Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-58471

A flaw was found in GNU Wget. A remote attacker can exploit a heap buffer overflow vulnerability in the convertfname function. This occurs when processing a server-supplied filename that requires character set conversion, leading to memory corruption due to incorrect buffer reallocation. This can...

7.1CVSS6.2AI score0.00217EPSS
Exploits0References5
OSV
OSV
added 3 days ago4 views

DEBIAN-CVE-2026-58471

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

5.9CVSS6.2AI score0.00217EPSS
Exploits0References1
CVE
CVE
added 3 days ago7 views

CVE-2026-58471

GNU Wget up to 1.25.0 contains a heap buffer overflow in convert_fname() (src/url.c) that can be triggered by a server-supplied filename requiring character set conversion. When the output buffer is too small and iconv E2BIG reallocates, the remaining space is miscalculated, allowing memory corru...

7.1CVSS6.2AI score0.00217EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-42083

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS6.2AI score0.00217EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 3 days ago3 views

CVE-2026-58471

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

7.1CVSS6.2AI score0.00217EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/08 6:43 p.m.11 views

NPM: Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor

NPM: Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor discovered by ? in WordPress Npm electerm versions = 3.7.8...

7.8CVSS5.8AI score0.00167EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.17 views

PT-2026-38617

Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2025.81 Description An authenticated unrestricted file upload issue exists in the product image upload functionality. An attacker with valid credentials can bypass MIME type validation by prepending GIF89a magi...

6.3CVSS6.1AI score0.00229EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:58 a.m.4 views

SUSE CVE-2010-2252

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL wit...

6.8CVSS7.8AI score0.04214EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2016/11/03 8:9 a.m.12 views

wget: Lack of filename checking allows arbitrary file upload via FTP redirect

It was found that wget used a file name provided by the server for the downloaded file when following a HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client...

8.8CVSS7.5AI score0.45935EPSS
Exploits8References4
RedHat Linux
RedHat Linux
added 2014/02/10 5:29 p.m.7 views

wget: multiple HTTP client download filename vulnerability [OCERT 2010-001]

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL wit...

6.8CVSS7.8AI score0.04214EPSS
Exploits0References5
securityvulns
securityvulns
added 2002/12/11 12:0 a.m.36 views

FTP clients directory traversal

Server can put relative or absolute path in filename...

2.9AI score
Exploits0References2Affected Software3
Rows per page
Query Builder