Lucene search
K

523 matches found

RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-55404

A flaw was found in yt-dlp and youtube-dl, command-line tools for downloading audio and video. This vulnerability allows an attacker to inject malicious code into shortcut files .url or .desktop when certain options, such as --write-link, are used. By manipulating the webpageurl or filename...

8.8CVSS6.2AI score0.0064EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/08 7:36 p.m.34 views

CVE-2026-55404 yt-dlp: Downstream command injection via improper sanitization of yt-dlp --write-link output

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled webpageurl or filename metadata without sufficient validation or escaping,...

7.5CVSS0.0064EPSS
Exploits0References3
OSV
OSV
added 2026/07/08 7:36 p.m.4 views

CVE-2026-55404 yt-dlp: Downstream command injection via improper sanitization of yt-dlp --write-link output

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled webpageurl or filename metadata without sufficient validation or escaping,...

7.5CVSS6.2AI score0.0064EPSS
Exploits0References5
CVE
CVE
added 2026/07/08 7:36 p.m.13 views

CVE-2026-55404

YT-dlp and YouTube-dl before 2026.7.4 expose a vulnerability through --write-link, --write-url-link, and --write-desktop-link that can write .url/.desktop shortcuts using attacker-controlled metadata, enabling file:// URI or desktop entry key injection and potential command execution when opened....

8.8CVSS6AI score0.0064EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.5 views

PT-2026-56529

Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention DLP component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected...

8.4CVSS5.9AI score0.00151EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/07/08 12:0 a.m.3 views

python313-yt-dlp-2026.07.04-1.1 on GA media (moderate)

python313-yt-dlp-2026.07.04-1.1 on GA media Announcement ID: openSUSE-SU-2026:11196-1 Rating: moderate Cross-References: CVE-2026-55404 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

8.8CVSS5.9AI score0.0064EPSS
Exploits0
OSV
OSV
added 2026/07/04 12:24 p.m.7 views

MAL-2026-6754 Malicious code in yt-api-dlp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4710e1aa4fe025aaed51f4958f3b514a6cb950b40069f424c7a5d9a2f85591c Package name yt-api-dlp is a single-token insertion away from the widely-used yt-dlp package, and the tarball contains a near-verbatim copy of the...

6.1AI score
Exploits0References6
OSV
OSV
added 2026/07/04 6:38 a.m.10 views

MGASA-2026-0234 Updated yt-dlp packages fix security vulnerabilities

CVE-2026-50019 If curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. CVE-2026-50023 A vulnerability exists in yt-dlp that allows a remote attacker to write...

9.6CVSS6.5AI score0.00555EPSS
Exploits1References5
Fedora
Fedora
added 2026/06/24 1:33 a.m.7 views

[SECURITY] Fedora 43 Update: yt-dlp-2026.06.09-1.fc43

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

9.6CVSS5.8AI score0.00555EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-50023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary...

9.6CVSS6AI score0.00555EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-50574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format such as an...

9.6CVSS6.5AI score0.00406EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-50019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked t...

7.4CVSS5.8AI score0.00268EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.7 views

Fedora 43 : yt-dlp (2026-03f87de373)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-03f87de373 advisory. - Update to 2026.06.09. Fixes rhbz2487407. - Mitigates CVE-2026-50019, CVE-2026-50023, CVE-2026-50574 Tenable has extracted the preceding descriptio...

9.6CVSS5.9AI score0.00555EPSS
Exploits1References4
NVD
NVD
added 2026/06/23 5:17 p.m.7 views

CVE-2026-50574

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On...

9.6CVSS0.00406EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 5:17 p.m.4 views

DEBIAN-CVE-2026-50023

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...

9.6CVSS6AI score0.00555EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 5:17 p.m.7 views

CVE-2026-50019

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file downloa...

7.4CVSS0.00268EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 5:17 p.m.4 views

UBUNTU-CVE-2026-50019

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file downloa...

7.4CVSS5.8AI score0.00268EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 5:17 p.m.4 views

UBUNTU-CVE-2026-50574

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On...

9.6CVSS6.5AI score0.00406EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 5:17 p.m.4 views

UBUNTU-CVE-2026-50023

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...

9.6CVSS6AI score0.00555EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/23 4:13 p.m.43 views

CVE-2026-50019 yt-dlp: File Downloader cookie leak with curl

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file downloa...

6.1CVSS0.00268EPSS
Exploits0References1
Rows per page
Query Builder