Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2025/08/21 8:11 p.m.9 views

Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs

Dear Maintainers, I am writing to you on behalf of the Tencent AI Sec. We have identified a potential vulnerability in one of your products and would like to report it to you for further investigation and mitigation. Summary The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of...

8.7CVSS7.1AI score0.003EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2025/08/21 6:49 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the jk parameter in the CNL Blueprint process. An attacker can cause the server CPU to become fully...

8.7CVSS7AI score0.003EPSS
Exploits0References2
OSV
OSV
added 2025/08/21 6:27 p.m.7 views

CVE-2025-57751 Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs

pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs, resulting in the server CPU being fully occupi...

8.7CVSS6.9AI score0.003EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/05 12:6 a.m.12 views

CVE-2025-54802 pyLoad CNL Blueprint is vulnerable to Path Traversal through `dlc_path` leading to Remote Code Execution (RCE)

pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution RCE. The addcrypted...

9.8CVSS0.01191EPSS
Exploits1References3
CVE
CVE
added 2025/08/05 12:6 a.m.26 views

CVE-2025-54802

CVE-2025-54802 concerns pyload-ng’s addcrypted endpoint, where a path-traversal via the package parameter enables arbitrary file writes outside the designated storage dir, potentially causing remote code execution as root. The vulnerability arises from unsafe path construction in the CNL Blueprin...

9.8CVSS8.5AI score0.01191EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder