Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.23 views

EUVD-2025-24185

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00303EPSS
Exploits0References4
Veracode
Veracode
added 2025/09/02 6:57 a.m.4 views

SQL Injection

pyloadng is vulnerable to SQL Injection. The vulnerability is due to improper handling of the addlinks parameter in the /json/addpackage API, which allows an attacker to modify or delete database data leading to errors or loss...

8.8CVSS7.6AI score0.00303EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/08/12 12:13 a.m.16 views

GHSA-PWH4-6R3M-J2RF PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter

Summary The parameter addlinks in the API /json/addpackage is vulnerable to SQL Injection. SQL injection vulnerabilities can lead to sensitive data leakage. Details - Affected file:https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/filedatabase.pyL271 - Affected code: python...

8.8CVSS8.2AI score0.00303EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/08/12 12:13 a.m.9 views

PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter

Summary The parameter addlinks in the API /json/addpackage is vulnerable to SQL Injection. SQL injection vulnerabilities can lead to sensitive data leakage. Details - Affected file:https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/filedatabase.pyL271 - Affected code: python...

8.8CVSS8.2AI score0.00303EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/08/11 11:15 p.m.36 views

CVE-2025-55156

pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter addlinks in API /json/addpackage is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched ...

8.8CVSS0.00303EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/11 10:21 p.m.1 views

CVE-2025-55156 PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter

pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter addlinks in API /json/addpackage is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched ...

8.8CVSS7.7AI score0.00303EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/11 10:21 p.m.29 views

CVE-2025-55156 PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter

pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter addlinks in API /json/addpackage is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched ...

8.8CVSS0.00303EPSS
Exploits0References3
OSV
OSV
added 2025/08/11 10:21 p.m.3 views

CVE-2025-55156 PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter

pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter addlinks in API /json/addpackage is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched ...

8.8CVSS7.2AI score0.00303EPSS
Exploits0References5
CVE
CVE
added 2025/08/11 10:21 p.m.29 views

CVE-2025-55156

PyLoad (the Python-based download manager) contains a SQL Injection in the add_links parameter of the /json/add_package API. The issue allows attackers to modify or delete data in the database, causing data errors or loss. A patch was released in version 0.5.0b3.dev91; upgrading to this version (...

8.8CVSS7.7AI score0.00303EPSS
Exploits0References3
Rows per page
Query Builder