| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41133 | pyLoad has Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass) | pyload | pyload | High | 8.8 | 2026-04-21 23:41:06 | Deep Dive |
| CVE-2026-40594 | pyLoad: Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition) | pyload | pyload | Medium | 4.8 | 2026-04-21 17:14:04 | Deep Dive |
| CVE-2026-40071 | pyLoad WebUI JSON permission mismatch lets ADD/DELETE users invoke MODIFY-only actions | pyload | pyload | Medium | 5.4 | 2026-04-09 17:36:25 | Deep Dive |
| CVE-2026-35592 | pyLoad has an Incomplete Tar Path Traversal Fix in UnTar._safe_extractall via os.path.commonprefix Bypass | pyload | pyload | Medium | 5.3 | 2026-04-07 16:11:38 | Deep Dive |
| CVE-2026-35586 | Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng | pyload | pyload | Medium | 6.8 | 2026-04-07 16:09:12 | Deep Dive |
| CVE-2026-35464 | pyLoad has an incomplete fix for CVE-2026-33509: unprotected storage_folder enables arbitrary file write to Flask session store and code execution | pyload | pyload | High | 7.5 | 2026-04-07 14:38:02 | Deep Dive |
| CVE-2026-35463 | pyLoad has Improper Neutralization of Special Elements used in an OS Command | pyload | pyload | High | 8.8 | 2026-04-07 14:32:44 | Deep Dive |
| CVE-2026-35459 | pyLoad has SSRF fix bypass via HTTP redirect | pyload | pyload | - | - | 2026-04-06 19:37:01 | Deep Dive |
| CVE-2026-35187 | pyLoad has SSRF in parse_urls API endpoint via unvalidated URL parameter | pyload | pyload | High | 7.7 | 2026-04-06 19:33:07 | Deep Dive |
| CVE-2026-33992 | pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration | pyload | pyload | 高危 | - | 2026-03-27 22:12:40 | Deep Dive |
| CVE-2026-33511 | pyload-ng: Authentication Bypass via Host Header Injection in ClickNLoad | pyload | pyload | 中危 | - | 2026-03-24 18:56:09 | Deep Dive |
| CVE-2026-33509 | pyload-ng: SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration | pyload | pyload | High | 7.5 | 2026-03-24 18:55:37 | Deep Dive |
| CVE-2026-33314 | pyload-ng: Improper Authentication and Origin Validation Error | pyload | pyload | Medium | 6.5 | 2026-03-24 18:52:29 | Deep Dive |
| CVE-2026-32808 | pyLoad: Arbitrary File Deletion via Path Traversal during Encrypted 7z Password Verification | pyload | pyload | High | 8.1 | 2026-03-20 01:45:07 | Deep Dive |
| CVE-2026-29778 | pyLoad: Arbitrary File Write via Path Traversal in edit_package() | pyload | pyload | High | 7.1 | 2026-03-07 15:28:37 | Deep Dive |
| CVE-2025-61773 | pyLoad CNL and captcha handlers allow code Injection via unsanitized parameters | pyload | pyload | High | 8.1 | 2025-10-09 20:49:54 | Deep Dive |
| CVE-2025-57751 | Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs | pyload | pyload | - | - | 2025-08-21 18:27:05 | Deep Dive |
| CVE-2025-55156 | PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter | pyload | pyload | - | - | 2025-08-11 22:21:52 | Deep Dive |
| CVE-2025-54802 | pyLoad CNL Blueprint is vulnerable to Path Traversal through `dlc_path` leading to Remote Code Execution (RCE) | pyload | pyload | Critical | 9.8 | 2025-08-05 00:06:49 | Deep Dive |
| CVE-2025-54140 | pyLoad has Path Traversal Vulnerability in json/upload Endpoint that allows Arbitrary File Write | pyload | pyload | High | 7.5 | 2025-07-22 21:34:31 | Deep Dive |