Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/04/07 11:1 p.m.2 views

CVE-2026-35187

pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the parseurls API function in src/pyload/core/api/init.py fetches arbitrary URLs server-side via geturlurl pycurl without any URL validation, protocol restriction, or IP blacklist. An authenticated...

7.7CVSS6AI score0.0004EPSS
Exploits1References1
NVD
NVDadded 2026/04/06 8:16 p.m.2 views

CVE-2026-35187

pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the parseurls API function in src/pyload/core/api/init.py fetches arbitrary URLs server-side via geturlurl pycurl without any URL validation, protocol restriction, or IP blacklist. An authenticated...

7.7CVSS0.0004EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/04/06 7:33 p.m.1 views

CVE-2026-35187

pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the parseurls API function in src/pyload/core/api/init.py fetches arbitrary URLs server-side via geturlurl pycurl without any URL validation, protocol restriction, or IP blacklist. An authenticated...

7.7CVSS6AI score0.0004EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/04/06 7:33 p.m.8 views

CVE-2026-35187

CVE-2026-35187 affects pyload/pyload-ng prior to 0.5.0b3.dev97, where parse_urls(...) calls get_url(url) without URL validation, protocol restriction, or IP blacklist. This enables Server-Side Request Forgery (SSRF) via crafted URLs and multi‑protocol support (http/https, file://, gopher://, dict...

7.7CVSS6AI score0.0004EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/04 12:0 a.m.2 views

PT-2026-30319

Vulnerability Details CWE-918: Server-Side Request Forgery SSRF The parse urls API function in src/pyload/core/api/ init .py line 556 fetches arbitrary URLs server-side via get urlurl pycurl without any URL validation, protocol restriction, or IP blacklist. An authenticated user with ADD permissi...

7.7CVSS6AI score0.0004EPSS
Exploits1References5
SUSE CVE
SUSE CVEadded 2023/02/15 3:22 a.m.1 views

SUSE CVE-2022-42915

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

7.3CVSS9AI score0.00467EPSS
Exploits0References3
Hacker One
Hacker Oneadded 2022/05/10 4:10 p.m.59 views

curl: Integer overflows in unescape_word()

Summary: A similiar issue to CVE-2019-5435 Steps To Reproduce: analysis DICT protocol can use one url like "dict://localhost:3306", and function unescapeword is used to deal with the character in url like this comment c / According to RFC2229 section 2.2, these letters need to be escaped with...

4.3CVSS1.2AI score0.00165EPSS
Exploits1
Nmap
Nmapadded 2012/05/14 9:37 p.m.80 views

dict-info NSE Script

Connects to a dictionary server using the DICT protocol, runs the SHOW SERVER command, and displays the result. The DICT protocol is defined in RFC 2229 and is a protocol which allows a client to query a dictionary server for definitions from a set of natural language dictionary databases. The SH...

10CVSS9.4AI score0.94176EPSS
Exploits33
Rows per page
Query Builder