530 matches found
CVE-2026-29778 pyLoad: Arbitrary File Write via Path Traversal in edit_package()
pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...
pyLoad 安全漏洞
pyLoad is an open-source download manager written in Python. Versions of pyLoad from 0.5.0b3.dev13 to 0.5.0b3.dev96 contain security vulnerabilities. These vulnerabilities stem from insufficient cleanup of the packfolder parameter in the editpackage function, which may lead to path traversal...
GHSA-6PX9-J4QR-XFJW pyLoad has an Arbitrary File Write via Path Traversal in edit_package()
The editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be bypassed using crafted recursive traversal sequences. Exploitation An authenticated user with MODIFY permission can...
pyLoad has an Arbitrary File Write via Path Traversal in edit_package()
The editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be bypassed using crafted recursive traversal sequences. Exploitation An authenticated user with MODIFY permission can...
CVE-2024-39205
An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...
CVE-2025-61773
pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed...
CVE-2025-61773
pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed...
CVE-2025-61773 pyLoad CNL and captcha handlers allow code Injection via unsanitized parameters
pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed...
CVE-2025-61773
pyLoad (pre-0.5.0b3.dev91) web UI input validation is insufficient in the Captcha script endpoint and the Click'N'Load (CNL) blueprint, allowing untrusted input to be processed unsafely and enabling client-side code execution (XSS) or other unintended behavior. A patch exists in version 0.5.0b3.d...
CVE-2025-61773 pyLoad CNL and captcha handlers allow code Injection via unsanitized parameters
pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed...
CVE-2025-61773 pyLoad CNL and captcha handlers allow code Injection via unsanitized parameters
pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed...
EUVD-2025-33353
pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed...
pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters
Summary pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed unsafely, which could be exploited by an attacker to inject arbitrary content into the web UI or...
GHSA-CJJF-27CC-PVMV pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters
Summary pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load CNL Blueprint. This flaw allowed untrusted user input to be processed unsafely, which could be exploited by an attacker to inject arbitrary content into the web UI or...
Cross-site Scripting (XSS)
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized parameters in the cnlblueprint.py. An attacker can execute arbitrary JavaScript code in the context of a user's...
PT-2025-41449
Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev91 Description pyLoad is a free and open-source download manager written in Python. Versions prior to 0.5.0b3.dev91 have insufficient input validation in the web interface, specifically in the Captcha script...
pyLoad 安全漏洞
pyLoad is a free and open source download manager written in Python by pyLoad Open Source. A security vulnerability exists in pyLoad versions prior to 0.5.0b3.dev91, which stems from insufficient input validation in the Captcha script endpoint and Click N Load Blueprint, and could lead to...
CVE-2025-61773
creationtimestamp| type| source ---|---|--- 2025-10-08 23:26:16+00:00| published-proof-of-concept| https://github.com/pyload/pyload/security/advisories/GHSA-cjjf-27cc-pvmv...
EUVD-2024-3149
Malicious code in bioql PyPI...
EUVD-2023-0366
Malicious code in bioql PyPI...