530 matches found
EUVD-2026-32957
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to...
CVE-2026-45348 pyLoad: Stored XSS in Downloads view via unsanitized link URL in packages.js template literal
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to...
CVE-2026-45348 pyLoad: Stored XSS in Downloads view via unsanitized link URL in packages.js template literal
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to...
CVE-2026-45348
CVE-2026-45348 affects pyLoad before version 0.5.0b3.dev100, where an unsanitized link URL interpolated in a template literal within packages.js allows stored XSS in the Downloads view. Attack surface: authenticated operators can submit a package link that injects HTML/JS, which gets rendered via...
CVE-2026-46561 pyLoad: SSRF via HTTP Redirect Bypass in parse_urls API
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest used by the parseurls API. An authenticated attacker can supply a URL pointing to an attacker-controlled server that responds with...
CVE-2026-46561
CVE-2026-46561 concerns pyLoad/pyload-ng SSRF via the parse_urls API. The vulnerability arises because HTTPRequest uses allow_private_ip = True by default, allowing redirects to private IPs to be followed after initial URL validation passes is_global_host. The parse_urls flow validates the initia...
CVE-2026-46561 pyLoad: SSRF via HTTP Redirect Bypass in parse_urls API
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest used by the parseurls API. An authenticated attacker can supply a URL pointing to an attacker-controlled server that responds with...
EUVD-2026-32956
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest used by the parseurls API. An authenticated attacker can supply a URL pointing to an attacker-controlled server that responds with...
pyLoad 安全漏洞
pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev100 contained security vulnerabilities. These vulnerabilities stemmed from the lack of private IP checks based on PREREQFUNCTION being applied to HTTPRequests. Attackers could bypass the isglobalho...
pyLoad 安全漏洞
pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev100 contained security vulnerabilities. These vulnerabilities stemmed from the lack of protection for the Flask session directory during the patching of CVE-2026-33509. Authorized attackers could s...
pyLoad 安全漏洞
pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev100 contained security vulnerabilities. These vulnerabilities stemmed from the packages.js template, which interpolated the stored link URLs into the template literals within HTML tags with single...
CVE-2026-46561
creationtimestamp| type| source ---|---|--- 2026-05-15 08:09:37+00:00| published-proof-of-concept| https://github.com/pyload/pyload/security/advisories/GHSA-8rp3-xc6w-5qp5...
pyLoad Has Incomplete Fix for CVE-2026-33509 -storage_folder Bypass via Session Directory in pyLoad
Summary The fix for CVE-2026-33509 prevents setting storagefolder inside PKGDIR or userdir, but does NOT protect the Flask session directory /tmp/pyLoad/flask. An authenticated attacker can set storagefolder to the session directory and download session files of other users via /files/get/, leadi...
GHSA-W727-595X-PC3R pyLoad Has Incomplete Fix for CVE-2026-33509 -storage_folder Bypass via Session Directory in pyLoad
Summary The fix for CVE-2026-33509 prevents setting storagefolder inside PKGDIR or userdir, but does NOT protect the Flask session directory /tmp/pyLoad/flask. An authenticated attacker can set storagefolder to the session directory and download session files of other users via /files/get/, leadi...
PT-2026-40426
Name of the Vulnerable Software and Affected Versions pyLoad affected versions not specified Description An authenticated attacker with administrative privileges can achieve account takeover by stealing session files of other users. The issue arises because the software fails to block the storage...
CVE-2026-44226
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an...
PYSEC-2026-128
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .. after replacement partial removal, leaving .. which can be exploited when the path is later resolve...
PYSEC-2026-128
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .. after replacement partial removal, leaving .. which can be exploited when the path is later resolve...
CVE-2026-42314
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .. after replacement partial removal, leaving .. which can be exploited when the path is later resolve...
PYSEC-2026-129
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the setpackagedata API function call inside the data object with key "folder", there is no sanitization at all, allowing a user with Perms.MODIFY to specify arbitrary...