Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.6 CVE-2025-71363

picklescan – Arbitrary Code Execution via Undetected cProfile.run in Pickle Deserialization_CVE-2025-71363

picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods, allowing attackers to execute arbitrary code. Remote...

picklescan picklescan CVE
HIGH 7.6 CVE-2025-71355

Picklescan – Arbitrary Code Execution via Unsafe Numpy Function Detection Bypass_CVE-2025-71355

Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arb...

Picklescan Picklescan CVE
HIGH 7.6 CVE-2025-71352

picklescan – Remote Code Execution via Undetected trace.Trace.runctx in Pickle Files_CVE-2025-71352

picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attacker...

picklescan picklescan CVE
HIGH 7.6 CVE-2025-71350

picklescan – Undetected Remote Code Execution via torch.utils.collect_env.run_CVE-2025-71350

picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collect_env.run function in reduce methods. Attackers can embed u...

picklescan picklescan CVE
HIGH 7.6 CVE-2025-71349

picklescan – Arbitrary Code Execution via Undetected trace.Trace.run in Pickle Files_CVE-2025-71349

picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing attackers to embed undetected ...

picklescan picklescan CVE
HIGH 7.5 CVE-2026-13772

IBM WebSphere eXtreme Scale’s OQL is affected by remote code execution_CVE-2026-13772

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName() and ...

IBM WebSphere Extreme Scale 8.6.1.0 CVE
HIGH 7.5 CVE-2026-13759

IBM WebSphere eXtreme Scale is affected by Insecure Deserilization_CVE-2026-13759

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses (WsObjectInputStream, ObjectStreamPool$ReusableInputSt...

IBM WebSphere Extreme Scale 8.6.1.0 CVE
HIGH 7.6 CVE-2026-13449

XXE attack in IBM Business Automation Manager Open Editions_CVE-2026-13449

IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XM...

IBM Business Automation Manager Open Editions 9.0.0 CVE
HIGH 7.2 CVE-2026-11806

IBM WebSphere Application Server Liberty is affected by a an arbitrary file read vulnerability_CVE-2026-11806

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0...

IBM WebSphere Application Server - Liberty 17.0.0.3 CVE
HIGH 8.5 CVE-2026-11714

IBM WebSphere Application Server Liberty is affected by an authorization bypass vulnerability_CVE-2026-11714

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscove...

IBM WebSphere Application Server - Liberty 17.0.0.3 CVE