EUVD-2025-21406

Malicious code in bioql PyPI...

Arbitrary Code Injection

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Arbitrary Code Injection in the CAPTCHA processing code, via the onCaptchaResult function. An attacker could execute arbitrary code in the client browser an...

Arbitrary Code Injection

pyLoad-ng is vulnerable to Arbitrary Code Injection. The vulnerability is due to unsafe JavaScript evaluation caused by insecure CAPTCHA processing logic that allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially on the backend server...

CVE-2025-53890

pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no...

CVE-2025-53890 pyLoad vulnerable to remote code execution through js2py onCaptchaResult

pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no...

CVE-2025-53890

pyload-ng/pyload contains an unsafe JavaScript evaluation vulnerability in the CAPTCHA processing code that allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation does not require user interaction, and can lead to s...