Lucene search
K

537 matches found

Nuclei
Nuclei
added 8 hours ago133 views

pyload-ng js2py - Remote Code Execution

An issue in the component js2py.disablepyimport of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call. id: CVE-2024-28397 info: name: pyload-ng js2py - Remote Code Execution author: iamnoooob,rootxharsh,pdresearch severity: medium description: | An issue in the...

5.3CVSS7.1AI score0.04548EPSS
Exploits22References2
Nuclei
Nuclei
added 8 hours ago44 views

pyLoad Flask Config - Access Control

pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. This issue has been patched in version 0.5.0b3.dev77. id: CVE-2024-21644 info: name: pyLoad Flask Config ...

7.5CVSS7AI score0.42173EPSS
Exploits1References5
Nuclei
Nuclei
added 8 hours ago63 views

pyload - Log Injection

A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. id: CVE-2024-21645 info: name: pyload - Log Injection author: isacaya severity: medium description: | A log injection...

5.3CVSS6.2AI score0.24513EPSS
Exploits1References3
OSV
OSV
added 6 days ago5 views

PYSEC-2026-495 pyLoad: SSRF filter bypass via HTTP redirect in BaseDownloader (Incomplete fix for CVE-2026-33992)

Summary The fix for CVE-2026-33992 GHSA-m74m-f7cr-432x added IP validation to BaseDownloader.download that checks the hostname of the initial download URL. However, pycurl is configured with FOLLOWLOCATION=1 and MAXREDIRS=10, causing it to automatically follow HTTP redirects. Redirect targets are...

9.3CVSS5.8AI score0.00397EPSS
Exploits2References7
OSV
OSV
added 6 days ago5 views

PYSEC-2026-497 pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration

Summary PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery SSRF attacks. An authenticated attacker can exploit this to access internal network services and exfiltrate cloud provider metadata. On DigitalOcean droplets, this exposes sensitive...

9.3CVSS6AI score0.00397EPSS
Exploits1References6
OSV
OSV
added 6 days ago4 views

PYSEC-2026-498 Code Injection in pyload-ng

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...

9.8CVSS7.4AI score0.96988EPSS
Exploits13References7
OSV
OSV
added 6 days ago5 views

PYSEC-2026-494 Excessive Attack Surface in pyload-ng

Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...

9.8CVSS5.8AI score0.0072EPSS
Exploits1References6
OSV
OSV
added 6 days ago4 views

PYSEC-2026-499 pyload-ng vulnerable to RCE with js2py sandbox escape

Summary Any pyload-ng running under python3.11 or below are vulnerable under RCE. Attacker can send a request containing any shell command and the victim server will execute it immediately. Details js2py has a vulnerability of sandbox escape assigned as CVE-2024-28397, which is used by the...

9.8CVSS6.8AI score0.16513EPSS
Exploits22References7
OSV
OSV
added 6 days ago4 views

PYSEC-2026-493 pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)

Summary Path Traversal in pyLoad-ng CNL Blueprint via package parameter allows Arbitrary File Write leading to Remote Code Execution RCE The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside...

9.8CVSS6.6AI score0.01141EPSS
Exploits1References7
OSV
OSV
added 6 days ago6 views

PYSEC-2026-496 pyLoad vulnerable to XSS through insecure CAPTCHA

Summary An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in sessi...

9.8CVSS6.5AI score0.01144EPSS
Exploits0References7
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.83 views

PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. id: CVE-2023-0297 info: name: PyLoad 0.5.0 - Pre-auth Remote Code Execution RCE author: MrHarshvardhan,DhiyaneshDk severity: critical description: | Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...

9.8CVSS7AI score0.96988EPSS
Exploits14References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.8 views

CVE-2026-45306

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prevents setting storagefolder inside PKGDIR or userdir, but does NOT protect the Flask session directory /tmp/pyLoad/flask. An authenticated attacker can set storagefolder to...

6.5CVSS5.5AI score0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.9 views

CVE-2026-42314

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .. after replacement partial removal, leaving .. which can be exploited when the path is later resolve...

6.5CVSS5.4AI score0.00342EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.9 views

CVE-2026-46561

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest used by the parseurls API. An authenticated attacker can supply a URL pointing to an attacker-controlled server that responds with...

5CVSS5.5AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.9 views

CVE-2026-40594

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted prox...

4.8CVSS5.5AI score0.00171EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.8 views

CVE-2026-44226

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an...

5.3CVSS5.5AI score0.00336EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.9 views

CVE-2026-35586

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMINONLYCOREOPTIONS authorization set in setconfigvalue uses incorrect option names sslcert and sslkey, while the actual configuration option names are sslcertfile and sslkeyfile. This name mismatch...

6.8CVSS5.4AI score0.00142EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.9 views

CVE-2026-41133

pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache role and permission in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database...

8.8CVSS7.4AI score0.00325EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.7 views

CVE-2026-45348

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to...

8.7CVSS5.5AI score0.00199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.8 views

CVE-2026-42313

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The allowlist contains...

8.3CVSS5.4AI score0.00396EPSS
Exploits1References1
Rows per page
Query Builder