Pyload

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2024-21645 MEDIUM POC PATCH THREAT This Month

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 71.3%.

Python Code Injection Pyload
NVD GitHub
CVSS 3.1
5.3
EPSS
71.3%
CVE-2024-21644 HIGH POC PATCH THREAT This Month

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint. Attackers can extract this key to forge session cookies, impersonate the administrator, and execute arbitrary code through pyLoad's plugin system.

Authentication Bypass Python Pyload
NVD GitHub
CVSS 3.1
7.5
EPSS
86.5%
CVE-2024-21645
EPSS 71% CVSS 5.3
MEDIUM POC PATCH THREAT This Month

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 71.3%.

Python Code Injection Pyload
NVD GitHub
CVE-2024-21644
EPSS 87% CVSS 7.5
HIGH POC PATCH THREAT This Month

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint. Attackers can extract this key to forge session cookies, impersonate the administrator, and execute arbitrary code through pyLoad's plugin system.

Authentication Bypass Python Pyload
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy