530 matches found
CVE-2025-54140
Summary: pyLoad (v0.5.0b3.dev89 affected) exposes an authenticated path traversal via the /json/upload endpoint where the uploaded file’s name is not sanitized, enabling arbitrary file writes outside the intended directory. This can lead to Remote Code Execution, local privilege escalation, and s...
CVE-2025-54140 pyLoad has Path Traversal Vulnerability in json/upload Endpoint that allows Arbitrary File Write
pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload...
CVE-2025-54140 pyLoad has Path Traversal Vulnerability in json/upload Endpoint that allows Arbitrary File Write
pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload...
pyLoad 路径遍历漏洞
pyLoad is pyLoad open source a free open source download manager written in Python. A path traversal vulnerability exists in pyLoad version 0.5.0b3.dev89, which stems from a path traversal in the /json/upload endpoint that could lead to arbitrary file writes...
`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write
Summary An authenticated path traversal vulnerability exists in the /json/upload endpoint of the pyLoad By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload directory, allowing them to write arbitrary files to any location on the system accessible ...
PT-2025-30362 · Pyload · Pyload
Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev90 Description: pyLoad contains an authenticated path traversal vulnerability in the /json/upload endpoint. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended...
Arbitrary Code Injection
pyLoad-ng is vulnerable to Arbitrary Code Injection. The vulnerability is due to unsafe JavaScript evaluation caused by insecure CAPTCHA processing logic that allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially on the backend server...
CVE-2025-53890
pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no...
GHSA-8W3F-4R8F-PF53 pyLoad vulnerable to XSS through insecure CAPTCHA
Summary An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in sessi...
pyLoad vulnerable to XSS through insecure CAPTCHA
Summary An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in sessi...
CVE-2025-53890
pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no...
CVE-2025-53890 pyLoad vulnerable to remote code execution through js2py onCaptchaResult
pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no...
CVE-2025-53890 pyLoad vulnerable to remote code execution through js2py onCaptchaResult
pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no...
CVE-2025-53890 pyLoad vulnerable to remote code execution through js2py onCaptchaResult
pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no...
PT-2025-29530 · Pyload · Pyload
Name of the Vulnerable Software and Affected Versions: pyload versions prior to 0.5.0b3.dev89 Description: pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to...
pyLoad 代码注入漏洞
pyLoad is a free and open source download manager written in Python by pyLoad Open Source. A code injection vulnerability exists in pyLoad that stems from an insecure JavaScript evaluation that could lead to remote code execution...
pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages
Summary Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages. Details Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages. Thi...
GHSA-X698-5HJM-W2M5 pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages
Summary Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages. Details Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages. Thi...
Improper Preservation of Permissions
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Improper Preservation of Permissions via the host header. An attacker can gain unauthorized access and create arbitrary packages by sending crafted requests...
pyLoad 安全漏洞
pyLoad is a free and open source download manager written in Python by pyLoad Open Source. A security vulnerability exists in pyLoad that originates from an unauthenticated attacker being able to bypass the localhost limit to create arbitrary packages...