Lucene search
+L

128 matches found

Tenable Nessus
Tenable Nessus
added 6 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-55404

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can writ...

8.8CVSS6.2AI score0.0064EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 12:0 a.m.2 views

OPENSUSE-SU-2026:11196-1 python313-yt-dlp-2026.07.04-1.1 on GA media

These are all security issues fixed in the python313-yt-dlp-2026.07.04-1.1 package on the GA media of openSUSE Tumbleweed...

8.8CVSS5.9AI score0.0064EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 8:10 a.m.2 views

OPENSUSE-SU-2026:21163-1 Security update for yt-dlp

This update for yt-dlp fixes the following issues: Changes in yt-dlp: - Update to version 2026.06.09 Fixed CVE-2026-50019: File Downloader cookie leak with curl Fixed CVE-2026-50023: Dangerous file type creation via insufficient filename sanitization Fixed CVE-2026-50574: Arbitrary code execution...

9.6CVSS6.2AI score0.00555EPSS
Exploits1References3
Fedora
Fedora
added 2026/06/24 1:33 a.m.7 views

[SECURITY] Fedora 43 Update: yt-dlp-2026.06.09-1.fc43

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

9.6CVSS5.8AI score0.00555EPSS
Exploits1
NVD
NVD
added 2026/06/23 5:17 p.m.10 views

CVE-2026-50023

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...

9.6CVSS0.00555EPSS
Exploits1References4
OSV
OSV
added 2026/06/23 5:17 p.m.4 views

UBUNTU-CVE-2026-50019

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file downloa...

7.4CVSS5.8AI score0.00268EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 4:9 p.m.3 views

CVE-2026-50574 yt-dlp: Arbitrary code execution via manifest downloads with aria2c

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On...

8.3CVSS6.6AI score0.00406EPSS
Exploits0References3
Fedora
Fedora
added 2026/06/21 1:1 a.m.6 views

[SECURITY] Fedora 44 Update: yt-dlp-2026.06.09-1.fc44

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

9.6CVSS5.8AI score0.00555EPSS
Exploits1
Snyk
Snyk
added 2026/06/16 8:16 p.m.8 views

Reliance on Cookies without Validation and Integrity Checking

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Reliance on Cookies without Validation and Integrity Checking via curl. An attacker can obtain sensitive cookie information by crafting a malicious website that embeds ...

7.4CVSS5.9AI score0.00268EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 2:16 p.m.18 views

CVE-2019-25726

All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...

8.8CVSS0.0027EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/04 1:22 p.m.38 views

CVE-2019-25726 All in One Video Downloader 1.2 SQL Injection via admin page-edit

All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...

8.8CVSS0.0027EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.53 views

PT-2026-46196

All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References6
Fedora
Fedora
added 2026/03/05 5:6 p.m.11 views

[SECURITY] Fedora 44 Update: yt-dlp-2026.02.21-1.fc44

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

8.8CVSS5.9AI score0.01596EPSS
Exploits2
Fedora
Fedora
added 2026/03/05 1:13 a.m.8 views

[SECURITY] Fedora 42 Update: yt-dlp-2026.02.21-1.fc42

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

8.8CVSS5.9AI score0.01596EPSS
Exploits2
Fedora
Fedora
added 2026/02/25 12:53 a.m.10 views

[SECURITY] Fedora 43 Update: yt-dlp-2026.02.21-1.fc43

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

8.8CVSS5.9AI score0.01596EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/01/26 3:10 p.m.16 views

CVE-2026-24139

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete application database. The application fails to properly validate user permissions on the database export...

8.7CVSS5.9AI score0.00317EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.9 views

CVE-2019-18893

XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component. While Video Downloader is technically a browser extension, it is granted a very wide set of privileges...

6.1CVSS6.5AI score0.01771EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:49 a.m.7 views

CVE-2020-24142

Server-side request forgery in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hos...

9.8CVSS7AI score0.01684EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:48 a.m.12 views

CVE-2020-24143

Directory traversal in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter...

7.5CVSS6.8AI score0.01967EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/14 9:49 p.m.11 views

CVE-2025-62363

yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the pathtoytdlp configuration setting. An attacker with write access to the configuration file or the filesyst...

7.8CVSS7.1AI score0.00165EPSS
Exploits0References1
Rows per page
Query Builder