Lucene search
K

5 matches found

CVE
CVE
added 2026/06/23 4:8 p.m.14 views

CVE-2026-50023

CVE-2026-50023 affects yt-dlp. Before 2026-06-09, an issue allowed remote attackers to write arbitrary OS-shortcut files (e.g., .desktop, .url, .webloc) via the --write-link option by exploiting unsafe extensions that were on the allowlist, bypassing the prior CVE-2024-38519 remediation. This cou...

9.6CVSS6AI score0.00555EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 8:59 p.m.14 views

yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)

Summary A vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. Details The fix for CVE-2024-38519 enforced an allowlist for file extensions, in orde...

9.6CVSS5.7AI score0.00555EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2010-0688

Malware in sbrugna...

9.3CVSS6.2AI score0.01885EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2010/02/18 6:0 p.m.23 views

CVE-2010-0657

Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into...

9.3CVSS5.9AI score0.01885EPSS
Exploits0References2
NVD
NVD
added 2010/02/18 6:0 p.m.21 views

CVE-2010-0657

Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into...

9.3CVSS6.8AI score0.01885EPSS
Exploits0References5
Rows per page
Query Builder