CVE-2026-35459

pyLoad (Python download manager) is affected by an SSRF bypass in versions up to 0.5.0b3.dev96 where the fix for CVE-2026-33992 added IP validation to BaseDownloader.download(), but pycurl is configured to FOLLOWLOCATION=1 with MAXREDIRS=10, so redirects are automatically followed and not validat...

CVE-2026-33509

pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97, the setconfigvalue API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option...

PYSEC-2026-121

pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...

EUVD-2023-0366

Malicious code in bioql PyPI...

PT-2023-16266 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyload/pyload versions prior to 0.5.0b3.dev40 Description: The issue is related to improper input validation. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where...