Total CVEs

143,126

Critical Severity

4,045

High Severity

14,563

Last 7 Days

1,257
Quick preset (or use dates below)
Clear Filters
Showing 21 - 40 of 59 CVEs

Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing._private.utils.runstring within the reduce method to i...

Vendor: Picklescan
Product: Picklescan
Published: Jun 30, 2026
Source: NVD
CVE-2025-71352 HIGH - 8.1

picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and exec...

Vendor: picklescan
Product: picklescan
Published: Jun 30, 2026
Source: NVD
CVE-2025-71350 HIGH - 8.1

picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collect_env.run function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.

Vendor: picklescan
Product: picklescan
Published: Jun 30, 2026
Source: NVD
CVE-2025-71349 HIGH - 8.1

picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using trace.Trace.run in the reduce method to achieve arbitrary code execution when pic...

Vendor: picklescan
Product: picklescan
Published: Jun 30, 2026
Source: NVD
CVE-2025-71340 HIGH - 8.1

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in __reduce__ methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load(), enabling supply chain attack...

Vendor: picklescan
Product: picklescan
Published: Jun 25, 2026
Source: NVD
CVE-2025-71361 HIGH - 8.1

picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via pickle.load().

Vendor: picklescan
Product: picklescan
Published: Jun 24, 2026
Source: NVD
CVE-2025-71354 HIGH - 8.1

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. Attackers can craft pickle files with embedded code that bypasses picklescan detection and executes arbitrary commands when pickle.load() is called.

Vendor: picklescan
Product: picklescan
Published: Jun 24, 2026
Source: NVD
CVE-2026-56315 CRITICAL - 9.8

picklescan before 1.0.4 fails to block at least seven Python standard library modules (including uuid, _osx_support, _aix_support, _pyrepl.pager, and imaplib) exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files importing these unblocke...

Vendor: picklescan
Product: picklescan
Published: Jun 23, 2026
Source: NVD
CVE-2025-71376 HIGH - 8.1

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims.

Vendor: picklescan
Product: picklescan
Published: Jun 23, 2026
Source: NVD
CVE-2025-71370 HIGH - 8.1

picklescan before 0.0.28 fails to detect malicious torch.jit.unsupported_tensor_ops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and execute arbitrary code when loaded via pickle.load().

Vendor: picklescan
Product: picklescan
Published: Jun 23, 2026
Source: NVD
CVE-2025-71365 HIGH - 8.1

picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded.

Vendor: picklescan
Product: picklescan
Published: Jun 23, 2026
Source: NVD
CVE-2025-71341 HIGH - 8.1

picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution when t...

Vendor: picklescan
Product: picklescan
Published: Jun 23, 2026
Source: NVD
CVE-2025-71358 HIGH - 8.1

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.get_entity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load().

Vendor: picklescan
Product: picklescan
Published: Jun 22, 2026
Source: NVD
CVE-2025-71344 HIGH - 8.1

picklescan before 0.0.30 (affected versions 0.0.26 and earlier) fails to detect the ensurepip._run_pip built-in function when scanning pickle files, allowing attackers to execute arbitrary code. Malicious pickle files embedding ensurepip._run_pip calls in __reduce__ methods bypass picklescan detecti...

Vendor: picklescan
Product: picklescan
Published: Jun 22, 2026
Source: NVD
CVE-2025-71339 HIGH - 8.1

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran._eval_length gadget in pickle __reduce__ methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded by victims who trust Picklescan's safety validation...

Vendor: Picklescan
Product: Picklescan
Published: Jun 22, 2026
Source: NVD
CVE-2025-71378 HIGH - 8.1

picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load().

Vendor: picklescan
Product: picklescan
Published: Jun 21, 2026
Source: NVD
CVE-2025-71357 HIGH - 8.1

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.

Vendor: picklescan
Product: picklescan
Published: Jun 21, 2026
Source: NVD

picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit() in the __reduce__ method, allowing remote code execution. Attackers can craft pickle files that import dangerous libraries like os and execute arbitrary system commands, which evade picklescan detection and exec...

Vendor: picklescan
Product: picklescan
Published: Jun 21, 2026
Source: NVD
CVE-2025-71348 HIGH - 8.1

picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils._config_module.load_config function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but executes during pickle.load, enabling remote code execution in supply...

Vendor: picklescan
Product: picklescan
Published: Jun 21, 2026
Source: NVD
CVE-2026-56304 MEDIUM - 6.5

picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create loc...

Vendor: picklescan
Product: picklescan
Published: Jun 20, 2026
Source: NVD