40 matches found
Top Video Downloaders in 2026: Why Wondershare UniConverter Remains a Strong Choice
As video content continues to dominate entertainment, education, and social media platforms, more users are searching for reliable…...
EUVD-2023-2146
Malicious code in bioql PyPI...
MAL-2025-4493 Malicious code in nayan-videos-downloaders (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32bc04005274ad27bb9498203c905d728f872255a98f5f19d99ca7d73b354554 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack
An advanced persistent threat APT actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile entities and strategic infrastructures in the Middle East and Africa. The activity has been attributed to a group tracked as SideWinder, which is also known as...
Malicious code in rs-downloaders (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9808 Malicious code in rs-downloaders (npm)
--- -= Per source details. Do not edit below this line.=-...
GLSA-202407-28 : Freenet: Deanonymization Vulnerability
The remote host is affected by the vulnerability described in GLSA-202407-28 Freenet: Deanonymization Vulnerability This release fixes a severe vulnerability in path folding that allowed to distinguish between downloaders and forwarders with an adapted node that is directly connected via opennet...
DEBIAN-CVE-2024-38519
yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...
CVE-2024-38519 yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization
yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...
PT-2024-28047
Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2024.07.01 youtube-dl versions prior to 2024-07-03 Description The issue concerns command-line audio/video downloaders yt-dlp and youtube-dl. Prior to the fixed versions, these tools do not limit the extensions of...
[SECURITY] Fedora 40 Update: crosswords-0.3.13-1.fc40
A simple and fun game of crosswords. Load your crossword files, or play one of the included games. Features include: - Support for shaped and colored crosswords - Loading .ipuz and .puz files - Hint support, such as showing mistakes and suggesting words - Dark mode support - Locally installed...
Watch Out for 'Latrodectus' - This Malware Could Be In Your Inbox
Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. "Latrodectus is an up-and-coming downloader with various sandbox evasion functionality," researchers from Proofpoint and Team Cymru said...
Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders
The Iranian state-sponsored threat actor known as OilRig deployed three different downloader malware throughout 2022 to maintain persistent access to victim organizations located in Israel. The three new downloaders have been named ODAgent, OilCheck, and OilBooster by Slovak cybersecurity company...
Fedora 38 : youtube-dl (2023-1f11546a48)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-1f11546a48 advisory. Update to latest upstream git snapshot. Various changes, including bug fix for cookie leak vulnerability. Tenable has extracted the preceding description blo...
Improper Validation
code.gitea.io/gitea is vulnerable to Improper Validation. The vulnerability exists because Migration Downloaders can change the CloneURL which is improperly validated, allowing an attacker to redirect users to a malicious clone URL...
LOLBAS in the Wild: 11 Living-Off-The-Land Binaries That Could Be Used for Malicious Purposes
Cybersecurity researchers have discovered a set of 11 living-off-the-land binaries-and-scripts LOLBAS that could be maliciously abused by threat actors to conduct post-exploitation activities. "LOLBAS is an attack method that uses binaries and scripts that are already part of the system for...
The vulnerability of the update downloaders for Mozilla Firefox, Firefox ESR, and the email client Thunderbird on Windows operating systems allows a hacker to gain access to read, modify, or delete files.
The vulnerability of the update downloaders of Mozilla Firefox, Firefox ESR, and the email client Thunderbird on Windows operating systems is related to errors in the use of standard permissions when creating directories. Exploiting this vulnerability can allow an attacker to gain access to, read...
Fedora 37 : yt-dlp (2023-79e2b35ba6)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-79e2b35ba6 advisory. Update to 2023.07.06. Mitigates CVE-2023-35934 / GHSA-v8mc-9377-rwjj. ---- Update to 2023.06.22. Fixes rhbz2216612. ---- Update to 2023.06.21. Fixes...
Fedora 38 : yt-dlp (2023-9f3938e10d)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-9f3938e10d advisory. Update to 2023.07.06. Mitigates CVE-2023-35934 / GHSA-v8mc-9377-rwjj Tenable has extracted the preceding description block directly from the Fedora security...
SUSE CVE-2023-35934
yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host...