530 matches found
pyLoad 安全漏洞
pyLoad is an open-source download manager written in Python. There were security vulnerabilities in versions of pyLoad from 0.4.20 to 0.5.0b3.dev97. These vulnerabilities stemmed from the localcheck decorator in the ClickNLoad function, which could be bypassed through HTTP header tricks,...
Improper Privilege Management
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Improper Privilege Management via the setconfigvalue function, which allows users with certain permissions to modify configuration options without adequate...
Directory Traversal
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Directory Traversal during the password verification of encrypted 7z archives with non-encrypted headers. An attacker can delete arbitrary files outside the...
CVE-2026-32808
pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives encrypted files with non-encrypted headers, causing arbitrary file deletion outside of the extraction...
EUVD-2026-13435
pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives encrypted files with non-encrypted headers, causing arbitrary file deletion outside of the extraction...
CVE-2026-32808
pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives encrypted files with non-encrypted headers, causing arbitrary file deletion outside of the extraction...
CVE-2026-32808
pyLoad (Python) versions prior to 0.5.0b3.dev97 are vulnerable to a path traversal flaw during password verification of certain encrypted 7z archives (encrypted files with non-encrypted headers). The code derives an archive entry name from the 7z listing and uses it as a filesystem path without c...
CVE-2026-32808 pyLoad: Arbitrary File Deletion via Path Traversal during Encrypted 7z Password Verification
pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives encrypted files with non-encrypted headers, causing arbitrary file deletion outside of the extraction...
CVE-2026-32808 pyLoad: Arbitrary File Deletion via Path Traversal during Encrypted 7z Password Verification
pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives encrypted files with non-encrypted headers, causing arbitrary file deletion outside of the extraction...
PT-2026-26508
Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev97 Description pyLoad, a free and open-source download manager written in Python, is affected by a path traversal issue. This occurs during password verification of specific encrypted 7z archives – those...
pyLoad 路径遍历漏洞
pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev97 contained a path traversal vulnerability. This vulnerability stems from path traversal during password verification, which could lead to the deletion of any file...
PT-2026-26478
Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev97 Description A Host Header Spoofing issue in the @local check decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints,...
CVE-2026-29778
pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...
Relative Path Traversal
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Relative Path Traversal via the editpackage function when processing the packfolder parameter. An attacker can overwrite arbitrary files on the system by...
PYSEC-2026-121
pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...
CVE-2026-29778
pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...
PYSEC-2026-121
pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...
CVE-2026-29778
pyLoad: Arbitrary File Write via Path Traversal in edit_package() is confirmed. Affected range: 0.5.0b3.dev13–0.5.0b3.dev96; fix patched in 0.5.0b3.dev97. The issue stems from insufficient sanitization of pack_folder, relying on a single-pass "../" replacement, which can be bypassed by crafted re...
CVE-2026-29778 pyLoad: Arbitrary File Write via Path Traversal in edit_package()
pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...
CVE-2026-29778 pyLoad: Arbitrary File Write via Path Traversal in edit_package()
pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...