CVE-2026-23944

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.13.2, unauthenticated requests could be proxied to remote environment agents, allowing access to remote environment resources without authentication. The environment proxy middleware handled...

Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2025-1736)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to the DocumentBuilderFactory used in the XunitXmlPlugin.java file, which is used without disabling DTDs or external entities.. An attacker can access arbitrary files on the file system or initiate...

EulerOS 2.0 SP10 : wget (EulerOS-SA-2025-1544)

According to the versions of the wget package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these...

Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2025-1309)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2024-0378 Updated wget packages fix security vulnerability

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. CVE-2024-10524...

CBL Mariner 2.0 Security Update: wget (CVE-2024-10524)

The version of wget installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10524 advisory. - Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credential...

AZL-53235 CVE-2024-10524 affecting package wget for versions less than 1.21.2-4

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

CVE-2024-10524

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

CVE-2024-10524 GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

FreeBSD : xmltooling -- remote resource access (f7e9a1cc-0931-11ee-94b4-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f7e9a1cc-0931-11ee-94b4-6cc21735f730 advisory. - Shibboleth consortium reports: An updated version of the XMLTooling library that is part of the...

Tridium Niagara Synchronous Access of Remote Resource Without Timeout (CVE-2020-14483)

A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110 and Niagara Enterprise Security Versions 2.4.31, 2.4.45, 4.8.0.35 to...

CVE-2022-38731

Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. Only images are displayed to the attacker. All other files are loaded but not displaye...