EUVD-2018-19381

Malware in sbrugna...

EUVD-2022-52062

Malicious code in bioql PyPI...

CVE-2025-55911

An issue Clip Bucket v.5.5.2 Build90 allows a remote attacker to execute arbitrary codes via the filedownloader.php and the file parameter...

CVE-2025-55911

An issue Clip Bucket v.5.5.2 Build90 allows a remote attacker to execute arbitrary codes via the filedownloader.php and the file parameter...

CVE-2025-55911

CVE-2025-55911 affects ClipBucket v5.5.2 Build#90. Multiple sources describe a vulnerability in actions/file_downloader.php where the file parameter enables a server-side request/command path that can lead to remote code execution. Exploitation could allow an authenticated user to trigger SSRF or...

ClipBucket 安全漏洞

ClipBucket is an open source and freely downloadable PHP script from MacWarrior Open Source. It is used for sharing video sites. A security vulnerability exists in ClipBucket version v.5.5.2 Build90, which stems from improper handling of the file parameter in filedownloader.php, which could lead ...

CVE-2025-55911

An issue Clip Bucket v.5.5.2 Build90 allows a remote attacker to execute arbitrary codes via the filedownloader.php and the file parameter...

PT-2025-38406

Name of the Vulnerable Software and Affected Versions Clip Bucket version 5.5.2 Build90 Description An issue allows a remote attacker to execute arbitrary code via the file downloader.php file and the file parameter. Recommendations At the moment, there is no information about a newer version tha...

ClipBucket 5.5.2 Build #90 - Server-Side Request Forgery (SSRF)

Exploit Title: ClipBucket 5.5.2 Build 90 - Server-Side Request Forgery SSRF Google Dork: N/A Date: 2025-09-11 Exploit Author: Mukundsinh Solanki r00td3str0y3r Vendor Homepage: https://clipbucket.com Software Link: https://github.com/MacWarrior/clipbucket-v5 Version: 5.5.2 Build 90 Tested on: Ubun...

Malicious code in file_downloader_sakib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89b472882107a6f4f9aab1e84c4d4da6dc75509d335db53e6943f1d85a3618b4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-9939

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory...

WordPress plugin WordPress File Upload 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress WordPress File Upload plugin <= 4.24.13 - Unauthenticated Path Traversal to Arbitrary File Read in wfu_file_downloader.php vulnerability

Unauthenticated Path Traversal to Arbitrary File Read in wfufiledownloader.php vulnerability discovered by abrahack in WordPress Plugin WordPress File Upload versions = 4.24.13...

PT-2025-1667

Name of the Vulnerable Software and Affected Versions WordPress File Upload plugin versions up to, and including, 4.24.15 Description The WordPress File Upload plugin is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion due to the lack of proper sanitization of...

yt-dlp File Downloader cookie leak

Impact During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host. This vulnerable behavior is present in all versions of...

GHSA-V8MC-9377-RWJJ yt-dlp File Downloader cookie leak

Impact During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host. This vulnerable behavior is present in all versions of...

CVE-2023-35934 yt-dlp File Downloader cookie leak

yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host...

CVE-2023-35934

yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host...

CVE-2023-35934 yt-dlp File Downloader cookie leak

yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host...

CVE-2023-35934 yt-dlp File Downloader cookie leak

yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host...