Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Veracode
Veracodeadded 2025/07/23 6:22 a.m.4 views

Remote Code Execution (RCE)

pyloadng is vulnerable to Path Traversal. The vulnerability is due to improper validation of uploaded filenames in the /json/upload endpoint, which allows an attacker to traverse directories and write arbitrary files to any location accessible to the pyLoad process...

7.5CVSS6.3AI score0.00645EPSS
Exploits0References5Affected Software1
Veracode
Veracodeadded 2025/07/09 4:20 a.m.5 views

Access Control Bypass

pyloadng is vulnerable to Access Control Bypass. The vulnerability is due to improper enforcement of access control rules for localhost-restricted functionality, which allows unauthenticated attackers to bypass security checks and perform unauthorized actions such as creating arbitrary packages...

8.7CVSS6.6AI score0.00315EPSS
Exploits0References5Affected Software1
Veracode
Veracodeadded 2024/11/05 12:53 p.m.14 views

Remote Code Execution (RCE)

pyloadng is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient restrictions on the /.pyload/scripts folder, allowing executable files to run automatically when certain actions, like completing a download, are triggered. Attackers can exploit this by downloading an...

9.1CVSS7.3AI score0.00679EPSS
Exploits1References3Affected Software1
Veracode
Veracodeadded 2024/02/06 8:3 a.m.12 views

Open Redirect

pyloadng is vulnerable to Open Redirect. The vulnerability is due to the issafeurl and getredirecturl functions within helpers.py improperly validating redirect URLs, which allows an attacker to redirect users to arbitrary domains after login...

7.1AI score
Exploits0
Veracode
Veracodeadded 2023/11/22 7:10 a.m.8 views

Path Traversal

pyloadng is vulnerable to Path Traversal. The vulnerability is due to the editpackage function in jsonblueprint.py because it lacks the ability to filter some relative paths. This allows an attacker to upload a payload with ../ or ..\ as part of the packfolder name. This can lead to directory...

8.8CVSS7.5AI score0.01088EPSS
Exploits1References4Affected Software1
Veracode
Veracodeadded 2023/02/27 11:48 p.m.23 views

Insufficient Session Expiration

pyloadng is vulnerable to Insufficient Session Expiration. The vulnerability exists because a user session does not expire in another browser if an admin deletes a user which allows an attacker to recreate the deleted users and perform unauthorized tasks...

6.5CVSS6.1AI score0.00655EPSS
Exploits1References4Affected Software1
Veracode
Veracodeadded 2023/02/17 7:29 a.m.20 views

Improper Certificate Validation

pyloadng is vulnerable to Improper Certificate Validation. The vulnerability exists in httprequest.py due to improper SSL certificate validation which allows an attacker to intercept data over HTTPS connections...

7.4CVSS7AI score0.00526EPSS
Exploits1References5Affected Software1
Veracode
Veracodeadded 2023/01/13 10:12 a.m.21 views

Information Disclosure

pyloadng is vulnerable to Information Disclosure. The absence of the secure attribute for sensitive cookies in HTTPS sessions allows a remote attacker to gain access to cookies in plaintext over an HTTP session...

5.3CVSS5.6AI score0.00436EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder