Lucene search
K

4 matches found

OSV
OSV
added 3 days ago5 views

PYSEC-2026-495 pyLoad: SSRF filter bypass via HTTP redirect in BaseDownloader (Incomplete fix for CVE-2026-33992)

Summary The fix for CVE-2026-33992 GHSA-m74m-f7cr-432x added IP validation to BaseDownloader.download that checks the hostname of the initial download URL. However, pycurl is configured with FOLLOWLOCATION=1 and MAXREDIRS=10, causing it to automatically follow HTTP redirects. Redirect targets are...

9.3CVSS5.8AI score0.00397EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:32 p.m.2 views

CVE-2026-35463

pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMINONLYOPTIONS protection mechanism restricts security-critical configuration values reconnect scripts, SSL certs, proxy credentials to admin-only access. However, this protection is only...

8.8CVSS6.2AI score0.00815EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/04 6:41 a.m.6 views

GHSA-7GVF-3W72-P2PG pyLoad: SSRF filter bypass via HTTP redirect in BaseDownloader (Incomplete fix for CVE-2026-33992)

Summary The fix for CVE-2026-33992 GHSA-m74m-f7cr-432x added IP validation to BaseDownloader.download that checks the hostname of the initial download URL. However, pycurl is configured with FOLLOWLOCATION=1 and MAXREDIRS=10, causing it to automatically follow HTTP redirects. Redirect targets are...

9.3CVSS6AI score0.00397EPSS
Exploits2References5
BDU FSTEC
BDU FSTEC
added 2024/11/07 12:0 a.m.4 views

The vulnerability of the software for downloading pyload files is related to insufficient validation of input data, allowing a perpetrator to execute arbitrary code.

The vulnerability of the software for downloading pyload files is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted HTTP request remotely...

10CVSS8.1AI score0.16513EPSS
Exploits4References4Affected Software1
Rows per page
Query Builder