Lucene search
K

6 matches found

EUVD
EUVD
added 2026/06/23 4:13 p.m.9 views

EUVD-2026-38497

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file downloa...

6.1CVSS5.8AI score0.00268EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 4:13 p.m.20 views

CVE-2026-50019

CVE-2026-50019 affects yt-dlp when curl is used as an external downloader. The root cause is that cookies may be leaked to unintended hosts during HTTP redirects or when download fragments’ host differs from the manifest, because cookies sent via --cookie are not activated unless loaded from a fi...

7.4CVSS5.8AI score0.00268EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/23 4:13 p.m.2 views

CVE-2026-50019 yt-dlp: File Downloader cookie leak with curl

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file downloa...

6.1CVSS5.9AI score0.00268EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/16 8:16 p.m.12 views

yt-dlp: File Downloader cookie leak with curl

Summary If curl is used an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. This is the equivalent to GHSA-v8mc-9377-rwjj for the curl downloader. The vulnerable behavior is...

7.4CVSS5.3AI score0.00268EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.6 views

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2022-27779)

libcurl wrongly allows cookies to be set for Top Level Domains TLDs if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's cookie engine can bebuilt with or without Public Suffix Listawareness. If PSL support not provided, a more rudimentary check...

5.3CVSS6.6AI score0.02414EPSS
Exploits1References4
Microsoft CVE
Microsoft CVE
added 2022/06/15 7:0 a.m.5 views

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.

...

5.3CVSS6.5AI score0.02414EPSS
Exploits1
Rows per page
Query Builder