Search CVE reports


Toggle filters

1 – 10 of 27 results


CVE-2026-58472

Medium priority
Needs evaluation

GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the html_quote_string() function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted...

1 affected package

wget

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wget Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-58471

Medium priority
Needs evaluation

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convert_fname() function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied...

1 affected package

wget

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wget Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-58470

Medium priority
Needs evaluation

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() function within src/http.c that allows server-controlled values to cause signed integer arithmetic to...

1 affected package

wget

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wget Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-58469

Medium priority
Needs evaluation

GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the clean_metalink_string() function within src/metalink.c that allows a malicious server to trigger memory corruption by serving...

1 affected package

wget

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wget Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-1858

Medium priority
Needs evaluation

wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it...

1 affected package

wget2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wget2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-69195

Medium priority
Needs evaluation

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active....

1 affected package

wget2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wget2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-69194

Medium priority
Needs evaluation

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. An attacker can abuse this behavior to write files to...

1 affected package

wget2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wget2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-10524

Low priority
Needs evaluation

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an...

1 affected package

wget

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wget Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-38428

Medium priority

Some fixes available 10 of 11

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part...

1 affected package

wget

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wget Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-31879

Medium priority
Vulnerable

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.

1 affected package

wget

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
wget Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages