Lucene search
K

31 matches found

OSV
OSV
added 2026/07/04 6:38 a.m.8 views

MGASA-2026-0234 Updated yt-dlp packages fix security vulnerabilities

CVE-2026-50019 If curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. CVE-2026-50023 A vulnerability exists in yt-dlp that allows a remote attacker to write...

9.6CVSS6.5AI score0.00555EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-50574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format such as an...

9.6CVSS6.5AI score0.00406EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 5:17 p.m.5 views

CVE-2026-50574

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On...

9.6CVSS0.00406EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 4:9 p.m.52 views

CVE-2026-50574

CVE-2026-50574 affects yt-dlp, where using aria2c as an external downloader for fragmented manifests (HLS/DASH) allows an attacker to write arbitrary files by passing insufficiently sanitized input to aria2c. On Windows, this can cause immediate arbitrary code execution; on non-Windows, execution...

9.6CVSS6.5AI score0.00406EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/23 4:9 p.m.2 views

CVE-2026-50574 yt-dlp: Arbitrary code execution via manifest downloads with aria2c

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On...

8.3CVSS6.6AI score0.00406EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/23 4:9 p.m.7 views

CVE-2026-50574

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On...

9.6CVSS6.5AI score0.00406EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/23 4:9 p.m.33 views

CVE-2026-50574 yt-dlp: Arbitrary code execution via manifest downloads with aria2c

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On...

8.3CVSS0.00406EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.10 views

Python Library yt-dlp < 2026.6.9 Multiple Vulnerabilities

The detected version of the yt-dlp Python package is prior to 2026.6.9. It is, therefore, affected by multiple vulnerabilities: - A vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing...

9.6CVSS6.7AI score0.00555EPSS
Exploits1References4
Snyk
Snyk
added 2026/06/16 9:13 p.m.8 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via insufficient sanitization of input passed to the aria2c external...

9.6CVSS6.4AI score0.00406EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.12 views

CVE-2026-8367

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.4AI score0.0011EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.18 views

Linux Distros Unpatched Vulnerability : CVE-2026-8367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for ...

4.8CVSS5.5AI score0.0011EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/13 6:30 p.m.7 views

EUVD-2026-30042

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.8AI score0.0011EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 4:17 p.m.18 views

CVE-2026-8367

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS0.0011EPSS
Exploits0References1
OSV
OSV
added 2026/05/13 4:17 p.m.15 views

DEBIAN-CVE-2026-8367

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.8AI score0.0011EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/13 4:17 p.m.10 views

CVE-2026-8367

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.8AI score0.0011EPSS
Exploits0References3
OSV
OSV
added 2026/05/13 4:17 p.m.7 views

UBUNTU-CVE-2026-8367

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.8AI score0.0011EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/05/13 2:55 p.m.22 views

CVE-2026-8367

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.8AI score0.0011EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/13 2:55 p.m.36 views

CVE-2026-8367 aria2c Improper Certificate Validation

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS0.0011EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

aria2c 信任管理问题漏洞

aria2c is a lightweight multi-protocol command-line download tool developed by aria2. Aria2c has a trust management vulnerability that stems from accepting server certificates with incorrect extension key purposes. This vulnerability could allow attackers to reuse certificates issued for differen...

4.8CVSS5.8AI score0.0011EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.23 views

PT-2026-40700

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.8AI score0.0011EPSS
Exploits0References2
Rows per page
Query Builder