Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/23 4:9 p.m.31 views

CVE-2026-50574 yt-dlp: Arbitrary code execution via manifest downloads with aria2c

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On...

8.3CVSS0.00406EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/23 4:9 p.m.6 views

CVE-2026-50574

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On...

9.6CVSS6.5AI score0.00406EPSS
Exploits0
CVE
CVE
added 2026/06/23 4:9 p.m.46 views

CVE-2026-50574

CVE-2026-50574 affects yt-dlp, where using aria2c as an external downloader for fragmented manifests (HLS/DASH) allows an attacker to write arbitrary files by passing insufficiently sanitized input to aria2c. On Windows, this can cause immediate arbitrary code execution; on non-Windows, execution...

9.6CVSS6.5AI score0.00406EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.8 views

Python Library yt-dlp < 2026.6.9 Multiple Vulnerabilities

The detected version of the yt-dlp Python package is prior to 2026.6.9. It is, therefore, affected by multiple vulnerabilities: - A vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing...

9.6CVSS6.6AI score0.00555EPSS
Exploits1References4
Rows per page
Query Builder