Lucene search
K

72 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-494 Excessive Attack Surface in pyload-ng

Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...

9.8CVSS5.8AI score0.0072EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.4 views

PYSEC-2026-499 pyload-ng vulnerable to RCE with js2py sandbox escape

Summary Any pyload-ng running under python3.11 or below are vulnerable under RCE. Attacker can send a request containing any shell command and the victim server will execute it immediately. Details js2py has a vulnerability of sandbox escape assigned as CVE-2024-28397, which is used by the...

9.8CVSS6.8AI score0.16513EPSS
Exploits22References7
OSV
OSV
added 2026/06/29 11:50 a.m.4 views

PYSEC-2026-493 pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)

Summary Path Traversal in pyLoad-ng CNL Blueprint via package parameter allows Arbitrary File Write leading to Remote Code Execution RCE The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside...

9.8CVSS6.6AI score0.01191EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/05/11 4:32 p.m.6 views

CVE-2026-42312 pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The option "general",...

6.8CVSS5.8AI score0.00174EPSS
Exploits1References1
CVE
CVE
added 2026/05/11 4:32 p.m.19 views

CVE-2026-42312

pyload-ng contains a vulnerability (CVE-2026-42312) where a non-admin user with SETTINGS permission can disable TLS peer/hostname verification by setting general.ssl_verify off. The root cause is that the option is not in the ADMIN_ONLY_CORE_OPTIONS allowlist, so set_config_value() writes are all...

6.8CVSS5.8AI score0.00174EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 4:30 p.m.7 views

CVE-2026-42313 pyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxy

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The allowlist contains...

8.3CVSS5.8AI score0.00396EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/11 4:30 p.m.35 views

CVE-2026-42313 pyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxy

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The allowlist contains...

8.3CVSS0.00396EPSS
Exploits1References1
CVE
CVE
added 2026/05/11 4:30 p.m.12 views

CVE-2026-42313

Summary of CVE-2026-42313 / pyload-ng: A non-admin user with SETTINGS permission can enable a proxy and point pyload at any attacker-controlled host, causing all outbound traffic (downloads, captcha fetch, update checks, plugin HTTP calls) to be routed through that attacker. The vulnerability ste...

8.3CVSS5.8AI score0.00396EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2026/05/05 9:18 p.m.8 views

Directory Traversal

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Directory Traversal via the setpackagedata function. An attacker can overwrite or create files in arbitrary directories by supplying crafted values to the...

8.1CVSS6.3AI score0.00395EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/04 10:8 p.m.9 views

Server-side Request Forgery (SSRF)

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the setconfigvalue function. An attacker can intercept all outbound HTTP traffic, steal credentials, and inject...

8.7CVSS6AI score0.00396EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/16 1:20 a.m.4 views

Origin Validation Error

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Origin Validation Error via the setsessioncookiesecure function. An attacker can cause session cookies to be issued without the Secure flag or disrupt user...

6.3CVSS5.4AI score0.00171EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 12:4 a.m.3 views

Directory Traversal

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Directory Traversal in the safeextractall function. An attacker can write files outside the intended extraction directory by crafting a malicious tar archiv...

6.5CVSS6.3AI score0.00255EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 12:4 a.m.4 views

Incorrect Authorization

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Incorrect Authorization in the configuration for SSL certificate and key file paths due to incorrect option name checks. An attacker can gain unauthorized...

7.6CVSS5.9AI score0.00142EPSS
Exploits1References2
CVE
CVE
added 2026/04/07 4:9 p.m.11 views

CVE-2026-35586

The vulnerability CVE-2026-35586 affects pyload-ng and stems from an incorrect admin-only configuration guard: the ADMIN_ONLY_CORE_OPTIONS set uses ssl_cert and ssl_key instead of the actual ssl_certfile and ssl_keyfile names, and ssl_certchain was not included. This lets any non-admin user with ...

6.8CVSS5.9AI score0.00142EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 4:9 p.m.3 views

CVE-2026-35586 Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMINONLYCOREOPTIONS authorization set in setconfigvalue uses incorrect option names sslcert and sslkey, while the actual configuration option names are sslcertfile and sslkeyfile. This name mismatch...

6.8CVSS5.9AI score0.00142EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/07 4:9 p.m.19 views

CVE-2026-35586 Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMINONLYCOREOPTIONS authorization set in setconfigvalue uses incorrect option names sslcert and sslkey, while the actual configuration option names are sslcertfile and sslkeyfile. This name mismatch...

6.8CVSS0.00142EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/04 6:43 a.m.4 views

Incorrect Authorization

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Incorrect Authorization via the storagefolder configuration option, which allows a user with SETTINGS and ADD permissions to redirect downloads to the Flask...

8.8CVSS6.3AI score0.00529EPSS
Exploits2References3
Snyk
Snyk
added 2026/04/04 6:41 a.m.1 views

Server-side Request Forgery (SSRF)

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the download function. An authenticated attacker with ADD permission can access internal network resources and sensitive...

9.6CVSS5.9AI score0.00397EPSS
Exploits2References2
Snyk
Snyk
added 2026/03/27 11:24 p.m.4 views

Server-side Request Forgery (SSRF)

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the /api/addPackage endpoint. An attacker can access internal network services and exfiltrate sensitive cloud metadata b...

9.6CVSS6AI score0.00397EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/24 8:32 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the ClickNLoad feature. An attacker can gain unauthorized access to endpoints intended for localhost by...

9.8CVSS6.2AI score0.00422EPSS
Exploits1References2
Rows per page
Query Builder