CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

pyLoad is an open-source download manager written in Python. By default, pyLoad is configured with a default username and password allowing any attacker to log in to the application and have full access to its functionality. An attacker can leverage this vulnerability to perform further attacks...

7AI score

Exploits0References2

Tenable Nessus•added 2025/10/03 12:0 a.m.•3 views

pyLoad < 0.5.0b3.dev76 Improper Access Control

pyLoad version prior to 0.5.0b3.dev76 is affected by an Improper Access Control vulnerability. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. An attacker can leverage this vulnerability to perform further attacks against the...

7.5CVSS7.5AI score0.42173EPSS

Exploits1References2

GithubExploit•added 2025/09/06 11:39 a.m.•247 views

Exploit for CVE-2024-28397

🚨 Remote Code Execution – CVE-2024-28397 pyload-ng / js2py...

5.3CVSS7.6AI score0.04548EPSS

Exploits22

RedhatCVE•added 2025/08/23 6:36 p.m.•3 views

CVE-2025-57751

pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs, resulting in the server CPU being fully occupi...

8.7CVSS6.2AI score0.003EPSS

Exploits0References1

OSV•added 2025/08/21 8:11 p.m.•2 views

GHSA-9GJJ-6GJ7-C4WJ Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs

Dear Maintainers, I am writing to you on behalf of the Tencent AI Sec. We have identified a potential vulnerability in one of your products and would like to report it to you for further investigation and mitigation. Summary The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of...

8.7CVSS7.1AI score0.003EPSS

Exploits0References3