518 matches found
EUVD-2023-0587
Malicious code in bioql PyPI...
EUVD-2024-0154
Malicious code in bioql PyPI...
EUVD-2025-24185
Malicious code in bioql PyPI...
EUVD-2025-25486
Malicious code in bioql PyPI...
pyLoad < 0.5.0b3.dev76 Improper Access Control
pyLoad version prior to 0.5.0b3.dev76 is affected by an Improper Access Control vulnerability. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. An attacker can leverage this vulnerability to perform further attacks against the...
pyLoad Default Credentials
pyLoad is an open-source download manager written in Python. By default, pyLoad is configured with a default username and password allowing any attacker to log in to the application and have full access to its functionality. An attacker can leverage this vulnerability to perform further attacks...
Exploit for CVE-2024-28397
🚨 Remote Code Execution – CVE-2024-28397 pyload-ng / js2py...
CVE-2025-57751
pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs, resulting in the server CPU being fully occupi...
Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs
Dear Maintainers, I am writing to you on behalf of the Tencent AI Sec. We have identified a potential vulnerability in one of your products and would like to report it to you for further investigation and mitigation. Summary The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of...
GHSA-9GJJ-6GJ7-C4WJ Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs
Dear Maintainers, I am writing to you on behalf of the Tencent AI Sec. We have identified a potential vulnerability in one of your products and would like to report it to you for further investigation and mitigation. Summary The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of...
CVE-2025-57751
pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs, resulting in the server CPU being fully occupi...
Allocation of Resources Without Limits or Throttling
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the jk parameter in the CNL Blueprint process. An attacker can cause the server CPU to become fully...
CVE-2025-57751 Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs
pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs, resulting in the server CPU being fully occupi...
CVE-2025-57751 Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs
pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs, resulting in the server CPU being fully occupi...
CVE-2025-57751
The CVE-2025-57751 issue affects pyLoad, specifically the CNL Blueprint. The vulnerability arises from missing validation of the jk parameter, which is processed as JavaScript via evaljs (depending on Python version, via js2py or dukpy). An attacker-supplied jk can cause the server to execute arb...
CVE-2025-57751 Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs
pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs, resulting in the server CPU being fully occupi...
Remote Code Execution (RCE)
pyloadng is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe path construction in the addcrypted endpoint via the package parameter, which allows unauthenticated attackers to write arbitrary files outside the designated directory, enabling privilege escalation and remot...
PT-2025-34274 · Pyload · Pyload
Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev92 Description: The jk parameter in the pyLoad CNL Blueprint lacks proper verification. This allows a user-supplied jk parameter to be directly passed to dykpy.evaljs, leading to full server CPU utilization...
pyLoad 资源管理错误漏洞
pyLoad is a free open source download manager written in Python by pyLoad Open Source. A resource management error vulnerability exists in pyLoad that stems from insufficient validation of the jk parameter, which could lead to excessive server CPU usage...
CVE-2025-55156
pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter addlinks in API /json/addpackage is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched ...