Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 4 days ago6 views

CVE-2026-55404

A flaw was found in yt-dlp and youtube-dl, command-line tools for downloading audio and video. This vulnerability allows an attacker to inject malicious code into shortcut files .url or .desktop when certain options, such as --write-link, are used. By manipulating the webpageurl or filename...

8.8CVSS6.2AI score0.00554EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via improper validation of input in the --write-link, --write-url-link,...

9CVSS6.3AI score0.00554EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-55404 yt-dlp: Downstream command injection via improper sanitization of yt-dlp --write-link output

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled webpageurl or filename metadata without sufficient validation or escaping,...

7.5CVSS0.00554EPSS
Exploits0References3
CVE
CVE
added 6 days ago12 views

CVE-2026-55404

YT-dlp and YouTube-dl before 2026.7.4 expose a vulnerability through --write-link, --write-url-link, and --write-desktop-link that can write .url/.desktop shortcuts using attacker-controlled metadata, enabling file:// URI or desktop entry key injection and potential command execution when opened....

8.8CVSS6AI score0.00554EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.13 views

PT-2026-55745

Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.07.04 Description Improper sanitization of output when using the --write-link option allows for downstream command injection. This occurs because shortcut file data is not properly validated and sanitized before...

7.5CVSS6AI score0.00554EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2026/06/23 4:8 p.m.6 views

CVE-2026-50023

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...

9.6CVSS6AI score0.00555EPSS
Exploits1
OSV
OSV
added 2026/06/16 8:59 p.m.8 views

GHSA-C6MH-FPJC-4PR3 yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)

Summary A vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. Details The fix for CVE-2024-38519 enforced an allowlist for file extensions, in orde...

8.3CVSS5.8AI score0.00555EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.24 views

PT-2026-48379

Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.06.09 Description A flaw allows a remote attacker to write arbitrary OS-shortcut files, such as .desktop, .url, and .webloc, to the user's filesystem. This occurs because the file extension allowlist used to preve...

9.6CVSS6.1AI score0.00555EPSS
Exploits1References18
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.22 views

PT-2026-48380

Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.06.09 Description When using aria2c as an external downloader for fragmented manifest formats like HLS or DASH streams, insufficiently sanitized input allows an attacker to perform arbitrary file writes. This occu...

9.6CVSS6AI score0.00406EPSS
Exploits0References15
Rows per page
Query Builder