Directory Traversal

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Directory Traversal via the addcrypted endpoint when processing the package parameter. An attacker can achieve arbitrary file write and execute malicious co...

PT-2025-31885 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyLoad versions 0.5.0b3.dev89 and below Description: pyLoad is a free and open-source Download Manager written in pure Python. A path traversal vulnerability exists in the pyLoad-ng CNL Blueprint via the package parameter, allowing arbitrary...

Arbitrary Code Injection

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Arbitrary Code Injection in the CAPTCHA processing code, via the onCaptchaResult function. An attacker could execute arbitrary code in the client browser an...

GHSA-3WWM-HJV7-23R3 Pyload log Injection via API /json/add_package in add_name parameter

Summary A log injection vulnerability was identified in pyload in API /json/addpackage. This vulnerability allows user with add packages permission to inject arbitrary messages into the logs gathered by pyload. Details pyload will generate a log entry when creating new package using API...

Arbitrary Code Injection

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Arbitrary Code Injection via improper handling of the addname parameter in the /json/addpackage API endpoint. An attacker can inject arbitrary log entries b...

Pyload log Injection via API /json/add_package in add_name parameter

Summary A log injection vulnerability was identified in pyload in API /json/addpackage. This vulnerability allows user with add packages permission to inject arbitrary messages into the logs gathered by pyload. Details pyload will generate a log entry when creating new package using API...

PT-2025-32447 · Pypi · Pyload-Ng

Summary A log injection vulnerability was identified in pyload in API /json/add package. This vulnerability allows user with add packages permission to inject arbitrary messages into the logs gathered by pyload. Details pyload will generate a log entry when creating new package using API /json/ad...

CVE-2025-54140

pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload...

Directory Traversal

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Directory Traversal via the json/upload endpoint when the filename parameter is manipulated. An attacker can write arbitrary files to any location accessibl...

CVE-2025-54140

pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload...

CVE-2025-54140 pyLoad has Path Traversal Vulnerability in json/upload Endpoint that allows Arbitrary File Write

pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload...

CVE-2025-54140

Summary: pyLoad (v0.5.0b3.dev89 affected) exposes an authenticated path traversal via the /json/upload endpoint where the uploaded file’s name is not sanitized, enabling arbitrary file writes outside the intended directory. This can lead to Remote Code Execution, local privilege escalation, and s...

CVE-2025-54140 pyLoad has Path Traversal Vulnerability in json/upload Endpoint that allows Arbitrary File Write

pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload...

CVE-2025-54140 pyLoad has Path Traversal Vulnerability in json/upload Endpoint that allows Arbitrary File Write

pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload...

pyLoad 路径遍历漏洞

pyLoad is pyLoad open source a free open source download manager written in Python. A path traversal vulnerability exists in pyLoad version 0.5.0b3.dev89, which stems from a path traversal in the /json/upload endpoint that could lead to arbitrary file writes...

`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write

Summary An authenticated path traversal vulnerability exists in the /json/upload endpoint of the pyLoad By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload directory, allowing them to write arbitrary files to any location on the system accessible ...

PT-2025-30362 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev90 Description: pyLoad contains an authenticated path traversal vulnerability in the /json/upload endpoint. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended...

Arbitrary Code Injection

pyLoad-ng is vulnerable to Arbitrary Code Injection. The vulnerability is due to unsafe JavaScript evaluation caused by insecure CAPTCHA processing logic that allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially on the backend server...

CVE-2025-53890

pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no...

GHSA-8W3F-4R8F-PF53 pyLoad vulnerable to XSS through insecure CAPTCHA

Summary An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in sessi...