Lucene search
K

6 matches found

EUVD
EUVD
added 3 days ago6 views

EUVD-2025-210413

picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.parameval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed undetected code in pickle files that executes during deserialization, enabling arbitrary cod...

8.1CVSS6.6AI score0.00445EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/18 12:31 p.m.13 views

SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket

SGLang's multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads on incoming messages, enabling RCE when exposed to the internet...

9.8CVSS5.8AI score0.00399EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/09/16 5:53 a.m.6 views

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of untrusted pickle data in the function’s reduce flow, which allows an attacker to craft a malicious pickle that bypasses the victim’s Picklescan check and achieve arbitrary code execution when t...

8.3AI score
Exploits0
OSV
OSV
added 2025/03/20 10:15 a.m.9 views

PYSEC-2025-222

vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer RPC server entrypoints. The core functionality runserverloop calls the function makehandlercoro, which directly uses cloudpickle.loads on received messages without any sanitization. This can result in remote code...

9.8CVSS6.4AI score0.01274EPSS
Exploits1References2
Veracode
Veracode
added 2024/09/16 8:25 a.m.7 views

Deserialization Of Untrusted Data

MindsDB is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to improper deserialization of untrusted pickle data in the finetune method within byomhandler.py, which allows the execution of arbitrary code on the server during the 'finetune' process...

7.5CVSS7.3AI score0.00481EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/05/24 10:0 p.m.1 views

GHSA-9FQ2-X9R6-WFMF Numpy Deserialization of Untrusted Data

DISPUTED An issue was discovered in NumPy 1.16.2 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior...

9.8CVSS7.5AI score0.17078EPSS
Exploits2References18
Rows per page
Query Builder