708 matches found
Relative Path Traversal
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Relative Path Traversal via the editpackage function when processing the packfolder parameter. An attacker can overwrite arbitrary files on the system by...
PYSEC-2026-121
pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...
CVE-2026-29778
pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...
CVE-2026-29778
pyLoad: Arbitrary File Write via Path Traversal in edit_package() is confirmed. Affected range: 0.5.0b3.dev13–0.5.0b3.dev96; fix patched in 0.5.0b3.dev97. The issue stems from insufficient sanitization of pack_folder, relying on a single-pass "../" replacement, which can be bypassed by crafted re...
CVE-2026-29778
pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...
pyLoad 安全漏洞
pyLoad is an open-source download manager written in Python. Versions of pyLoad from 0.5.0b3.dev13 to 0.5.0b3.dev96 contain security vulnerabilities. These vulnerabilities stem from insufficient cleanup of the packfolder parameter in the editpackage function, which may lead to path traversal...
GHSA-6PX9-J4QR-XFJW pyLoad has an Arbitrary File Write via Path Traversal in edit_package()
The editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be bypassed using crafted recursive traversal sequences. Exploitation An authenticated user with MODIFY permission can...
pyLoad has an Arbitrary File Write via Path Traversal in edit_package()
The editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be bypassed using crafted recursive traversal sequences. Exploitation An authenticated user with MODIFY permission can...
EUVD-2025-199494
Malicious code in @livecms/live-edit npm...
Malicious code in resolvers-semantic-ui-cosmochemistry-andromeda (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 324a909713f74f248bbd7d80715356b6ebd5ed9821a32c6b11221859883f0d33 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in astrochemistry-ionosphere-gravitationalwave-joviology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2119ba76eecde671765855d9947d057698ac00abf631f90c033888f31387b6bc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nova-chakra-ui-css-loader-eris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33fba34563f447f01ce0f666ca1461181b88fe72fddd18a86916eea8ecf8b6f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in apex-aurora-xml-fomalhaut (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd7d0a68560ea990b728310621a54435d29f21a74d08f8126b4956b41fc0234e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189132 Malicious code in registry-ursa-prettier-plugin-markdown-framework (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bce70a60b982911ae8463ded8b5a8cfc5578f573075e24291265f231dd7d8f9a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189397 Malicious code in secure-old-deploy-resolve-encode (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edd40e8463e8ef60e60e2f721f62d52e42e5b10ad7481073017d47ad4d0616fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in development-outercore-neptune-singularitarianism (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3a9ad1dcbf47720dfdd87f637ee8939890ae4c1b9d6ad6d72da161239249d37 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186448 Malicious code in cypress-geckodriver-vulcan-metalsmith (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a8e7b3c4e75f8542f11b8a92dfb8c43d2878628b0adecc1a5af688a49451c60 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186106 Malicious code in chalk-supercluster-repository-morgan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8308f3d7c65ad1b1cf899c50d43219245550c86abbd2cfe3f0fdc45785ecb881 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-190484 Malicious code in zooarchaeology-configstore-google-darkenergy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 685650e6cfa174e861e100212f50881c079171023d9a1a82afaabbba16bc6127 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in aquarius-babel-nconf-build (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 367d06fdbae8de2b7d6bcc68f6b13999fc7160d92484baa01898cb3fd84acfab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...