6 matches found
CVE-2026-41372
Technical details such as affected products, versions, root cause, and remediation are not publicly available in the provided documents. Monitor for updates from NVD, CVE lists, and vendor advisories.
CVE-2026-33511
pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...
CVE-2026-33511 pyload-ng: Authentication Bypass via Host Header Injection in ClickNLoad
pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...
CVE-2026-33511 pyload-ng: Authentication Bypass via Host Header Injection in ClickNLoad
pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...
CVE-2026-33511
CVE-2026-33511 concerns pyload-ng/pyLoad where the local_check decorator in the ClickNLoad feature can be bypassed via HTTP Host header spoofing, enabling unauthenticated remote access to localhost‑restricted endpoints and allowing injection of arbitrary downloads, file writes to the storage dire...
PT-2026-27492
pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the local check decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...