CVE-2026-29778

pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...

Relative Path Traversal

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Relative Path Traversal via the editpackage function when processing the packfolder parameter. An attacker can overwrite arbitrary files on the system by...

CVE-2026-29778

pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...

CVE-2026-29778

pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...

pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad from 0.5.0b3.dev13 to 0.5.0b3.dev96 contain security vulnerabilities. These vulnerabilities stem from insufficient cleanup of the packfolder parameter in the editpackage function, which may lead to path traversal...

pyLoad has an Arbitrary File Write via Path Traversal in edit_package()

The editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be bypassed using crafted recursive traversal sequences. Exploitation An authenticated user with MODIFY permission can...