Lucene search
K

12 matches found

Github Security Blog
Github Security Blog
added 2026/04/08 12:8 a.m.7 views

WWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration (Incomplete fix for CVE-2026-27732)

Summary The fix for CVE-2026-27732 is incomplete. objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then fetches the response and...

8.6CVSS6.2AI score0.00235EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/23 6:52 a.m.8 views

CVE-2026-33236

A flaw was found in NLTK Natural Language Toolkit, a suite of open-source Python modules for Natural Language Processing. The NLTK downloader does not validate subdir and id attributes when processing remote XML index files. A remote attacker can exploit this path traversal vulnerability by...

8.1CVSS6AI score0.00487EPSS
Exploits1References5
CVE
CVE
added 2026/03/20 10:47 p.m.16 views

CVE-2026-33236

CVE-2026-33236 affects the NLTK downloader in versions up to 3.9.3, where remote XML index processing does not validate the subdir and id attributes. This allows an attacker-controlled XML index server to supply path traversal values (e.g., ../) that can lead to arbitrary directory creation, file...

8.1CVSS5.9AI score0.00487EPSS
Exploits1References7Affected Software1
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.6 views

Mini-stream RM Downloader security vulnerability

Mini-stream RM Downloader is a streaming media downloader developed by the Mini-stream company. Version 2.50.60 of Mini-stream RM Downloader contains a security vulnerability. This vulnerability stems from a local buffer overflow in the Load parameter, which may allow for the execution of arbitra...

8.4CVSS6.2AI score0.00201EPSS
Exploits0References4
Huntr
Huntr
added 2025/11/13 5:44 p.m.16 views

Zip Slip Vulnerability in NLTK Downloader Leading to Remote Code Execution

This report is not public...

10CVSS5.5AI score0.0079EPSS
Exploits1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-15264

Malware in sbrugna...

7.8CVSS6.7AI score0.00347EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2012-2480

Malware in sbrugna...

4.3CVSS6.1AI score0.01401EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-11986

Malicious code in bioql PyPI...

9.2CVSS6.3AI score0.00222EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 11:55 p.m.10 views

CVE-2022-2367

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...

7.5CVSS6.8AI score0.00953EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.2 views

PT-2026-20477

Name of the Vulnerable Software and Affected Versions nltk/nltk affected versions not specified Description A critical issue exists in the NLTK downloader component. The unzip iter function within nltk/downloader.py utilizes zipfile.extractall without validating file paths or implementing securit...

10CVSS9.4AI score0.0079EPSS
Exploits1References30
CNNVD
CNNVD
added 2024/11/11 12:0 a.m.3 views

Video Developers com.video.downloader.all 安全漏洞

Video Developers com.video.downloader.all Video Developers All Video Downloader is a video downloader from Video Developers, Inc. A security vulnerability exists in version 11.28 and earlier of com.video.downloader.all All Video Downloader. An attacker can exploit this vulnerability to execute...

8.1CVSS7.4AI score0.00343EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/07/26 12:0 a.m.7 views

The vulnerability of the Google Chrome browser downloader, which allows a hacker to circumvent existing security restrictions

The vulnerability of the Google Chrome browser browser loader is related to improperly implemented security checks for standard elements. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions remotely...

7.8CVSS6.7AI score0.00693EPSS
Exploits0References11Affected Software3
Rows per page
Query Builder