Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Cvelist
Cvelistadded 2026/05/28 5:12 p.m.27 views

CVE-2026-45348 pyLoad: Stored XSS in Downloads view via unsanitized link URL in packages.js template literal

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to...

8.7CVSS0.00199EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/28 5:12 p.m.8 views

CVE-2026-45348

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to...

8.7CVSS5.8AI score0.00199EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/28 5:12 p.m.7 views

CVE-2026-45348 pyLoad: Stored XSS in Downloads view via unsanitized link URL in packages.js template literal

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to...

8.7CVSS5.8AI score0.00199EPSS
Exploits0References1
CVE
CVEadded 2026/05/28 5:12 p.m.14 views

CVE-2026-45348

CVE-2026-45348 affects pyLoad before version 0.5.0b3.dev100, where an unsanitized link URL interpolated in a template literal within packages.js allows stored XSS in the Downloads view. Attack surface: authenticated operators can submit a package link that injects HTML/JS, which gets rendered via...

8.7CVSS5.8AI score0.00199EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/05/28 12:0 a.m.8 views

pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev100 contained security vulnerabilities. These vulnerabilities stemmed from the packages.js template, which interpolated the stored link URLs into the template literals within HTML tags with single...

8.7CVSS5.9AI score0.00199EPSS
Exploits0References1
OSV
OSVadded 2026/05/14 8:23 p.m.3 views

GHSA-FCJQ-435V-JX94 pyLoad is vulnerable to stored XSS in Downloads view via unsanitized link URL in packages.js template literal

Summary The packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to the DOM via $div.htmlhtml. No escaping runs between the API value and innerHTML. An...

8.7CVSS5.9AI score0.00199EPSS
Exploits0References3
Rows per page
Query Builder