57 matches found
CVE-2026-33735
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the /api/settings/import-database endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a fu...
CVE-2026-33890
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated attacker can register an arbitrary passkey and subsequently authenticate with it to obtain a full admin session. The application exposes passkey registration endpoints without...
CVE-2026-33935 MyTube has Unauthenticated Account Lockout via Shared Login Attempt State
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three password verification...
EUVD-2026-16521
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three password verification...
CVE-2026-33890 MyTube has an Unauthenticated Admin Privilege Escalation via Passkey Registration
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated attacker can register an arbitrary passkey and subsequently authenticate with it to obtain a full admin session. The application exposes passkey registration endpoints without...
EUVD-2026-16519
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated attacker can register an arbitrary passkey and subsequently authenticate with it to obtain a full admin session. The application exposes passkey registration endpoints without...
CVE-2026-33890 MyTube has an Unauthenticated Admin Privilege Escalation via Passkey Registration
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated attacker can register an arbitrary passkey and subsequently authenticate with it to obtain a full admin session. The application exposes passkey registration endpoints without...
CVE-2026-33735
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the /api/settings/import-database endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a fu...
CVE-2026-33735
MyTube is affected by an authorization bypass in the /api/settings/import-database endpoint (and related POST routes) that lets low-privilege attackers upload and replace the application’s SQLite database, enabling full compromise. The issue precedes version 1.8.69, which contains the fix. Impact...
CVE-2026-33735 MyTube has an Improper Access Control that Allows Complete Application Takeover
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the /api/settings/import-database endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a fu...
CVE-2026-33735 MyTube has an Improper Access Control that Allows Complete Application Takeover
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the /api/settings/import-database endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a fu...
MyTube 安全漏洞
MyTube is a video self-hosted downloader and player developed by Peifan Li. Versions of MyTube prior to 1.8.72 contained security vulnerabilities. These vulnerabilities allowed unverified attackers to lock out admin and guest accounts due to login failures, potentially leading to denial-of-servic...
MyTube 安全漏洞
MyTube is a video self-hosted downloader and player developed by Peifan Li. Versions of MyTube prior to 1.8.71 contained security vulnerabilities. These vulnerabilities allowed unverified attackers to register arbitrary secret keys and then use them for authentication, thereby gaining full...
MyTube 安全漏洞
MyTube is a video self-hosted downloader and player developed by Peifan Li. Versions of MyTube prior to 1.8.69 contained a security vulnerability. This vulnerability stemmed from the/api/settings/import-database endpoint’s authorization bypass, which could allow low-privilege attackers to upload...
PT-2026-28567
Name of the Vulnerable Software and Affected Versions MyTube versions prior to 1.8.72 Description MyTube is a self-hosted downloader and player for several video websites. Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based...
PT-2026-28518
Name of the Vulnerable Software and Affected Versions MyTube versions prior to 1.8.69 Description MyTube is a self-hosted downloader and player for several video websites. Prior to version 1.8.69, an authorization bypass exists in the /api/settings/import-database API endpoint. This bypass allows...
PT-2026-28555
Name of the Vulnerable Software and Affected Versions MyTube versions prior to 1.8.71 Description MyTube is a self-hosted downloader and player for several video websites. Before version 1.8.71, an unauthenticated attacker could register an arbitrary passkey and subsequently authenticate with it ...
CVE-2026-24139
MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete application database. The application fails to properly validate user permissions on the database export...
MyTube security vulnerability
MyTube is a video self-hosting downloader and player developed by Peifan Li. Versions of MyTube prior to 1.7.78 contained a security vulnerability, which stemmed from improper permission verification at the database export endpoint. This vulnerability could allow low-privilege users to access...
MyTube security vulnerability
MyTube is a video self-hosted downloader and player developed by Peifan Li. Versions of MyTube prior to 1.7.78 contained security vulnerabilities, which stemmed from insufficient input validation in the settings management function. These vulnerabilities could lead to large-scale distribution...