PULSE
EN VIVO7señales / 24h
FEED
ransomblackout reclama a yano.tokyo · JP · Technologyransomblackout reclama a www.miatech.net · US · Technologyransomblackout reclama a bluebellgroup.com · GB · Not Foundransomthegentlemen reclama a Ecopetrol · CO · Energyransomqilin reclama a City Ambulance Service · Healthcareransomqilin reclama a Famesa · PE · Agriculture and Food Productionransomkrybit reclama a euroins.bg · BG · Financial Servicesransomnova reclama a FMZ Tecnologia em Sistemas · BR · Technologyransomqilin reclama a Heartland Catfish · US · Agriculture and Food Productionransomqilin reclama a Salina Supply · US · Business Servicesransomqilin reclama a St Martha Catholic Church · US · Consumer Servicesransomqilin reclama a The Nueva School · US · Educationransomdragonforce reclama a NewNet · SA · Telecommunicationransomqilin reclama a Sicc · IT · Not Foundransomblackout reclama a yano.tokyo · JP · Technologyransomblackout reclama a www.miatech.net · US · Technologyransomblackout reclama a bluebellgroup.com · GB · Not Foundransomthegentlemen reclama a Ecopetrol · CO · Energyransomqilin reclama a City Ambulance Service · Healthcareransomqilin reclama a Famesa · PE · Agriculture and Food Productionransomkrybit reclama a euroins.bg · BG · Financial Servicesransomnova reclama a FMZ Tecnologia em Sistemas · BR · Technologyransomqilin reclama a Heartland Catfish · US · Agriculture and Food Productionransomqilin reclama a Salina Supply · US · Business Servicesransomqilin reclama a St Martha Catholic Church · US · Consumer Servicesransomqilin reclama a The Nueva School · US · Educationransomdragonforce reclama a NewNet · SA · Telecommunicationransomqilin reclama a Sicc · IT · Not Found
← Todos los CVEs
CVE Watch6 jul 2026

CVE-2025-71359

picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, al

CVSS

8.1

Alto

EPSS

0.4%

p35

KEV

Exploit Today

10

0-100

Publicado: 4 jul 2026 · Última mod.: 6 jul 2026 · CWE-502

EPSS · 30d
0.4%EPSS · 30 días0.4%
2026-07-042026-07-18
Descripción técnica

picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load() deserialization.

Referencias oficiales
CVEs relacionados
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2021-422379.8 CRÍ
99.9%
KEV80Sitecore XP Remote Command Execution Vulnerability10d
CVE-2026-456598.8 ALT
86.8%
KEV76Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability17d
CVE-2026-586449.8 CRÍ
70.7%
KEV71Microsoft SharePoint Deserialization of Untrusted Data Vulnerability2d
CVE-2026-125699.8 CRÍ
66.0%
KEV70PTC Windchill and FlexPLM Improper Input Validation Vulnerability19d
CVE-2026-505229.8 CRÍ
97.2%
29Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.4d
CVE-2025-560059.8 CRÍ
96.7%
29An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl` file that is deserialized with `pickle.load()` without validation. Because `pickle` allows execution of embedded code via `__reduce__()`, an attacker can achieve code execution by passing a malicious pickle file. The parameter is not mentioned in official documentation or the GitHub repository, yet it is active in the PyPI version. This introduces a stealthy backdoor and persistence risk. NOTE: A third-party states that this vulnerability should be rejected because the proof of concept does not demonstrate arbitrary code execution and fails to complete successfully.5d