39 matches found
DEBIAN-CVE-2026-50574
yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On...
MAL-2026-4654 Malicious code in qazaq-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31fa15731b4c683297d550bb3157dff08f2bfa3db01c14952cd35c7c61407d0a The package's default AI provider hardcodes the destination opengateway.gitlawb.com/v1/chat/completions with header api-key: 'not-needed'...
MiracleLinux 7 : wget-1.14-18.el7 (AXSA:2018-3408:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-3408:01 advisory. wget: Cookie injection allows malicious website to write arbitrary cookie entries into cookie jar CVE-2018-0494 Tenable has extracted the preceding descripti...
Wordpress-BRUTE-FORCE-UPLOAD-SHELL
🛠️ Wordpress-BRUTE-FORCE-UPLOAD-SHELL - Simple Tool for WordPr...
Malicious code in mp3-do-wnload-file-to-day-60280-lay-down-and-love-it-live-yfkc2-lppmhd (npm)
The package mp3-do-wnload-file-to-day-60280-lay-down-and-love-it-live-yfkc2-lppmhd was found to contain malicious code...
MAL-2025-26789 Malicious code in mp3-do-wnload-file-to-day-13796-flick-the-vs-isfeh-rasowi (npm)
The package mp3-do-wnload-file-to-day-13796-flick-the-vs-isfeh-rasowi was found to contain malicious code...
CVE-2024-3775
aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files...
aEnrich a+HRD 参数注入漏洞
aEnrich a+HRD is an all-around human resource development solution from Acer China aEnrich. A parameter injection vulnerability exists in aEnrich a+HRD version 6.8, 7.0, 7.1, 7.2. The vulnerability stems from the file download function of youtube-dl.exe not properly restricting the user input,...
PT-2024-15835 · Paddlepaddle · Paddlepaddle/Paddle
Name of the Vulnerable Software and Affected Versions: paddlepaddle/paddle version 2.6.0 Description: The issue concerns a command injection in the paddle.utils.download. wget download function, which allows bypassing a filter. Recommendations: For paddlepaddle/paddle version 2.6.0, at the moment...
GLSA-202312-11 : SABnzbd: Remote Code Execution
The remote host is affected by the vulnerability described in GLSA-202312-11 SABnzbd: Remote Code Execution - SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the...
The vulnerability of the HP ThinUpdate software upgrade tool, namely the HP Recovery Image and Software Download Tool, stems from insufficient protection for operational data. This vulnerability allows attackers to gain unauthorized access to the protected information.
The vulnerability of the HP ThinUpdate software upgrade tool HP Recovery Image and Software Download Tool is related to insufficient protection for operational data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
CVE-2023-4499
A potential security vulnerability has been identified in the HP ThinUpdate utility also known as HP Recovery Image and Software Download Tool which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability...
CVE-2023-4499
A potential security vulnerability has been identified in the HP ThinUpdate utility also known as HP Recovery Image and Software Download Tool which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability...
CVE-2023-4499
CVE-2023-4499 affects HP ThinUpdate (Recovery Image/Software Download Tool). The connected sources confirm an improper server certificate verification (CWE-295) in HP ThinUpdate, enabling potential information disclosure via MITM; affected versions prior to 2.7.15. HP has mitigations and instruct...
HP ThinUpdate Trust Management Issue Vulnerability
HP ThinUpdate is an application from Hewlett-Packard HP USA. It allows you to download system images and software add-ons from HP, capture HP Thin Client images, create ISO files, and more! A security vulnerability exists in the HP ThinUpdate utility HP Recovery Image and Software Download Tool,...
CVE-2023-34237
SABnzbd (Usenet downloader) is affected by CVE-2023-34237 due to a design flaw in the Notification Script parameters that enables remote code execution with SABnzbd process privileges. Exploitation requires access to the web interface; remote access is possible if the instance is exposed to the i...
Malicious code in free-fire-hakc-donwload-tool-2022 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b4a796e6d443f661256e36c0ec90ea2993cc2d202c9ba8a1dd3459020fa65e4e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3136 Malicious code in free-fire-hakc-donwload-tool-2022 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b4a796e6d443f661256e36c0ec90ea2993cc2d202c9ba8a1dd3459020fa65e4e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Php-Jpeg-Injector - Injects Php Payloads Into Jpeg Images
Injects php payloads into jpeg images. Related to this post. Use Case You have a web application that runs a jpeg image through PHP's GD graphics library. Description This script injects PHP code into a specified jpeg image. The web application will execute the payload if it interprets the image...
PanDownload suffers from SQL injection vulnerability
Pandownload is a Baidu.com download tool. PanDownload suffers from a SQL injection vulnerability, which can be exploited by an attacker to obtain sensitive database information...