10 matches found
CVE-2026-33509
pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97, the setconfigvalue API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option...
CVE-2026-33509
pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97, the setconfigvalue API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option...
CVE-2026-33509 pyload-ng: SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration
pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97, the setconfigvalue API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option...
CVE-2026-33509
pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97, the setconfigvalue API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option...
CVE-2026-33509 pyload-ng: SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration
pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97, the setconfigvalue API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option...
CVE-2026-33509
CVE-2026-33509 affects pyLoad (versions 0.4.0 up to
Improper Privilege Management
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Improper Privilege Management via the setconfigvalue function, which allows users with certain permissions to modify configuration options without adequate...
GHSA-R7MC-X6X7-CQXX pyLoad SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration
Summary The setconfigvalue API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option controls a file path that is passed directly to subprocess.run in the thread manager's reconnect logic. A SETTINGS...
pyLoad SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration
Summary The setconfigvalue API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option controls a file path that is passed directly to subprocess.run in the thread manager's reconnect logic. A SETTINGS...
PT-2026-26792
Name of the Vulnerable Software and Affected Versions: pyLoad versions 0.4.0 through 0.5.0b3.dev96 Description: pyLoad, a free and open-source download manager written in Python, contains a flaw in the set config value API endpoint. Users with the non-admin SETTINGS permission can modify any...