Lucene search
K

17040 matches found

OSV
OSV
added yesterday1 views

DEBIAN-CVE-2026-58471

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

5.9CVSS6.2AI score
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-58472

GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the htmlquotestring function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted HTML attribute with a large number of characters requiring entity...

6CVSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-58471

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS
Exploits0References2
Debian CVE
Debian CVE
added yesterday3 views

CVE-2026-58472

GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the htmlquotestring function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted HTML attribute with a large number of characters requiring entity...

6CVSS6.3AI score
Exploits0
Cvelist
Cvelist
added yesterday24 views

CVE-2026-58472 GNU Wget 1.25.0 Heap Buffer Overflow via HTML Attribute Encoding

GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the htmlquotestring function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted HTML attribute with a large number of characters requiring entity...

6CVSS
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-58472

GNU Wget 1.25.0 contains a heap buffer overflow in html_quote_string() (src/convert.c) triggered by a crafted HTML attribute that requires extensive entity encoding. A server-supplied HTML attribute overflows a signed integer counter during output size accumulation, causing an undersized heap all...

6CVSS6.3AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-42083

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS6.2AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-58471

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added yesterday22 views

CVE-2026-58471 GNU Wget 1.25.0 Heap Buffer Overflow via convert_fname() in url.c

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added yesterday6 views

CVE-2026-58471 GNU Wget 1.25.0 Heap Buffer Overflow via convert_fname() in url.c

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS6.2AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-58471

CVE-2026-58471 affects GNU Wget up to version 1.25.0. The vulnerability is a heap buffer overflow in the convert_fname() function in src/url.c, triggered by server-supplied filenames requiring character set conversion. When the output buffer is too small during iconv E2BIG reallocation, the reall...

6CVSS6.2AI score
Exploits0References2
Debian CVE
Debian CVE
added yesterday3 views

CVE-2026-58470

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS6.1AI score
Exploits0
CVE
CVE
added yesterday10 views

CVE-2026-58470

GNU Wget 1.25.0 and earlier is affected by an integer overflow in parse_content_range() (src/http.c) triggered by server-controlled Content-Range headers, leading to undefined behavior and download desynchronization. The issue is fixed in commit 43d3ba9, and users should upgrade to a version that...

6.9CVSS6.1AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-58470

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS6.1AI score
Exploits0References3
Debian CVE
Debian CVE
added yesterday3 views

CVE-2026-58469

GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...

8.7CVSS6.2AI score
Exploits0
Cvelist
Cvelist
added yesterday23 views

CVE-2026-58469 GNU Wget 1.25.0 Heap Buffer Underread via Metalink URL Parsing

GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...

8.7CVSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-58469

GNU Wget prior to 1.25.0 is affected by a heap buffer underread in clean_metalink_string() inside src/metalink.c when parsing a Metalink URL that is whitespace-only. The issue can lead to memory corruption and abnormal program behavior; the CVE notes multiple CVSS measurements with high impact (a...

8.7CVSS6.2AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-58469

GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...

8.7CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-25018

id: groups= computed from real GID instead of effective GID...

4.4CVSS5.9AI score0.00108EPSS
Exploits1References3
OSV
OSV
added 2 days ago3 views

OESA-2026-2860 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: CMS...

2.9CVSS5.9AI score0.0011EPSS
Exploits0References2
Rows per page
Query Builder