Lucene search
K

4 matches found

NVD
NVD
added 2025/10/07 9:15 p.m.6 views

CVE-2025-62185

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...

7.8CVSS0.0014EPSS
Exploits0References3
OSV
OSV
added 2025/10/07 9:15 p.m.3 views

CVE-2025-62185

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...

7.8CVSS6.8AI score
Exploits0References3
Cvelist
Cvelist
added 2024/04/15 2:41 a.m.17 views

CVE-2024-3775 aEnrich Technology a+HRD - Argument Injection

aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files...

5.3CVSS5.5AI score0.00408EPSS
Exploits0References1
CVE
CVE
added 2024/04/15 2:41 a.m.66 views

CVE-2024-3775

CVE-2024-3775 concerns aEnrich Technology a+HRD, where the file-downloading function via youtube-dl.exe accepts unsafely-constructed user input. The root cause is insufficient input restriction, allowing attackers to pass arbitrary arguments to youtube-dl.exe and potentially cause downloads of pa...

7.5CVSS6.8AI score0.00408EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder