These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-71378 is a HIGH-severity vulnerability in picklescan, a tool designed to scan pickle files for potential security issues. The vulnerability, scored 7.6, allows attackers to execute arbitrary code by bypassing picklescan's detection of cProfile.runctx function calls in pickle file reduce methods. When loaded via pickle.load(), malicious pickle files can execute remote code. This issue affects pick [truncated]
CVE-2025-71357 is a high-severity vulnerability in picklescan before version 0.0.30. The issue allows attackers to embed undetected code in pickle files that executes remote commands when loaded by victims. The vulnerability has a CVSS score of 7.6 and is classified as HIGH. The CVE was published on June 21, 2026, and has not been modified since. The affected product and vendor are not clearly identified, [truncated]
CVE-2025-71348 is a high-severity vulnerability (CVSS Score: 7.6) affecting picklescan versions before 0.0.28. The issue allows attackers to craft malicious pickle files that can execute arbitrary code during the deserialization process, potentially leading to remote code execution (RCE) in supply chain attacks. The vulnerability is caused by picklescan's failure to detect malicious pickle files that invo [truncated]
CVE-2026-56304 is a medium-severity vulnerability in picklescan before 1.0.1. The issue allows unauthenticated attackers to create arbitrary zero-byte files via the logging.FileHandler class instantiation. This can be exploited by crafting malicious pickle payloads to bypass RCE blocklists and create lock files or other filesystem artifacts, potentially causing denial of service or application disruption. [truncated]
CVE-2026-53875 is a HIGH-severity vulnerability in picklescan before 1.0.3. The scan_pytorch function contains a scanning bypass vulnerability that allows attackers to embed malicious magic numbers via dynamic eval using the __reduce__ trick. This enables attackers to craft malicious PyTorch payloads that evade picklescan detection while remaining executable, potentially leading to arbitrary code executio [truncated]
CVE-2026-53873 is a critical vulnerability in the picklescan library before version 1.0.4. The issue lies in the incomplete blocklist for the profile module, which fails to block the module-level profile.run() function. This allows attackers to craft malicious pickle files that call profile.run(statement) to execute arbitrary Python code, while picklescan reports zero security issues. The vulnerability ha [truncated]
CVE-2026-53872 is a HIGH-severity vulnerability in picklescan, a software that was vulnerable to unsafe pickle deserialization. This vulnerability, with a CVSS score of 8.7, allowed unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers could bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to external servers. The vu [truncated]
CVE-2026-3490 is a critical vulnerability in the picklescan library, which fails to block the `pkgutil.resolve_name` function. This oversight enables attackers to bypass the entire blocklist by resolving any dangerous function through indirect REDUCE calls, potentially leading to remote code execution. The vulnerability has a CVSS score of 10, indicating the highest severity. Remote attackers can exploit [truncated]
CVE-2025-71322 is a HIGH severity vulnerability in PickleScan before 0.0.33. The vulnerability allows attackers to bypass security checks and achieve arbitrary code execution when files are processed by PickleScan. Malicious actors can craft pickle payloads using the pty.spawn function to exploit this vulnerability. The vulnerability has a CVSS score of 8.7 and was published on June 17, 2026. The vendor, [truncated]
CVE-2025-71321 is a critical vulnerability in picklescan before version 0.0.33. The vulnerability allows attackers to bypass the dangerous blocklist by using distutils.file_util.write_file, enabling them to construct malicious pickle objects and overwrite critical system files. This can lead to denial of service or remote code execution. The vulnerability has a CVSS score of 9.3 and is considered critical [truncated]