang's multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads on incoming messages, enabling RCE when exposed to the internet...
Deserialization of Untrusted Data
Overview ktransformers is a KTransformers: CPU-GPU heterogeneous inference framework for LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the balanceserve process. An attacker can execute arbitrary code by sending a crafted pickle payload to the expos...
CVE-2026-26210 KTransformers Unsafe Deserialization RCE via balance_serve
KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balanceserve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads without validation. Attackers can...
DeepDiff 资源管理错误漏洞
DeepDiff is a Python library developed by Sep Dehpour. Versions of DeepDiff from 5.0.0 to 8.6.2 had a resource management vulnerability. This vulnerability stemmed from the lack of restrictions on constructor parameters by the RestrictedUnpickler, which could lead to excessive memory consumption...
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length
Summary Picklescan uses the numpy.f2py.crackfortran.evallength function a NumPy F2PY helper to execute arbitrary Python code during unpickling. Details Picklescan fails to detect a malicious pickle that uses the gadget numpy.f2py.crackfortran.evallength in reduce, allowing arbitrary command...
EUVD-2025-35596
Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization...
Remote Code Execution (RCE)
cProfile is vulnerable to Remote Code Execution RCE.The vulnerability is due to unsafe deserialization/execution because cProfile.runctx can be abused to execute code from untrusted pickle files passed into its execution context...
Remote Code Execution (RCE)
picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of untrusted pickle data in the function’s reduce flow, which allows an attacker to craft a malicious pickle that bypasses the victim’s Picklescan check and achieve arbitrary code execution when t...
PYSEC-2025-222
vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer RPC server entrypoints. The core functionality runserverloop calls the function makehandlercoro, which directly uses cloudpickle.loads on received messages without any sanitization. This can result in remote code...
Deserialization Of Untrusted Data
MindsDB is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to improper deserialization of untrusted pickle data in the finetune method within byomhandler.py, which allows the execution of arbitrary code on the server during the 'finetune' process...
GHSA-9FQ2-X9R6-WFMF Numpy Deserialization of Untrusted Data
DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior...