JLSEC-2026-118

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007...

JLSEC-2026-120

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent...

MiracleLinux 4 : wget-1.12-5.AXS4.1 (AXSA:2014-673:03)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-673:03 advisory. Description : GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background...

CVE-2025-69194

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...

CVE-2025-69195 Wget2: gnu wget2: memory corruption and crash via filename sanitization logic with attacker-controlled urls

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...

CVE-2025-69194

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...

ROS-20251215-7307

A vulnerability in the GNU Wget download manager is related to insufficient server-side request validation. Exploitation of the vulnerability could allow a remote attacker to perform an SSRF, phishing or man-in-the-middle attack...

TencentOS Server 3: wget (TSSA-2024:0395)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0395 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: wget (TSSA-2022:0063)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0063 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

EUVD-2018-13037

Malware in sbrugna...

EUVD-2021-18754

Malware in sbrugna...

EUVD-2010-2264

Malware in sbrugna...

EUVD-2006-6702

Malware in sbrugna...

EUVD-2019-15521

Malware in sbrugna...

EUVD-2009-3472

Malware in sbrugna...

Security Bulletin: GNU Wget through 1.21.1 could affect watsonx.data

Summary GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2021-31879 DESCRIPTION: GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different...

TencentOS Server 3: wget (TSSA-2023:0139)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0139 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 4: wget (TSSA-2024:1004)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1004 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Alibaba Cloud Linux 3 : 0063: wget (ALINUX3-SA-2022:0063)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0063 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-5953: Buffer overflow in GNU Wget 1.20.1 a...

Alibaba Cloud Linux 3 : 0194: wget (ALINUX3-SA-2024:0194)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0194 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-38428: url.c in GNU Wget through 1.24.5...