All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2025-71360
HIGHpublished 2026-07-04 02:16 UTC · 13 hours ago
7.6
CVSS / 10
// description
picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.get_entity function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.
// weaknesses (CWE)
- CWE-502