Lucene search
K

15 matches found

Vulnrichment
Vulnrichment
added 2026/05/05 8:58 p.m.9 views

CVE-2026-39852 Quarkus authorization bypass via semicolon path normalization inconsistency

Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged users to bypass HTTP...

8.8CVSS5.9AI score0.00444EPSS
Exploits0References1
OSV
OSV
added 2026/04/15 8:29 p.m.10 views

JLSEC-2026-120

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent...

9.1CVSS6.7AI score0.00672EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.7 views

TencentOS Server 3: wget (TSSA-2024:0395)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0395 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

9.1CVSS7AI score0.00672EPSS
Exploits0References2
OSV
OSV
added 2025/08/28 7:38 p.m.7 views

CLSA-2025-1756409922 wget: Fix of CVE-2024-38428

CVE-2024-38428: fix mishandle semicolons in userinfo subcomponent of URI to prevent insecure behavior...

9.1CVSS6.8AI score0.00672EPSS
Exploits0References1
CloudLinux
CloudLinux
added 2025/08/28 7:38 p.m.6 views

wget: Fix of CVE-2024-38428

CVE-2024-38428: fix mishandle semicolons in userinfo subcomponent of URI to prevent insecure behavior...

9.1CVSS7.1AI score0.00672EPSS
Exploits0
OSV
OSV
added 2025/08/28 7:26 p.m.7 views

CLSA-2025-1756409198 wget: Fix of CVE-2024-38428

CVE-2024-38428: fix mishandle semicolons in userinfo subcomponent of URI to prevent insecure behavior...

9.1CVSS6.8AI score0.00672EPSS
Exploits0References1
Broadcom
Broadcom
added 2025/02/27 12:0 a.m.10 views

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent

Brocade Wget contains an improper input validation vulnerability. An attacker could exploit this via theuserinfosubcomponent of a URI to cause insecure behavior which could potentially cause improper authentication, exposure of sensitive information, or other serious data integrity issues...

9.1CVSS6.8AI score0.00672EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/09/05 6:17 p.m.6 views

wget: Misinterpretation of input may lead to improper behavior

A flaw was found in wget. Incorrect handling of semicolons in the userinfo subcomponent of a URI allows it to be misinterpreted as part of the host subcomponent, potentially exposing user credentials...

9.1CVSS7.2AI score0.00672EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/09/03 6:31 p.m.6 views

wget: Misinterpretation of input may lead to improper behavior

A flaw was found in wget. Incorrect handling of semicolons in the userinfo subcomponent of a URI allows it to be misinterpreted as part of the host subcomponent, potentially exposing user credentials...

9.1CVSS7.2AI score0.00672EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/09/03 10:30 a.m.8 views

wget: Misinterpretation of input may lead to improper behavior

A flaw was found in wget. Incorrect handling of semicolons in the userinfo subcomponent of a URI allows it to be misinterpreted as part of the host subcomponent, potentially exposing user credentials...

9.1CVSS7.2AI score0.00672EPSS
Exploits0References5
OSV
OSV
added 2024/08/09 5:19 p.m.6 views

CLSA-2024-1723223949 Fix CVE(s): CVE-2024-38428

SECURITY UPDATE: Insecure behavior with semicolons in URI userinfo - debian/patches/CVE-2024-38428.patch: Properly re-implement userinfo parsing rfc2396 to fix outdated RFC implementation - CVE-2024-38428...

9.1CVSS7.3AI score0.00672EPSS
Exploits0References1
OSV
OSV
added 2024/06/16 3:15 a.m.8 views

AZL-42691 CVE-2024-38428 affecting package wget for versions less than 1.21.2-3

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent...

9.1CVSS6.6AI score0.00672EPSS
Exploits0References1
OSV
OSV
added 2024/06/16 3:15 a.m.3 views

DEBIAN-CVE-2024-38428

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent...

9.1CVSS7AI score0.00672EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/16 12:0 a.m.2 views

GNU Wget Security Vulnerability

GNU Wget is a suite of free software from the US GNU community for making downloads over the network, which supports downloads over the three most common TCP/IP protocols, HTTP, HTTPS, and FTP. A security vulnerability exists in GNU Wget version 1.24.5, which stems from url.c incorrectly handling...

9.1CVSS6.5AI score0.00672EPSS
Exploits0References4
CNVD
CNVD
added 2017/07/26 12:0 a.m.4 views

xzgrep Code Execution Vulnerability

xzgrep is a set of regular expression tools for searching compressed files. A security vulnerability exists in the scripts/xzgrep.in file in xzgrep, which stems from the program failing to properly handle filenames with semicolons. A remote attacker can exploit this vulnerability to execute...

7.8CVSS7.9AI score0.0099EPSS
Exploits0References1
Rows per page
Query Builder