Lucene search
K

270 matches found

OSV
OSV
added yesterday1 views

DEBIAN-CVE-2026-58471

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

5.9CVSS6.2AI score
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-58472

GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the htmlquotestring function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted HTML attribute with a large number of characters requiring entity...

6CVSS
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-58472

GNU Wget 1.25.0 contains a heap buffer overflow in html_quote_string() (src/convert.c) triggered by a crafted HTML attribute that requires extensive entity encoding. A server-supplied HTML attribute overflows a signed integer counter during output size accumulation, causing an undersized heap all...

6CVSS6.3AI score
Exploits0References2
Cvelist
Cvelist
added yesterday17 views

CVE-2026-58472 GNU Wget 1.25.0 Heap Buffer Overflow via HTML Attribute Encoding

GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the htmlquotestring function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted HTML attribute with a large number of characters requiring entity...

6CVSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-42083

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS6.2AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-58471

CVE-2026-58471 affects GNU Wget up to version 1.25.0. The vulnerability is a heap buffer overflow in the convert_fname() function in src/url.c, triggered by server-supplied filenames requiring character set conversion. When the output buffer is too small during iconv E2BIG reallocation, the reall...

6CVSS6.2AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-58471

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added yesterday15 views

CVE-2026-58471 GNU Wget 1.25.0 Heap Buffer Overflow via convert_fname() in url.c

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-58470

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday10 views

CVE-2026-58470

GNU Wget 1.25.0 and earlier is affected by an integer overflow in parse_content_range() (src/http.c) triggered by server-controlled Content-Range headers, leading to undefined behavior and download desynchronization. The issue is fixed in commit 43d3ba9, and users should upgrade to a version that...

6.9CVSS6.1AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-58469

GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...

8.7CVSS6.2AI score
Exploits0References3
CVE
CVE
added yesterday7 views

CVE-2026-58469

GNU Wget prior to 1.25.0 is affected by a heap buffer underread in clean_metalink_string() inside src/metalink.c when parsing a Metalink URL that is whitespace-only. The issue can lead to memory corruption and abnormal program behavior; the CVE notes multiple CVSS measurements with high impact (a...

8.7CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added yesterday16 views

CVE-2026-58469 GNU Wget 1.25.0 Heap Buffer Underread via Metalink URL Parsing

GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...

8.7CVSS
Exploits0References2
OSV
OSV
added 2026/04/15 8:29 p.m.7 views

JLSEC-2026-118

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007...

6.1CVSS5.8AI score0.01104EPSS
Exploits0References4
OSV
OSV
added 2026/04/15 8:29 p.m.10 views

JLSEC-2026-120

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent...

9.1CVSS6.7AI score0.00672EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.8 views

MiracleLinux 4 : wget-1.12-5.AXS4.1 (AXSA:2014-673:03)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-673:03 advisory. Description : GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background...

9.3CVSS7.6AI score0.39883EPSS
Exploits4References2
Cvelist
Cvelist
added 2026/01/09 7:57 a.m.25 views

CVE-2025-69195 Wget2: gnu wget2: memory corruption and crash via filename sanitization logic with attacker-controlled urls

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...

7.6CVSS0.00291EPSS
Exploits0References2
OSV
OSV
added 2026/01/09 7:53 a.m.5 views

CVE-2025-69194 Wget2: arbitrary file write via metalink path traversal in gnu wget2

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...

8.8CVSS5.8AI score0.00707EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/29 2:41 p.m.8 views

CVE-2025-69194

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...

8.8CVSS6.4AI score0.00707EPSS
Exploits1References3
Redos
Redos
added 2025/12/15 12:0 a.m.10 views

ROS-20251215-7307

A vulnerability in the GNU Wget download manager is related to insufficient server-side request validation. Exploitation of the vulnerability could allow a remote attacker to perform an SSRF, phishing or man-in-the-middle attack...

6.5CVSS6.9AI score0.0111EPSS
Exploits0
Rows per page
Query Builder