JLSEC-2026-119 Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary...

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

Improper Protection of Alternate Path

Overview awslabs.aws-api-mcp-server is a Model Context Protocol MCP server for interacting with AWS Affected versions of this package are vulnerable to Improper Protection of Alternate Path through the AWS CLI shorthand parser in awsapimcpserver/core/aws/services.py. An attacker can read arbitrar...

MAL-2026-1563 Malicious code in transform-es2015-shorthand-properties (npm)

The package 'transform-es2015-shorthand-properties' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2...

TencentOS Server 4: wget (TSSA-2024:0995)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0995 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Malicious code in graphql-shorthand-parser2 (npm)

The package graphql-shorthand-parser2 was found to contain malicious code...

MAL-2025-21888 Malicious code in graphql-shorthand-parser2 (npm)

The package graphql-shorthand-parser2 was found to contain malicious code...

Security update for wget

This update for wget fixes the following issues: CVE-2024-10524: Drop support for shorthand URLs bsc1233773. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for you...

EulerOS 2.0 SP10 : wget (EulerOS-SA-2025-1545)

According to the versions of the wget package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these...

SUSE-SU-2025:20097-1 Security update for wget

This update for wget fixes the following issues: - CVE-2024-10524: Drop support for shorthand URLs bsc1233773...

Security update for wget

This update for wget fixes the following issues: CVE-2024-10524: Drop support for shorthand URLs bsc1233773. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for you...

OESA-2024-2497 wget security update

GNU Wget is a free software package for retrieving files using HTTP, HTTPS, FTP and FTPS the most widely-used Internet protocols. It is a non-interactive commandline tool, so it may easily be called from scripts, cron jobs, terminals without X-Windows support, etc. Security Fixes: Applications th...

Security update for wget

This update for wget fixes the following issues: CVE-2024-10524: Fixed SSRF via shorthand HTTP URL bsc1233773 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for yo...

GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs

...

ALPINE-CVE-2024-10524

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

CVE-2024-10524

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

AZL-53235 CVE-2024-10524 affecting package wget for versions less than 1.21.2-4

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

CVE-2024-10524

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

DEBIAN-CVE-2024-10524

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

CVE-2024-10524

CVE-2024-10524 affects GNU Wget. The flaw allows SSRF: when using shorthand URLs and passing arbitrary credentials in the URL, an attacker can induce Wget to access an arbitrary host. Public advisories and vendor pages indicate patches are released (e.g., newer Wget builds like 1.21.2-4 and distr...

CVE-2024-10524

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...