Achievements - dxleryt

CVE-2026-26331: yt-dlp Arbitrary Command Injection via --netrc-cmd

2026-02-21 Vulnerability Discovery 8.8

Arbitrary command injection in yt-dlp's --netrc-cmd option allows an attacker to execute OS commands via a maliciously crafted URL, exploitable through HTTP redirects.

CVECommand Injectionyt-dlpPythonRCE

CVE-2026-25731: Calibre Templite SSTI to Arbitrary Code Execution

2026-02-10 Vulnerability Discovery 7.8

Server-Side Template Injection vulnerability in Calibre's Templite engine allows arbitrary Python code execution via user-supplied HTML export templates in versions ≤ 9.1.0.

CVESSTIRCECalibrePython

HotelDruid 2.2.3: SQL Injection in disponibilita.php

2026-01-15 Vulnerability Discovery

SQL injection vulnerability in HotelDruid 2.2.3 via unsanitized inizioperiodo and fineperiodo parameters in disponibilita.php, allowing full database extraction.

SQLiHotelDruidWeb SecurityDatabase

CVE-2024-41570: Havoc C2 Authenticated RCE via SSRF Chain

2024-11-20 Vulnerability Discovery

Authenticated Remote Code Execution in Havoc C2 framework by chaining SSRF with command injection to execute arbitrary commands on the teamserver.

CVESSRFCommand InjectionRCEC2Python