CVE-2025-66203

StreamVault is a video download integration solution. Prior to version 251126, a Remote Code Execution RCE vulnerability exists in the stream-vault application SpiritApplication. The application allows administrators to configure yt-dlp arguments via the /admin/api/saveConfig endpoint without...

StreamVault 操作系统命令注入漏洞

StreamVault is a video parsing and downloading tool from the individual developers at MochiMoon. An operating system command injection vulnerability exists in StreamVault versions prior to 251126, which stems from an insufficiently validated configuration of the yt-dlp parameter and could lead to...

CVE-2025-66203 StreamVault is Vulnerable to Authenticated Remote Code Execution (RCE) via ytdlpargs Configuration Injection

StreamVault is a video download integration solution. Prior to version 251126, a Remote Code Execution RCE vulnerability exists in the stream-vault application SpiritApplication. The application allows administrators to configure yt-dlp arguments via the /admin/api/saveConfig endpoint without...

CVE-2025-66203 StreamVault is Vulnerable to Authenticated Remote Code Execution (RCE) via ytdlpargs Configuration Injection

StreamVault is a video download integration solution. Prior to version 251126, a Remote Code Execution RCE vulnerability exists in the stream-vault application SpiritApplication. The application allows administrators to configure yt-dlp arguments via the /admin/api/saveConfig endpoint without...

CVE-2025-66203

CVE-2025-66203 affects StreamVault’s SpiritApplication. Prior to version 251126, an RCE exists because administrators can configure yt-dlp arguments via /admin/api/saveConfig without sufficient validation; these arguments are stored globally and later used by YtDlpUtil.java to construct the yt-dl...

CVE-2025-66203 StreamVault is Vulnerable to Authenticated Remote Code Execution (RCE) via ytdlpargs Configuration Injection

StreamVault is a video download integration solution. Prior to version 251126, a Remote Code Execution RCE vulnerability exists in the stream-vault application SpiritApplication. The application allows administrators to configure yt-dlp arguments via the /admin/api/saveConfig endpoint without...

PT-2025-53607

Name of the Vulnerable Software and Affected Versions StreamVault versions prior to 251126 Description StreamVault is a video download integration solution. A Remote Code Execution RCE issue exists in the stream-vault application SpiritApplication. The application does not properly validate...

EUVD-2025-26347

Malicious code in bioql PyPI...

CVE-2025-57799 StreamVault can perform remote command execution

StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct malicious commands, execute command injection attacks against the system, and ultimately gain server...

CVE-2025-57799

CVE-2025-57799 relates to StreamVault, a multi-platform video parsing/downloading tool. Affects versions prior to 250822 where an attacker can modify system parameters, craft and execute commands, enabling remote command execution and potential server privilege gain. Patch released in 250822. In ...

StreamVault 操作系统命令注入漏洞

StreamVault is a video parsing and downloading tool by the individual developer of MochiMoon. An operating system command injection vulnerability exists in versions prior to StreamVault 250822, which stems from command injection and could lead to server privilege acquisition...