VYPR
Vendor

Trailofbits

Products
3
CVEs
11
Across products
11
Status
Private

Products

3

Recent CVEs

11
  • CVE-2025-52556CriJun 21, 2025
    risk 0.53cvss epss 0.00

    rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded…

  • CVE-2026-33753MedApr 8, 2026
    risk 0.33cvss 6.2epss 0.00

    rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority (TSA). By…

  • CVE-2026-22612Jan 10, 2026
    risk 0.00cvss epss 0.00

    Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to "builtins" blindness. This issue has been patched in version 0.1.7.

  • CVE-2026-22609Jan 10, 2026
    risk 0.00cvss epss 0.01

    Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafe_imports() method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules…

  • CVE-2026-22608Jan 10, 2026
    risk 0.00cvss epss 0.00

    Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools (like picklescan) do not block pydoc.locate. Chaining these two together can achieve RCE while…

  • CVE-2026-22607Jan 10, 2026
    risk 0.00cvss epss 0.00

    Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run() is classified as SUSPICIOUS instead of OVERTLY_MALICIOUS. If a…

  • CVE-2026-22606Jan 10, 2026
    risk 0.00cvss epss 0.00

    Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.run_path() or runpy.run_module() is classified as SUSPICIOUS instead of…

  • CVE-2025-67748Dec 16, 2025
    risk 0.00cvss epss 0.00

    Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by `pty` missing from the block list of unsafe module imports. This led to unsafe pickles based on `pty.spawn()` being incorrectly flagged as `LIKELY_SAFE`, and was fixed in…

  • CVE-2025-67747Dec 16, 2025
    risk 0.00cvss epss 0.00

    Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing `marshal` and `types` from the block list of unsafe module imports. Fickling started blocking both modules to address this issue. This allows an attacker to craft a malicious pickle…

  • CVE-2023-39969Aug 9, 2023
    risk 0.00cvss epss 0.00

    uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Version 1.0.9 of uthenticode hashed the entire file rather than hashing sections by virtual address, in violation of the Authenticode specification. As a result, an attacker…

  • CVE-2023-40012Aug 9, 2023
    risk 0.00cvss epss 0.00

    uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a…