CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

122 matches found

CVE-2026-50023

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...

8.3CVSS0.00543EPSS

Exploits0References4

OSV•added 3 days ago•3 views

UBUNTU-CVE-2026-50019

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file downloa...

6.1CVSS5.8AI score0.00266EPSS

Exploits0References2

Snyk•added 2026/06/16 8:16 p.m.•7 views

Reliance on Cookies without Validation and Integrity Checking

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Reliance on Cookies without Validation and Integrity Checking via curl. An attacker can obtain sensitive cookie information by crafting a malicious website that embeds ...

6.1CVSS5.9AI score0.00266EPSS

Exploits0References2

NVD•added 2026/06/04 2:16 p.m.•10 views

CVE-2019-25726

All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...

8.8CVSS0.0027EPSS

Exploits0References5

Cvelist•added 2026/06/04 1:22 p.m.•34 views

CVE-2019-25726 All in One Video Downloader 1.2 SQL Injection via admin page-edit

8.8CVSS0.0027EPSS

Exploits0References5

Positive Technologies•added 2026/06/04 12:0 a.m.•13 views

PT-2026-46196

8.8CVSS6.1AI score0.0027EPSS

Exploits0References6

Fedora•added 2026/03/05 5:6 p.m.•10 views

[SECURITY] Fedora 44 Update: yt-dlp-2026.02.21-1.fc44

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

8.8CVSS5.9AI score0.01596EPSS

Exploits2

Fedora•added 2026/03/05 1:13 a.m.•7 views

[SECURITY] Fedora 42 Update: yt-dlp-2026.02.21-1.fc42

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

8.8CVSS5.9AI score0.01596EPSS

Exploits2

Fedora•added 2026/02/25 12:53 a.m.•9 views

[SECURITY] Fedora 43 Update: yt-dlp-2026.02.21-1.fc43

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

8.8CVSS5.9AI score0.01596EPSS

Exploits2

RedhatCVE•added 2026/01/26 3:10 p.m.•14 views

CVE-2026-24139

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete application database. The application fails to properly validate user permissions on the database export...

8.7CVSS5.9AI score0.00317EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:18 a.m.•7 views

CVE-2019-18893

XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component. While Video Downloader is technically a browser extension, it is granted a very wide set of privileges...

6.1CVSS6.5AI score0.01771EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:49 a.m.•3 views

CVE-2020-24142

Server-side request forgery in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hos...

9.8CVSS7AI score0.01684EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:48 a.m.•10 views

CVE-2020-24143

Directory traversal in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter...

7.5CVSS6.8AI score0.01967EPSS

Exploits0References1

RedhatCVE•added 2025/10/14 9:49 p.m.•9 views

CVE-2025-62363

yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the pathtoytdlp configuration setting. An attacker with write access to the configuration file or the filesyst...

7.8CVSS7.1AI score0.00162EPSS

Exploits0References1