By weakness (CWE)
CWE-706: related vulnerabilities
CVEs classified under CWE-706. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
1 published vulnerability
- CVE-2026-45306MEDIUM 6.5
pyLoad, a Python-based download manager, contains a directory traversal weakness that allows authenticated users to access other users' session files. An attacker with login credentials can manipulate the storage folder setting to point to a sensitive Flask session directory and then download session tokens belonging to other accounts. This could enable account takeover without requiring additional exploitation. The vulnerability exists because a prior security fix addressed some directory restrictions but overlooked the Flask session storage location.