CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/03/24 6:56 p.m.•2 views

EUVD-2026-15001

8.8CVSS6AI score0.00192EPSS

ATTACKERKB•added 2026/03/24 6:56 p.m.•12 views

CVE-2026-33511

8.8CVSS6AI score0.00192EPSS

ATTACKERKB•added 2026/03/24 6:55 p.m.•5 views

CVE-2026-33509

pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97, the setconfigvalue API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option...

7.5CVSS5.8AI score0.00113EPSS

Vulnrichment•added 2026/03/24 6:55 p.m.•1 views

CVE-2026-33509 pyload-ng: SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration

7.5CVSS5.8AI score0.00113EPSS

CVE•added 2026/03/24 6:55 p.m.•4 views

CVE-2026-33509

Summary of CVE-2026-33509 / GHSA-r7mc-x6x7-cqxx : The pyLoad project exposes a critical vulnerability where a user with non-admin SETTINGS permission can write arbitrary configuration values via set_config_value(), with only a narrow hard-coded exception for storage_folder. The reconnect.script s...

8.8CVSS5.8AI score0.00113EPSS

Exploits1References1Affected Software2

Cvelist•added 2026/03/24 6:52 p.m.•16 views

CVE-2026-33314 pyload-ng: Improper Authentication and Origin Validation Error

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @localcheck decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints,...

6.5CVSS0.00011EPSS

ATTACKERKB•added 2026/03/24 6:52 p.m.•9 views

CVE-2026-33314

6.5CVSS5.9AI score0.00011EPSS

CNNVD•added 2026/03/24 12:0 a.m.•3 views

pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad from 0.4.0 to 0.5.0b3.dev97 contained security vulnerabilities. These vulnerabilities stemmed from the setconfigvalue API endpoint, which allowed users with non-administrator SETTINGS privileges to modify any...

8.8CVSS6.2AI score0.00113EPSS

Positive Technologies•added 2026/03/24 12:0 a.m.•2 views

PT-2026-27492

pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the local check decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...

8.8CVSS6AI score0.00192EPSS

Exploits1References3

CNNVD•added 2026/03/24 12:0 a.m.•3 views

pyLoad 访问控制错误漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev97 contained a security vulnerability related to access control. This vulnerability stemmed from the @localcheck decorator, which allowed for header spoofing by hosts, potentially allowing...

6.5CVSS5.8AI score0.00011EPSS

CNNVD•added 2026/03/24 12:0 a.m.•2 views

pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. There were security vulnerabilities in versions of pyLoad from 0.4.20 to 0.5.0b3.dev97. These vulnerabilities stemmed from the localcheck decorator in the ClickNLoad function, which could be bypassed through HTTP header tricks,...

9.8CVSS5.8AI score0.00192EPSS

Snyk•added 2026/03/20 9:50 p.m.•3 views

Improper Privilege Management

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Improper Privilege Management via the setconfigvalue function, which allows users with certain permissions to modify configuration options without adequate...

8.8CVSS6.4AI score0.00113EPSS

Exploits1References2

Snyk•added 2026/03/20 4:39 a.m.•1 views

Directory Traversal

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Directory Traversal during the password verification of encrypted 7z archives with non-encrypted headers. An attacker can delete arbitrary files outside the...

8.1CVSS6.5AI score0.00211EPSS

Exploits1References2

NVD•added 2026/03/20 2:16 a.m.•2 views

CVE-2026-32808

pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives encrypted files with non-encrypted headers, causing arbitrary file deletion outside of the extraction...

8.1CVSS0.00211EPSS

EUVD•added 2026/03/20 1:45 a.m.•3 views

EUVD-2026-13435

Cvelist•added 2026/03/20 1:45 a.m.•20 views

CVE-2026-32808 pyLoad: Arbitrary File Deletion via Path Traversal during Encrypted 7z Password Verification

8.1CVSS0.00211EPSS

ATTACKERKB•added 2026/03/20 1:45 a.m.•2 views

CVE-2026-32808

CVE•added 2026/03/20 1:45 a.m.•5 views

CVE-2026-32808

pyLoad (Python) versions prior to 0.5.0b3.dev97 are vulnerable to a path traversal flaw during password verification of certain encrypted 7z archives (encrypted files with non-encrypted headers). The code derives an archive entry name from the 7z listing and uses it as a filesystem path without c...

Exploits1References1Affected Software2

Vulnrichment•added 2026/03/20 1:45 a.m.•0 views

CVE-2026-32808 pyLoad: Arbitrary File Deletion via Path Traversal during Encrypted 7z Password Verification