12 matches found
WWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration (Incomplete fix for CVE-2026-27732)
Summary The fix for CVE-2026-27732 is incomplete. objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then fetches the response and...
CVE-2026-33236
A flaw was found in NLTK Natural Language Toolkit, a suite of open-source Python modules for Natural Language Processing. The NLTK downloader does not validate subdir and id attributes when processing remote XML index files. A remote attacker can exploit this path traversal vulnerability by...
CVE-2026-33236
CVE-2026-33236 affects the NLTK downloader in versions up to 3.9.3, where remote XML index processing does not validate the subdir and id attributes. This allows an attacker-controlled XML index server to supply path traversal values (e.g., ../) that can lead to arbitrary directory creation, file...
Mini-stream RM Downloader security vulnerability
Mini-stream RM Downloader is a streaming media downloader developed by the Mini-stream company. Version 2.50.60 of Mini-stream RM Downloader contains a security vulnerability. This vulnerability stems from a local buffer overflow in the Load parameter, which may allow for the execution of arbitra...
Zip Slip Vulnerability in NLTK Downloader Leading to Remote Code Execution
This report is not public...
EUVD-2019-15264
Malware in sbrugna...
EUVD-2012-2480
Malware in sbrugna...
EUVD-2025-11986
Malicious code in bioql PyPI...
CVE-2022-2367
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...
PT-2026-20477
Name of the Vulnerable Software and Affected Versions nltk/nltk affected versions not specified Description A critical issue exists in the NLTK downloader component. The unzip iter function within nltk/downloader.py utilizes zipfile.extractall without validating file paths or implementing securit...
Video Developers com.video.downloader.all 安全漏洞
Video Developers com.video.downloader.all Video Developers All Video Downloader is a video downloader from Video Developers, Inc. A security vulnerability exists in version 11.28 and earlier of com.video.downloader.all All Video Downloader. An attacker can exploit this vulnerability to execute...
The vulnerability of the Google Chrome browser downloader, which allows a hacker to circumvent existing security restrictions
The vulnerability of the Google Chrome browser browser loader is related to improperly implemented security checks for standard elements. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions remotely...