pyload
Consumer Softwareoss-project
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting pyload.
- CVE-2026-45306pyLoad: Incomplete Fix for CVE-2026-33509 -storage_folder Bypass via Session Directory6.5
- CVE-2026-45348pyLoad: Stored XSS in Downloads view via unsanitized link URL in packages.js template literal8.7
- CVE-2026-46561pyLoad: SSRF via HTTP Redirect Bypass in parse_urls API5.0
- CVE-2026-44226pyLoad: Unauthenticated traceback disclosure via global exception handler in WebUI5.3
- CVE-2026-42315pyLoad: Path Traversal via Package Folder Name in set_package_data8.1
- CVE-2026-42314pyLoad: Path Traversal via Package Folder Name6.5
- CVE-2026-42312pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification6.8
- CVE-2026-42313pyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxy8.3
- CVE-2026-41133pyLoad has Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass)8.8
- CVE-2026-40594pyLoad: Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)4.8
- CVE-2026-40071pyLoad WebUI JSON permission mismatch lets ADD/DELETE users invoke MODIFY-only actions5.4
- CVE-2026-35592pyLoad has an Incomplete Tar Path Traversal Fix in UnTar._safe_extractall via os.path.commonprefix Bypass5.3
- CVE-2026-35586Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng6.8
- CVE-2026-35464pyLoad has an incomplete fix for CVE-2026-33509: unprotected storage_folder enables arbitrary file write to Flask session store and code execution7.5
- CVE-2026-35463pyLoad has Improper Neutralization of Special Elements used in an OS Command8.8