3 matches found
CVE-2025-57751 Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs
pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs, resulting in the server CPU being fully occupi...
CVE-2025-54802 pyLoad CNL Blueprint is vulnerable to Path Traversal through `dlc_path` leading to Remote Code Execution (RCE)
pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution RCE. The addcrypted...
CVE-2025-54802
CVE-2025-54802 concerns pyload-ng’s addcrypted endpoint, where a path-traversal via the package parameter enables arbitrary file writes outside the designated storage dir, potentially causing remote code execution as root. The vulnerability arises from unsafe path construction in the CNL Blueprin...