2 matches found
CVE-2026-55404
YT-dlp and YouTube-dl before 2026.7.4 expose a vulnerability through --write-link, --write-url-link, and --write-desktop-link that can write .url/.desktop shortcuts using attacker-controlled metadata, enabling file:// URI or desktop entry key injection and potential command execution when opened....
SUSE CVE-2025-3033
After selecting a malicious Windows .url shortcut from the local filesystem, an unexpected file could be uploaded. This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability was fixed in Firefox 137 and Thunderbird 137...