VIR Vulnerability Intelligence Relay

Package impact

PIP / pyload-ng

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-42312 medium 6.8 6.8 16d ago pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates … python
CVE-2026-42315 medium 6.5 6.5 16d ago pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_… python
CVE-2026-42314 medium 6.5 6.5 16d ago pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .._ … python
CVE-2026-46561 medium 5.5 6d ago pyload-ng: SSRF via HTTP Redirect Bypass in parse_urls API python
CVE-2026-45306 medium 5.5 13d ago pyLoad Has Incomplete Fix for CVE-2026-33509 -storage_folder Bypass via Session Directory in pyLoad python
CVE-2026-44226 medium 5.3 5.3 16d ago PyLoad vulnerable to unauthenticated traceback disclosure via global exception handler in WebUI python