Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-55404

A flaw was found in yt-dlp and youtube-dl, command-line tools for downloading audio and video. This vulnerability allows an attacker to inject malicious code into shortcut files .url or .desktop when certain options, such as --write-link, are used. By manipulating the webpageurl or filename...

8.8CVSS6.2AI score0.00554EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via improper validation of input in the --write-link, --write-url-link,...

9CVSS6.3AI score0.00554EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-55404 yt-dlp: Downstream command injection via improper sanitization of yt-dlp --write-link output

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled webpageurl or filename metadata without sufficient validation or escaping,...

7.5CVSS0.00554EPSS
Exploits0References3
CVE
CVE
added 6 days ago12 views

CVE-2026-55404

YT-dlp and YouTube-dl before 2026.7.4 expose a vulnerability through --write-link, --write-url-link, and --write-desktop-link that can write .url/.desktop shortcuts using attacker-controlled metadata, enabling file:// URI or desktop entry key injection and potential command execution when opened....

8.8CVSS6AI score0.00554EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/23 4:8 p.m.6 views

CVE-2026-50023

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...

9.6CVSS6AI score0.00555EPSS
Exploits1
Rows per page
Query Builder