Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Veracode
Veracodeadded 2025/07/23 6:22 a.m.3 views

Remote Code Execution (RCE)

pyloadng is vulnerable to Path Traversal. The vulnerability is due to improper validation of uploaded filenames in the /json/upload endpoint, which allows an attacker to traverse directories and write arbitrary files to any location accessible to the pyLoad process...

7.5CVSS6.3AI score0.01564EPSS
Exploits0References5Affected Software1
Veracode
Veracodeadded 2025/07/09 4:20 a.m.3 views

Access Control Bypass

pyloadng is vulnerable to Access Control Bypass. The vulnerability is due to improper enforcement of access control rules for localhost-restricted functionality, which allows unauthenticated attackers to bypass security checks and perform unauthorized actions such as creating arbitrary packages...

8.7CVSS6.6AI score0.00739EPSS
Exploits0References5Affected Software1
Veracode
Veracodeadded 2024/11/05 12:53 p.m.13 views

Remote Code Execution (RCE)

pyloadng is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient restrictions on the /.pyload/scripts folder, allowing executable files to run automatically when certain actions, like completing a download, are triggered. Attackers can exploit this by downloading an...

9.1CVSS7.3AI score0.01807EPSS
Exploits1References3Affected Software1
Veracode
Veracodeadded 2024/02/06 8:3 a.m.11 views

Open Redirect

pyloadng is vulnerable to Open Redirect. The vulnerability is due to the issafeurl and getredirecturl functions within helpers.py improperly validating redirect URLs, which allows an attacker to redirect users to arbitrary domains after login...

7.1AI score
Exploits0
Veracode
Veracodeadded 2023/11/22 7:10 a.m.6 views

Path Traversal

pyloadng is vulnerable to Path Traversal. The vulnerability is due to the editpackage function in jsonblueprint.py because it lacks the ability to filter some relative paths. This allows an attacker to upload a payload with ../ or ..\ as part of the packfolder name. This can lead to directory...

8.8CVSS7.5AI score0.00343EPSS
Exploits1References4Affected Software1
Veracode
Veracodeadded 2023/02/27 11:48 p.m.22 views

Insufficient Session Expiration

pyloadng is vulnerable to Insufficient Session Expiration. The vulnerability exists because a user session does not expire in another browser if an admin deletes a user which allows an attacker to recreate the deleted users and perform unauthorized tasks...

6.5CVSS6.1AI score0.00078EPSS
Exploits1References4Affected Software1
Veracode
Veracodeadded 2023/02/17 7:29 a.m.19 views

Improper Certificate Validation

pyloadng is vulnerable to Improper Certificate Validation. The vulnerability exists in httprequest.py due to improper SSL certificate validation which allows an attacker to intercept data over HTTPS connections...

7.4CVSS7AI score0.00143EPSS
Exploits1References5Affected Software1
Veracode
Veracodeadded 2023/01/13 10:12 a.m.19 views

Information Disclosure

pyloadng is vulnerable to Information Disclosure. The absence of the secure attribute for sensitive cookies in HTTPS sessions allows a remote attacker to gain access to cookies in plaintext over an HTTP session...

5.3CVSS5.6AI score0.00145EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder