CVE-2026-58472
- EPSS 0.22%
- Veröffentlicht 07.07.2026 19:50:53
- Zuletzt bearbeitet 09.07.2026 15:58:45
GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the html_quote_string() function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted HTML attribute with...
CVE-2026-58471
- EPSS 0.22%
- Veröffentlicht 07.07.2026 19:47:47
- Zuletzt bearbeitet 09.07.2026 16:02:07
GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convert_fname() function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring ch...
CVE-2026-58470
- EPSS 0.25%
- Veröffentlicht 07.07.2026 19:45:53
- Zuletzt bearbeitet 09.07.2026 16:01:18
GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can su...
CVE-2026-58469
- EPSS 0.35%
- Veröffentlicht 07.07.2026 19:43:34
- Zuletzt bearbeitet 09.07.2026 15:59:43
GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the clean_metalink_string() function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document ...
CVE-2024-10524
- EPSS 1.11%
- Veröffentlicht 19.11.2024 15:15:06
- Zuletzt bearbeitet 15.04.2026 00:35:42
Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.
CVE-2024-38428
- EPSS 0.67%
- Veröffentlicht 16.06.2024 03:15:08
- Zuletzt bearbeitet 21.04.2025 10:15:14
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcompo...
CVE-2021-31879
- EPSS 1.1%
- Veröffentlicht 29.04.2021 05:15:08
- Zuletzt bearbeitet 21.11.2024 06:06:25
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
CVE-2019-5953
- EPSS 5.75%
- Veröffentlicht 17.05.2019 16:29:05
- Zuletzt bearbeitet 21.11.2024 04:45:47
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
CVE-2018-20483
- EPSS 0.66%
- Veröffentlicht 26.12.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:01:34
set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credent...
CVE-2018-0494
- EPSS 17.25%
- Veröffentlicht 06.05.2018 22:29:00
- Zuletzt bearbeitet 21.11.2024 03:38:21
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.