EUVD-2026-33915

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5...

GHSA-9GJJ-6GJ7-C4WJ Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs

Dear Maintainers, I am writing to you on behalf of the Tencent AI Sec. We have identified a potential vulnerability in one of your products and would like to report it to you for further investigation and mitigation. Summary The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of...

PT-2025-34274 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev92 Description: The jk parameter in the pyLoad CNL Blueprint lacks proper verification. This allows a user-supplied jk parameter to be directly passed to dykpy.evaljs, leading to full server CPU utilization...

CVE-2025-54802

CVE-2025-54802 concerns pyload-ng’s addcrypted endpoint, where a path-traversal via the package parameter enables arbitrary file writes outside the designated storage dir, potentially causing remote code execution as root. The vulnerability arises from unsafe path construction in the CNL Blueprin...