VYPR
Vendor

Franklioxygen

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2026-33890CriMar 27, 2026
    risk 0.57cvss 9.8epss 0.00

    MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated attacker can register an arbitrary passkey and subsequently authenticate with it to obtain a full admin session. The application exposes passkey registration…

  • CVE-2026-33735HigMar 27, 2026
    risk 0.50cvss 8.8epss 0.00

    MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the `/api/settings/import-database` endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database…

  • CVE-2026-33935HigMar 27, 2026
    risk 0.42cvss 7.5epss 0.01

    MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three…

  • CVE-2026-24140Jan 23, 2026
    risk 0.00cvss epss 0.00

    MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings() function accepts arbitrary…

  • CVE-2026-24139Jan 23, 2026
    risk 0.00cvss epss 0.00

    MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete application database. The application fails to properly validate user permissions on…

  • CVE-2026-23848Jan 19, 2026
    risk 0.00cvss epss 0.00

    MyTube is a self-hosted downloader and player for several video websites. Prior to version 1.7.71, a rate limiting bypass via `X-Forwarded-For` header spoofing allows unauthenticated attackers to bypass IP-based rate limiting on general API endpoints. Attackers can spoof client…

  • CVE-2026-23837Jan 19, 2026
    risk 0.00cvss epss 0.01

    MyTube is a self-hosted downloader and player for several video websites. A vulnerability present in version 1.7.65 and poetntially earlier versions allows unauthenticated users to bypass the mandatory authentication check in the roleBasedAuthMiddleware. By simply not providing…