Pyload

Pyload

35 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-33314

Exploit
  • EPSS 0.01%
  • Veröffentlicht 24.03.2026 18:52:28
  • Zuletzt bearbeitet 26.03.2026 12:01:09

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @local_check decorator allows unauthenticated external attackers to bypass local-only restrictions. This ...

8.1

CVE-2026-32808

Exploit
  • EPSS 0.09%
  • Veröffentlicht 20.03.2026 02:16:34
  • Zuletzt bearbeitet 26.03.2026 18:36:48

pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives (encrypted files with non-encrypted headers), causing ar...

6.5

CVE-2026-29778

Exploit
  • EPSS 0.02%
  • Veröffentlicht 07.03.2026 15:28:36
  • Zuletzt bearbeitet 11.03.2026 22:09:15

pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the edit_package() function implements insufficient sanitization for the pack_folder parameter. The current protection relies on a singl...

8.1

CVE-2025-61773

  • EPSS 0.04%
  • Veröffentlicht 09.10.2025 20:49:53
  • Zuletzt bearbeitet 15.04.2026 00:35:42

pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load (CNL) Blueprint. This flaw ...

7.7

CVE-2025-57751

  • EPSS 0.07%
  • Veröffentlicht 21.08.2025 18:27:04
  • Zuletzt bearbeitet 15.04.2026 00:35:42

pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs(...

7.8

CVE-2025-55156

  • EPSS 0.03%
  • Veröffentlicht 11.08.2025 22:21:52
  • Zuletzt bearbeitet 15.04.2026 00:35:42

pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing ...

9.8

CVE-2025-54802

Exploit
  • EPSS 1.21%
  • Veröffentlicht 05.08.2025 00:06:48
  • Zuletzt bearbeitet 09.10.2025 17:32:39

pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to...

7.5

CVE-2025-54140

  • EPSS 0.59%
  • Veröffentlicht 22.07.2025 21:34:30
  • Zuletzt bearbeitet 15.04.2026 00:35:42

pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an atta...

9.8

CVE-2025-53890

  • EPSS 0.64%
  • Veröffentlicht 15.07.2025 00:15:24
  • Zuletzt bearbeitet 15.04.2026 00:35:42

pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentiall...

8.7

CVE-2025-7346

  • EPSS 0.34%
  • Veröffentlicht 08.07.2025 07:05:11
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages