Lucene search
K

4 matches found

Veracode
Veracode
added 2025/08/13 7:21 a.m.5 views

Log Injection

pyload-ng is vulnerable to Log Injection. The vulnerability is due to improper input sanitization due to failure to filter user-supplied data in the /json/addpackage API, allowing attackers with package addition permissions to inject arbitrary messages into application logs...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/08/12 12:13 a.m.9 views

PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter

Summary The parameter addlinks in the API /json/addpackage is vulnerable to SQL Injection. SQL injection vulnerabilities can lead to sensitive data leakage. Details - Affected file:https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/filedatabase.pyL271 - Affected code: python...

8.8CVSS8.2AI score0.00303EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/08/12 12:13 a.m.34 views

GHSA-PWH4-6R3M-J2RF PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter

Summary The parameter addlinks in the API /json/addpackage is vulnerable to SQL Injection. SQL injection vulnerabilities can lead to sensitive data leakage. Details - Affected file:https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/filedatabase.pyL271 - Affected code: python...

8.8CVSS8.2AI score0.00303EPSS
Exploits0References5
Snyk
Snyk
added 2025/07/30 1:18 p.m.2 views

Arbitrary Code Injection

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Arbitrary Code Injection via improper handling of the addname parameter in the /json/addpackage API endpoint. An attacker can inject arbitrary log entries b...

5.3CVSS7.3AI score
Exploits0References2
Rows per page
Query Builder