530 matches found
CVE-2025-55156
creationtimestamp| type| source ---|---|--- 2025-08-09 22:45:37+00:00| published-proof-of-concept| https://github.com/pyload/pyload/security/advisories/GHSA-pwh4-6r3m-j2rf...
CVE-2025-54802
pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution RCE. The addcrypted...
CVE-2025-54802
pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution RCE. The addcrypted...
CVE-2025-54802 pyLoad CNL Blueprint is vulnerable to Path Traversal through `dlc_path` leading to Remote Code Execution (RCE)
pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution RCE. The addcrypted...
CVE-2025-54802
CVE-2025-54802 concerns pyload-ng’s addcrypted endpoint, where a path-traversal via the package parameter enables arbitrary file writes outside the designated storage dir, potentially causing remote code execution as root. The vulnerability arises from unsafe path construction in the CNL Blueprin...
CVE-2025-54802 pyLoad CNL Blueprint is vulnerable to Path Traversal through `dlc_path` leading to Remote Code Execution (RCE)
pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution RCE. The addcrypted...
pyLoad 安全漏洞
pyLoad is a free open source download manager written in Python by pyLoad Open Source. A security vulnerability exists in pyLoad 0.5.0b3.dev89 and earlier versions, which stems from a path traversal vulnerability that could lead to arbitrary file writes and remote code execution...
GHSA-48RP-JC79-2264 pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)
Summary Path Traversal in pyLoad-ng CNL Blueprint via package parameter allows Arbitrary File Write leading to Remote Code Execution RCE The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside...
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)
Summary Path Traversal in pyLoad-ng CNL Blueprint via package parameter allows Arbitrary File Write leading to Remote Code Execution RCE The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside...
Directory Traversal
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Directory Traversal via the addcrypted endpoint when processing the package parameter. An attacker can achieve arbitrary file write and execute malicious co...
PT-2025-31885 · Pyload · Pyload
Name of the Vulnerable Software and Affected Versions: pyLoad versions 0.5.0b3.dev89 and below Description: pyLoad is a free and open-source Download Manager written in pure Python. A path traversal vulnerability exists in the pyLoad-ng CNL Blueprint via the package parameter, allowing arbitrary...
Arbitrary Code Injection
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Arbitrary Code Injection in the CAPTCHA processing code, via the onCaptchaResult function. An attacker could execute arbitrary code in the client browser an...
GHSA-3WWM-HJV7-23R3 Pyload log Injection via API /json/add_package in add_name parameter
Summary A log injection vulnerability was identified in pyload in API /json/addpackage. This vulnerability allows user with add packages permission to inject arbitrary messages into the logs gathered by pyload. Details pyload will generate a log entry when creating new package using API...
Arbitrary Code Injection
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Arbitrary Code Injection via improper handling of the addname parameter in the /json/addpackage API endpoint. An attacker can inject arbitrary log entries b...
Pyload log Injection via API /json/add_package in add_name parameter
Summary A log injection vulnerability was identified in pyload in API /json/addpackage. This vulnerability allows user with add packages permission to inject arbitrary messages into the logs gathered by pyload. Details pyload will generate a log entry when creating new package using API...
PT-2025-32447 · Pypi · Pyload-Ng
Summary A log injection vulnerability was identified in pyload in API /json/add package. This vulnerability allows user with add packages permission to inject arbitrary messages into the logs gathered by pyload. Details pyload will generate a log entry when creating new package using API /json/ad...
CVE-2025-54140
pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload...
Directory Traversal
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Directory Traversal via the json/upload endpoint when the filename parameter is manipulated. An attacker can write arbitrary files to any location accessibl...
CVE-2025-54140
pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload...
CVE-2025-54140 pyLoad has Path Traversal Vulnerability in json/upload Endpoint that allows Arbitrary File Write
pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload...