983 matches found
CVE-2026-26331
A flaw was found in yt-dlp, a command-line audio/video downloader. When the --netrc-cmd command-line option is enabled, a remote attacker can exploit a maliciously crafted URL to achieve arbitrary command injection. This allows the attacker to execute unauthorized commands on the user's system,...
CVE-2026-26331
yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...
CVE-2026-26331
yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously...
yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option
Summary When yt-dlp's --netrc-cmd command-line option or netrccmd Python API parameter is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL. Impact yt-dlp maintainers assume the impact of this vulnerability to be high for anyone who us...
ROS-20260220-73-0001
Vulnerability of usbnetreadcmd function of include/linux/etherdevice.h library of Linux kernel with exception handling flaws. Exploitation of the vulnerability may allow an attacker to cause a denial of service...
AlmaLinux 10 : golang (ALSA-2026:2706)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:2706 advisory. golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query...
MiracleLinux 9 : golang-1.25.7-1.el9_7 (AXSA:2026-196:02)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-196:02 advisory. golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query...
mcp-csharp-cmdexe-poc
MCP C SDK cmd.exe Argument Injection PoC Proof of concept fo...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the UploadIssueAttachment and UploadReleaseAttachment functions, over the /issues/attachments and /releases/attachments endpoints. This is only exploitable if the RequireSigninView setting is disabled, which it...
golang security update
An update is available for golang. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Security...
golang security update
An update is available for golang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Security...
RockyLinux 10 : golang (RLSA-2026:2706)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:2706 advisory. golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query...
RockyLinux 8 : go-toolset:rhel8 (RLSA-2026:2708)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:2708 advisory. golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query...
AlmaLinux 9 : golang (ALSA-2026:2709)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:2709 advisory. golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query...
Important: Red Hat Security Advisory: go-toolset:rhel8 security update
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: golang security update
An update for golang is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
AlmaLinux 8 : go-toolset:rhel8 (ALSA-2026:2708)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:2708 advisory. golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query...
ALSA-2026:2708 Important: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip CVE-2025-61728 golang: net/url: Memory exhaustion in query parameter parsing in net/u...
BIT-GOLANG-2025-61732 Potential code smuggling via doc comments in cmd/cgo
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
CVE-2025-61732 Potential code smuggling via doc comments in cmd/cgo
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...