Lucene search
K

1823 matches found

Nuclei
Nuclei
added yesterday63 views

WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion

WordPress MDC YouTube Downloader 2.1.0 plugin is susceptible to local file inclusion. A remote attacker can read arbitrary files via a full pathname in the file parameter to includes/download.php. id: CVE-2015-5469 info: name: WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion author:...

7.5CVSS7.1AI score0.10148EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-55404

A flaw was found in yt-dlp and youtube-dl, command-line tools for downloading audio and video. This vulnerability allows an attacker to inject malicious code into shortcut files .url or .desktop when certain options, such as --write-link, are used. By manipulating the webpageurl or filename...

8.8CVSS6.2AI score0.0064EPSS
Exploits0References2
CVE
CVE
added 6 days ago11 views

CVE-2026-4298

The CVE-2026-4298 entry concerns the WordPress plugin DSGVO All in one for WP up to version 4.9. The underlying root cause is Missing Authorization due to the function dsgvo_reset_policy_service_func() lacking capability checks and nonce verification when processing user-supplied parameters to re...

4.3CVSS5.9AI score0.00204EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-4298 DSGVO All in one for WP <= 4.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset

The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvoresetpolicyservicefunc function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin...

4.3CVSS0.00204EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-4298

The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvoresetpolicyservicefunc function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin...

4.3CVSS5.9AI score0.00204EPSS
Exploits0References7
Snyk
Snyk
added last week4 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via improper validation of input in the --write-link, --write-url-link,...

9CVSS6.3AI score0.0064EPSS
Exploits0References2
CVE
CVE
added 2026/07/05 4:0 a.m.22 views

CVE-2026-14702

Technical details are not publicly available in the provided documents. Monitor for updates to the CVE entry and connected sources for further information.

2.5CVSS5.2AI score0.00108EPSS
Exploits0References7
OSV
OSV
added 2026/07/05 4:0 a.m.5 views

CVE-2026-14702 zcaceres markdownify-mcp webpage-to-markdown Markdownify.ts saveToTempFile random values

A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted ...

2CVSS5.1AI score0.00108EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/05 4:0 a.m.12 views

EUVD-2026-41721

A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted ...

2.5CVSS5.2AI score0.00108EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/01 3:43 a.m.36 views

CVE-2026-12923 Video Gallery <= 4.0.3 - Authenticated (Subscriber+) Arbitrary Function Call via 'path' Parameter

The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and including 4.0.3. This is due to insufficient validation of the 'path' parameter in the emddeletefile AJAX handler in includes/common-functions.php. The user-supplied value is passed through...

7.5CVSS0.00319EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 3:43 a.m.17 views

CVE-2026-12923

The Youtube Showcase plugin for WordPress (up to version 4.0.3) is vulnerable to an Arbitrary Function Call via the 'path' parameter in the emd_delete_file() AJAX handler (includes/common-functions.php). A user-supplied value is sanitized, has its trailing '_PLUGIN_DIR' stripped, and is then invo...

7.5CVSS5.9AI score0.00319EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-283 ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

The /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE. When PUBLICADDVIEW=True comm...

9.8CVSS6.4AI score0.00404EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2026/06/25 2:12 p.m.49 views

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code. According to Island, the extension, named Adblock for YouTube, has more than 10 million installs and carries a Featured badge on the Chrome Web Store. The extensio...

6.3AI score
Exploits0
Fedora
Fedora
added 2026/06/24 1:33 a.m.7 views

[SECURITY] Fedora 43 Update: yt-dlp-2026.06.09-1.fc43

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

9.6CVSS5.8AI score0.00555EPSS
Exploits1
Fedora
Fedora
added 2026/06/21 1:1 a.m.6 views

[SECURITY] Fedora 44 Update: yt-dlp-2026.06.09-1.fc44

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

9.6CVSS5.8AI score0.00555EPSS
Exploits1
Patchstack
Patchstack
added 2026/06/11 11:48 a.m.13 views

WordPress Feeds for YouTube plugin < 2.6.4 - Subscriber+ License Data Deletion vulnerability

Subscriber+ License Data Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Feeds for YouTube versions 2.6.4...

5.4CVSS5.4AI score0.00231EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-65122

Regex Denial of Service in youtube-regex npm package through version 1.0.5...

7.5CVSS5.4AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-71310

The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...

1.8CVSS5.3AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-1631

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

5.4CVSS5.5AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.12 views

CVE-2026-9048

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

4.3CVSS5.5AI score0.00163EPSS
Exploits0References1
Rows per page
Query Builder