CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

530 matches found

CVE•added 2024/10/28 12:0 a.m.•139 views

CVE-2024-39205

CVE-2024-39205 affects pyload-ng (v0.5.0b3.dev85 and earlier) on Python 3.11 or below, exposing remote code execution via the /flash/addcrypted2 API. The root cause is the js2py sandbox escape (CVE-2024-28397) leveraged to bypass localhost access and run arbitrary commands on the host. Public dis...

9.8CVSS8AI score0.16513EPSS

Exploits4References3

GithubExploit•added 2024/10/26 1:1 a.m.•205 views

Exploit for CVE-2024-39205

CVE-2024-39205-Pyload-RCE Pyload RCE with js2py sandbox escape...

9.8CVSS6.8AI score0.16513EPSS

Exploits22

PyPA•added 2024/10/25 11:15 p.m.•7 views

PYSEC-2024-302

pyLoad is a free and open-source Download Manager. The folder /.pyload/scripts has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be...

9.1CVSS6.7AI score0.00679EPSS

Exploits1References1Affected Software1

NVD•added 2024/10/25 11:15 p.m.•11 views

CVE-2024-47821

9.1CVSS0.00679EPSS

Exploits1References1

OSV•added 2024/10/25 11:15 p.m.•5 views

PYSEC-2024-302

2.3CVSS6.7AI score0.00679EPSS

Exploits1References1

Vulnrichment•added 2024/10/25 10:48 p.m.•18 views

CVE-2024-47821 pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API

9.1CVSS8.3AI score0.00679EPSS

Exploits1References1

Cvelist•added 2024/10/25 10:48 p.m.•23 views

CVE-2024-47821 pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API

9.1CVSS0.00679EPSS

Exploits1References1

CVE•added 2024/10/25 10:48 p.m.•111 views

CVE-2024-47821

Summary (CVE-2024-47821) : pyLoad, a Python-based Download Manager, contains a flaw in the scripts folder execution. In affected versions prior to 0.5.0b3.dev87, an attacker who can modify the download folder to a path under /.pyload/scripts and trigger the /flashgot API can cause the server to d...

9.1CVSS9.6AI score0.00679EPSS

Exploits1References1Affected Software1

OSV•added 2024/10/25 10:48 p.m.•3 views

CVE-2024-47821 pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API

9.1CVSS8.5AI score0.00679EPSS

Exploits1References3

CNNVD•added 2024/10/25 12:0 a.m.•3 views

pyLoad 操作系统命令注入漏洞

pyLoad is pyLoad open source a free open source download manager written in Python. An OS command injection vulnerability exists in pyLoad version 0.5.0, which stems from improper privilege handling and allows an attacker to remotely execute code by changing the download folder to the /scripts pa...

9.1CVSS7.6AI score0.00679EPSS

Exploits1References1

Positive Technologies•added 2024/10/25 12:0 a.m.•4 views

PT-2024-32833 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev87 Description: The vulnerability allows an attacker with access to change the settings on a pyload server to execute arbitrary code and completely compromise the system. This is achieved by downloading an...

9.1CVSS7.7AI score0.00679EPSS

Exploits1References8

GithubExploit•added 2024/10/04 12:3 p.m.•264 views

Exploit for Code Injection in Pyload

CVE-2023-0297 RCE in pyload prior to 0.5.0...

9.8CVSS9.5AI score0.96988EPSS

Exploits13

OSV•added 2024/09/09 6:17 p.m.•36 views

GHSA-R9PP-R4XF-597R pyload-ng vulnerable to RCE with js2py sandbox escape

Summary Any pyload-ng running under python3.11 or below are vulnerable under RCE. Attacker can send a request containing any shell command and the victim server will execute it immediately. Details js2py has a vulnerability of sandbox escape assigned as CVE-2024-28397, which is used by the...

9.8CVSS5.8AI score0.16513EPSS

Exploits22References5

Github Security Blog•added 2024/09/09 6:17 p.m.•39 views

pyload-ng vulnerable to RCE with js2py sandbox escape

9.8CVSS7AI score0.16513EPSS

Exploits4References5Affected Software1

Positive Technologies•added 2024/09/09 12:0 a.m.•5 views

PT-2024-7641 · Python +2 · Python +2

Name of the Vulnerable Software and Affected Versions: pyload-ng version 0.5.0b3.dev85 pyload running under python3.11 or below Description: The issue is related to insufficient input validation in the pyload software, allowing a remote attacker to execute arbitrary code by sending a specially...

10CVSS6.3AI score0.16513EPSS

Exploits22References16

NVD•added 2024/04/26 6:15 p.m.•12 views

CVE-2024-32880

pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication...

9.1CVSS9.4AI score0.01343EPSS

Exploits1References1

Vulnrichment•added 2024/04/26 5:30 p.m.•12 views

CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE

9.1CVSS7.5AI score0.01343EPSS

Exploits1References1

OSV•added 2024/04/26 5:30 p.m.•4 views

CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE

9.1CVSS8AI score0.01343EPSS

Exploits1References3

Cvelist•added 2024/04/26 5:30 p.m.•20 views

CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE

9.1CVSS9.6AI score0.01343EPSS

Exploits1References1

CNNVD•added 2024/04/26 12:0 a.m.•4 views

pyload 安全漏洞

pyload is a free and open source download manager written in Python, designed to be extremely lightweight, easily extensible and fully manageable over the Web. pyload has a security vulnerability. An authenticated user could change the download folder and upload carefully crafted templates to a...

9.1CVSS7.9AI score0.01343EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by