Lucene search
+L

5 matches found

OSV
OSV
added 2026/06/23 5:17 p.m.6 views

DEBIAN-CVE-2026-50023

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...

9.6CVSS6AI score0.00555EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 5:17 p.m.11 views

CVE-2026-50023

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...

9.6CVSS0.00555EPSS
Exploits1References4
CVE
CVE
added 2026/06/23 4:8 p.m.21 views

CVE-2026-50023

CVE-2026-50023 affects yt-dlp. Before 2026-06-09, an issue allowed remote attackers to write arbitrary OS-shortcut files (e.g., .desktop, .url, .webloc) via the --write-link option by exploiting unsafe extensions that were on the allowlist, bypassing the prior CVE-2024-38519 remediation. This cou...

9.6CVSS6AI score0.00555EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 8:59 p.m.20 views

yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)

Summary A vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. Details The fix for CVE-2024-38519 enforced an allowlist for file extensions, in orde...

9.6CVSS5.7AI score0.00555EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2021/02/19 4:35 p.m.100 views

CVE-2021-23342

The CVE-2021-23342 entry concerns docsify before version 4.12.0, where a bypass of CVE-2020-7680 allows cross-site scripting. The vulnerability arises because HTML sanitization performed for remote URLs on the main page is not applied in the sidebar, and the isURL external check can be bypassed b...

8.6CVSS6.6AI score0.01657EPSS
Exploits2References5Affected Software1
Rows per page
Query Builder