Lucene search
K

5 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.4 views

PYSEC-2026-499 pyload-ng vulnerable to RCE with js2py sandbox escape

Summary Any pyload-ng running under python3.11 or below are vulnerable under RCE. Attacker can send a request containing any shell command and the victim server will execute it immediately. Details js2py has a vulnerability of sandbox escape assigned as CVE-2024-28397, which is used by the...

9.8CVSS6.8AI score0.16513EPSS
Exploits22References7
Github Security Blog
Github Security Blog
added 2025/08/21 8:11 p.m.11 views

Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs

Dear Maintainers, I am writing to you on behalf of the Tencent AI Sec. We have identified a potential vulnerability in one of your products and would like to report it to you for further investigation and mitigation. Summary The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of...

8.7CVSS7.1AI score0.003EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/21 8:11 p.m.3 views

GHSA-9GJJ-6GJ7-C4WJ Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs

Dear Maintainers, I am writing to you on behalf of the Tencent AI Sec. We have identified a potential vulnerability in one of your products and would like to report it to you for further investigation and mitigation. Summary The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of...

8.7CVSS7.1AI score0.003EPSS
Exploits0References3
Metasploit
Metasploit
added 2024/11/15 6:53 p.m.2012 views

Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)

CVE-2024-28397 is sandbox escape in js2py use exploit/linux/http/pyloadjs2pycve202439205 msf exploitpyloadjs2pycve202439205 show targets ...targets... msf exploitpyloadjs2pycve202439205 set TARGET msf exploitpyloadjs2pycve202439205 show options ...show and set options... msf...

9.8CVSS7.7AI score0.16513EPSS
Exploits22
Packet Storm
Packet Storm
added 2023/02/22 12:0 a.m.377 views

pyLoad js2py Python Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'pyLoad js2py Python Execution', 'Description' = %q pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code...

9.8CVSS9.6AI score0.95845EPSS
Exploits13
Rows per page
Query Builder