CVE-2018-20483: wget --xattr leaks URL credentials into user.xdg.origin.url extended attribute

CVE-2018-20483: Information Leak via Extended Attributes in Wget

CVE-2017-13089: wget skip_short_body stack overflow via negative HTTP chunk size (signed strtol + SIZE_MAX read)

CVE-2017-13089: Wget Stack Overflow in Chunked Transfer Encoding Handler

CVE-2017-13089: wget skip_short_body() stack overflow via negative chunked size

CVE-2024-38428: wget url_skip_credentials semicolon causes hostname confusion

CVE-2024-38428: GNU Wget url_skip_credentials mishandles ';' in userinfo, enabling hostname confusion

CVE-2024-38428: URL parser hostname confusion via multiple @ characters in userinfo

CVE-2024-33869: Ghostscript path traversal via unresolved symlinks in SAFER mode

CVE-2023-43115: Ghostscript IJS device SAFER bypass allowing path traversal and arbitrary command execution

CVE-2023-43115: Ghostscript IJS device bypasses SAFER, allowing path-traversal arbitrary file write and RCE

CVE-2021-45944: Use-after-free in Ghostscript sampled_data_finish via moving GC interior-pointer invalidation

CVE-2020-15900: Ghostscript zbitshift integer overflow via off-by-one shift range check

CVE-2020-15900 — rsearch post-string size off-by-one in Ghostscript 9.52

Ghostscript CVE-2020-15900: Integer Overflow in PostScript Calculator bitshift Operator

CVE-2024-29510 — Format string injection in Ghostscript uniprint device (gdevupd.c)

Ghostscript CVE-2023-36664: Command Injection via Pipe Device Filename

GNU sed -i --follow-symlinks TOCTOU race → arbitrary file overwrite (CVE-2023-7008)

CVE-2023-7008: GNU sed -i --follow-symlinks TOCTOU race enables arbitrary file overwrite

CVE-2023-7008: TOCTOU symlink race in sed --follow-symlinks