Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

pyload — Vulnerabilities & Security Advisories 28

All 28 CVE vulnerabilities found in pyload, with AI-generated Chinese analysis, references, and POCs.

Vendor: pyload

CVE IDTitleCVSSSeverityPaused
CVE-2026-41133 pyLoad has Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass) CWE-613 8.8 High2026-04-21
CVE-2026-40594 pyLoad: Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition) CWE-346 4.8 Medium2026-04-21
CVE-2026-40071 pyLoad WebUI JSON permission mismatch lets ADD/DELETE users invoke MODIFY-only actions CWE-863 5.4 Medium2026-04-09
CVE-2026-35592 pyLoad has an Incomplete Tar Path Traversal Fix in UnTar._safe_extractall via os.path.commonprefix Bypass CWE-22 5.3 Medium2026-04-07
CVE-2026-35586 Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng CWE-863 6.8 Medium2026-04-07
CVE-2026-35464 pyLoad has an incomplete fix for CVE-2026-33509: unprotected storage_folder enables arbitrary file write to Flask session store and code execution CWE-502 7.5 High2026-04-07
CVE-2026-35463 pyLoad has Improper Neutralization of Special Elements used in an OS Command CWE-78 8.8 High2026-04-07
CVE-2026-35459 pyLoad has SSRF fix bypass via HTTP redirect CWE-918 4.6AIMediumAI2026-04-06
CVE-2026-35187 pyLoad has SSRF in parse_urls API endpoint via unvalidated URL parameter CWE-918 7.7 High2026-04-06
CVE-2026-33992 pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration CWE-918 7.7 -2026-03-27
CVE-2026-33511 pyload-ng: Authentication Bypass via Host Header Injection in ClickNLoad CWE-639 8.2 -2026-03-24
CVE-2026-33509 pyload-ng: SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration CWE-269 7.5 High2026-03-24
CVE-2026-33314 pyload-ng: Improper Authentication and Origin Validation Error CWE-287 6.5 Medium2026-03-24
CVE-2026-32808 pyLoad: Arbitrary File Deletion via Path Traversal during Encrypted 7z Password Verification CWE-22 8.1 High2026-03-20
CVE-2026-29778 pyLoad: Arbitrary File Write via Path Traversal in edit_package() CWE-23 7.1 High2026-03-07
CVE-2025-61773 pyLoad CNL and captcha handlers allow code Injection via unsanitized parameters CWE-74 8.1 High2025-10-09
CVE-2025-57751 Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs CWE-400 6.5AIMediumAI2025-08-21
CVE-2025-55156 PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter CWE-89 9.1AICriticalAI2025-08-11
CVE-2025-54802 pyLoad CNL Blueprint is vulnerable to Path Traversal through `dlc_path` leading to Remote Code Execution (RCE) CWE-22 9.8 Critical2025-08-05
CVE-2025-54140 pyLoad has Path Traversal Vulnerability in json/upload Endpoint that allows Arbitrary File Write CWE-22 7.5 High2025-07-22
CVE-2025-53890 pyLoad vulnerable to remote code execution through js2py onCaptchaResult CWE-94 9.8 Critical2025-07-14
CVE-2025-7346 pyLoad 安全漏洞 CWE-281 6.2AIMediumAI2025-07-08
CVE-2024-47821 pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API CWE-78 9.1 Critical2024-10-25
CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE CWE-434 9.1 Critical2024-04-26
CVE-2024-24808 pyLoad open redirect vulnerability due to improper validation of the is_safe_url function CWE-601 4.7 Medium2024-02-06
CVE-2024-22416 Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation CWE-352 9.7 Critical2024-01-17
CVE-2024-21644 pyLoad unauthenticated flask configuration leakage CWE-284 7.5 High2024-01-08
CVE-2024-21645 pyLoad Log Injection CWE-74 5.3 Medium2024-01-08

All 28 known CVE vulnerabilities affecting pyload with full Chinese analysis, references, and POCs where available.