Vulnerabilidades em Pyload
45 resultadosCVE-2023-0055LOWSensitive Cookie in HTTPS Session Without 'Secure' Attribute in pyload/pyloadEPSS 0.4%CVE-2026-33511HIGHpyload-ng: Authentication Bypass via Host Header Injection in ClickNLoadEPSS 0.4%CVE-2026-33992CRITICALpyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata ExfiltrationEPSS 0.4%CVE-2026-42313HIGHpyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxyEPSS 0.4%CVE-2026-42315HIGHpyLoad: Path Traversal via Package Folder Name in set_package_dataEPSS 0.4%CVE-2025-61773HIGHpyLoad CNL and captcha handlers allow code Injection via unsanitized parametersEPSS 0.4%CVE-2026-42314MEDIUMpyLoad: Path Traversal via Package Folder NameEPSS 0.3%CVE-2026-44226MEDIUMpyLoad: Unauthenticated traceback disclosure via global exception handler in WebUIEPSS 0.3%CVE-2026-32808HIGHpyLoad: Arbitrary File Deletion via Path Traversal during Encrypted 7z Password VerificationEPSS 0.3%CVE-2026-41133HIGHpyLoad has Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass)EPSS 0.3%CVE-2024-1240MEDIUMOpen Redirection in pyload/pyloadEPSS 0.3%CVE-2025-7346HIGHAny unauthenticated attacker can bypass the localhost
restrictions posed by the application and utilize this to create
arbitrary packagesEPSS 0.3%CVE-2025-55156HIGHPyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameterEPSS 0.3%CVE-2025-57751HIGHDenial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljsEPSS 0.3%CVE-2026-35459CRITICALpyLoad has SSRF fix bypass via HTTP redirectEPSS 0.3%CVE-2026-35187HIGHpyLoad has SSRF in parse_urls API endpoint via unvalidated URL parameterEPSS 0.3%CVE-2026-35592MEDIUMpyLoad has an Incomplete Tar Path Traversal Fix in UnTar._safe_extractall via os.path.commonprefix BypassEPSS 0.3%CVE-2026-45306MEDIUMpyLoad: Incomplete Fix for CVE-2026-33509 -storage_folder Bypass via Session DirectoryEPSS 0.2%CVE-2026-40071MEDIUMpyLoad WebUI JSON permission mismatch lets ADD/DELETE users invoke MODIFY-only actionsEPSS 0.2%CVE-2026-45348HIGHpyLoad: Stored XSS in Downloads view via unsanitized link URL in packages.js template literalEPSS 0.2%