Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

pyload — Vulnerabilities & Security Advisories 37

Browse all 37 CVE security advisories affecting pyload. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products pyload:pyloadpyload/pyload
CVE IDTitleCVSSSeverityPaused
CVE-2026-41133 pyLoad has Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass) — pyloadCWE-613 8.8 High2026-04-21
CVE-2026-40594 pyLoad: Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition) — pyloadCWE-346 4.8 Medium2026-04-21
CVE-2026-40071 pyLoad WebUI JSON permission mismatch lets ADD/DELETE users invoke MODIFY-only actions — pyloadCWE-863 5.4 Medium2026-04-09
CVE-2026-35592 pyLoad has an Incomplete Tar Path Traversal Fix in UnTar._safe_extractall via os.path.commonprefix Bypass — pyloadCWE-22 5.3 Medium2026-04-07
CVE-2026-35586 Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng — pyloadCWE-863 6.8 Medium2026-04-07
CVE-2026-35464 pyLoad has an incomplete fix for CVE-2026-33509: unprotected storage_folder enables arbitrary file write to Flask session store and code execution — pyloadCWE-502 7.5 High2026-04-07
CVE-2026-35463 pyLoad has Improper Neutralization of Special Elements used in an OS Command — pyloadCWE-78 8.8 High2026-04-07
CVE-2026-35459 pyLoad has SSRF fix bypass via HTTP redirect — pyloadCWE-918 4.6AIMediumAI2026-04-06
CVE-2026-35187 pyLoad has SSRF in parse_urls API endpoint via unvalidated URL parameter — pyloadCWE-918 7.7 High2026-04-06
CVE-2026-33992 pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration — pyloadCWE-918 7.7 -2026-03-27
CVE-2026-33511 pyload-ng: Authentication Bypass via Host Header Injection in ClickNLoad — pyloadCWE-639 8.2 -2026-03-24
CVE-2026-33509 pyload-ng: SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration — pyloadCWE-269 7.5 High2026-03-24
CVE-2026-33314 pyload-ng: Improper Authentication and Origin Validation Error — pyloadCWE-287 6.5 Medium2026-03-24
CVE-2026-32808 pyLoad: Arbitrary File Deletion via Path Traversal during Encrypted 7z Password Verification — pyloadCWE-22 8.1 High2026-03-20
CVE-2026-29778 pyLoad: Arbitrary File Write via Path Traversal in edit_package() — pyloadCWE-23 7.1 High2026-03-07
CVE-2025-61773 pyLoad CNL and captcha handlers allow code Injection via unsanitized parameters — pyloadCWE-74 8.1 High2025-10-09
CVE-2025-57751 Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs — pyloadCWE-400 6.5AIMediumAI2025-08-21
CVE-2025-55156 PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter — pyloadCWE-89 9.1AICriticalAI2025-08-11
CVE-2025-54802 pyLoad CNL Blueprint is vulnerable to Path Traversal through `dlc_path` leading to Remote Code Execution (RCE) — pyloadCWE-22 9.8 Critical2025-08-05
CVE-2025-54140 pyLoad has Path Traversal Vulnerability in json/upload Endpoint that allows Arbitrary File Write — pyloadCWE-22 7.5 High2025-07-22
CVE-2025-53890 pyLoad vulnerable to remote code execution through js2py onCaptchaResult — pyloadCWE-94 9.8 Critical2025-07-14
CVE-2025-7346 pyLoad 安全漏洞 — PyloadCWE-281 6.2AIMediumAI2025-07-08
CVE-2024-1240 Open Redirection in pyload/pyload — pyload/pyloadCWE-601 6.1AIMediumAI2024-11-15
CVE-2024-47821 pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API — pyloadCWE-78 9.1 Critical2024-10-25
CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE — pyloadCWE-434 9.1 Critical2024-04-26
CVE-2024-24808 pyLoad open redirect vulnerability due to improper validation of the is_safe_url function — pyloadCWE-601 4.7 Medium2024-02-06
CVE-2024-22416 Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation — pyloadCWE-352 9.7 Critical2024-01-17
CVE-2024-21644 pyLoad unauthenticated flask configuration leakage — pyloadCWE-284 7.5 High2024-01-08
CVE-2024-21645 pyLoad Log Injection — pyloadCWE-74 5.3 Medium2024-01-08
CVE-2023-0509 Improper Certificate Validation in pyload/pyload — pyload/pyloadCWE-295 7.4 -2023-01-26

This page lists every published CVE security advisory associated with pyload. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.