Pyload-ng Project

Pyload-ng

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-33511

Exploit
  • EPSS 0.42%
  • Veröffentlicht 24.03.2026 18:56:08
  • Zuletzt bearbeitet 26.03.2026 20:29:49

pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the local_check decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofin...

8.8

CVE-2026-33509

Exploit
  • EPSS 0.53%
  • Veröffentlicht 24.03.2026 18:55:37
  • Zuletzt bearbeitet 26.03.2026 20:47:02

pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97, the set_config_value() API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option withou...

6.5

CVE-2026-33314

Exploit
  • EPSS 0.18%
  • Veröffentlicht 24.03.2026 18:52:28
  • Zuletzt bearbeitet 26.03.2026 12:01:09

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @local_check decorator allows unauthenticated external attackers to bypass local-only restrictions. This ...

8.1

CVE-2026-32808

Exploit
  • EPSS 0.33%
  • Veröffentlicht 20.03.2026 02:16:34
  • Zuletzt bearbeitet 26.03.2026 18:36:48

pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives (encrypted files with non-encrypted headers), causing ar...

6.5

CVE-2026-29778

Exploit
  • EPSS 0.52%
  • Veröffentlicht 07.03.2026 15:28:36
  • Zuletzt bearbeitet 11.03.2026 22:09:15

pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the edit_package() function implements insufficient sanitization for the pack_folder parameter. The current protection relies on a singl...

9.8

CVE-2025-54802

Exploit
  • EPSS 1.14%
  • Veröffentlicht 05.08.2025 00:06:48
  • Zuletzt bearbeitet 09.10.2025 17:32:39

pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to...

9.8

CVE-2024-39205

  • EPSS 16.51%
  • Veröffentlicht 28.10.2024 20:15:05
  • Zuletzt bearbeitet 15.04.2026 00:35:42

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request.

8.8

CVE-2024-22416

Exploit
  • EPSS 0.95%
  • Veröffentlicht 18.01.2024 00:15:38
  • Zuletzt bearbeitet 21.11.2024 08:56:14

pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possib...

7.4

CVE-2023-0509

Exploit
  • EPSS 0.53%
  • Veröffentlicht 26.01.2023 22:15:26
  • Zuletzt bearbeitet 21.11.2024 07:37:18

Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44.

5.4

CVE-2023-0488

Exploit
  • EPSS 0.82%
  • Veröffentlicht 26.01.2023 22:15:26
  • Zuletzt bearbeitet 21.11.2024 07:37:16

Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42.