CVE-2025-7346

Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages...

pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages

Summary Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages. Details Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages. Thi...

GHSA-X698-5HJM-W2M5 pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages

Summary Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages. Details Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages. Thi...

GHSA-2WCM-VX67-3X4Q Duplicate Advisory: GHSA-x698-5hjm-w2m5

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-x698-5hjm-w2m5. This link is maintained to preserve external references. Original Description Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to creat...

Duplicate Advisory: GHSA-x698-5hjm-w2m5

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-x698-5hjm-w2m5. This link is maintained to preserve external references. Original Description Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to creat...

CVE-2025-7346

Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages...

CVE-2025-7346

Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages...

CVE-2025-7346

Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages...

CVE-2025-7346

Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages...

pyLoad 安全漏洞

pyLoad is a free and open source download manager written in Python by pyLoad Open Source. A security vulnerability exists in pyLoad that originates from an unauthenticated attacker being able to bypass the localhost limit to create arbitrary packages...

PT-2025-28355 · Pyload +1 · Pyload +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An unauthenticated attacker can bypass the localhost restrictions imposed by the application, allowing them to create arbitrary packages. Recommendations: At the moment, there is no...

📄 ABB Cylon Aspect 3.08.04 DeploySource Unauthenticated Remote Code Execution

ABB Cylon Aspect BMS/BAS version 3.08.04 is vulnerable to a critical flaw in the AuthenticatedHttpServlet within its application server, enabling remote attackers to bypass authentication by setting the Host: 127.0.0.1 header. This deceives the server into processing requests as if they originate...

GHSA-WMJH-CPQJ-4V6X Gradio CORS Origin Validation Bypass Vulnerability

A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function isvalidorigin of the component CORS Handler. The manipulation of the argument localhostaliases leads to origin validation error. It is possible to initiate the attack remotely. Th...

Origin Validation Error

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Origin Validation Error through the isvalidorigin function. An attacker can manipulate the origin validation by altering the localhostaliases argumen...

CVE-2025-5320

CVE-2025-5320 affects gradio-app/gradio up to version 5.29.1. The vulnerability lies in the CORS Handler’s is_valid_origin function, where manipulating the localhost_aliases argument can lead to an origin validation error and potential privilege escalation. Exploitation is described as remote wit...

PT-2025-23161 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: gradio-app gradio versions up to 5.29.1 Description: A vulnerability has been found in the function is valid origin of the component CORS Handler. The manipulation of the argument localhost aliases leads to an origin validation error. It is...

Gradio 访问控制错误漏洞

Gradio, an open source Python library from Gradio Open Source, is a method for demonstrating machine learning models through a friendly web interface. An access control error vulnerability exists in Gradio versions 5.29.1 and earlier, which stems from an incorrect validation of the localhostalias...

CVE-2024-23639

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

CVE-2024-10372

A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function downloadmodel of the file buzz/modelloader.py. The manipulation leads to insecure temporary file. It is possible to launch the attack on the local host. The complexity of an...

CVE-2023-26455

RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require...