530 matches found
PT-2023-16267 · Pyload · Pyload
Name of the Vulnerable Software and Affected Versions: pyload/pyload versions prior to 0.5.0b3.dev41 Description: The issue concerns an excessive attack surface in the GitHub repository pyload/pyload. Recommendations: For versions prior to 0.5.0b3.dev41, update to version 0.5.0b3.dev41 or later t...
PT-2023-16266 · Pyload · Pyload
Name of the Vulnerable Software and Affected Versions: pyload/pyload versions prior to 0.5.0b3.dev40 Description: The issue is related to improper input validation. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where...
CVE-2023-0434 Improper Input Validation in pyload/pyload
Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40...
CVE-2023-0435 Excessive Attack Surface in pyload/pyload
Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...
CVE-2023-0434 Improper Input Validation in pyload/pyload
Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40...
CVE-2023-0434 Improper Input Validation in pyload/pyload
Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40...
CVE-2023-0435 Excessive Attack Surface in pyload/pyload
Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...
PT-2023-8517 · Pyload · Pyload
Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev78 Description: The issue is related to a Cross-Site Request Forgery CSRF attack. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities. Any API...
GHSA-PF38-5P22-X6H6 Code Injection in pyload-ng
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...
Code Injection in pyload-ng
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...
CVE-2023-0297
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...
Code injection
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...
CVE-2023-0297 Code Injection in pyload/pyload
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...
CVE-2023-0297
PyLoad 0.5.0 pre-auth RCE (CVE-2023-0297) via code injection in js2py exposed by the flash/addcrypted2 endpoint. Exploitation is unauthenticated and can be triggered by sending crafted requests to /flash/addcrypted2, enabling remote code execution on affected systems. Multiple connected sources c...
pyload 代码注入漏洞
pyload is a free and open source download manager written in Python, designed to be extremely lightweight, easily extensible and fully manageable over the Web. A code injection vulnerability exists in pyload/pyload 0.5.0b3.dev31 and prior versions, which stems from an attacker being able to...
CVE-2023-0297 Code Injection in pyload/pyload
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...
PT-2023-16152 · Pypi +1 · Js2Py +1
Name of the Vulnerable Software and Affected Versions: pyload/pyload versions prior to 0.5.0b3.dev31 Description: The issue concerns a code injection vulnerability in the pyload/pyload GitHub repository. It allows for pre-authentication remote code execution RCE due to the integration of JavaScri...
CVE-2023-0297 Code Injection in pyload/pyload
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...
GHSA-RV9X-WMW4-44QJ Pyload Insufficient Session Expiration vulnerability
Pyload 0.5.0b3.dev35 has an Insufficient Session Expiration vulnerability. A patch is available and anticipated to be part of version 0.5.0b3.dev36...
Pyload Insufficient Session Expiration vulnerability
Pyload 0.5.0b3.dev35 has an Insufficient Session Expiration vulnerability. A patch is available and anticipated to be part of version 0.5.0b3.dev36...