4 matches found
CVE-2025-62185
In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...
CVE-2025-62185
In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlpx86.exe...
CVE-2024-3775 aEnrich Technology a+HRD - Argument Injection
aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files...
CVE-2024-3775
CVE-2024-3775 concerns aEnrich Technology a+HRD, where the file-downloading function via youtube-dl.exe accepts unsafely-constructed user input. The root cause is insufficient input restriction, allowing attackers to pass arbitrary arguments to youtube-dl.exe and potentially cause downloads of pa...