A newly discovered 0-day vulnerability in GNU's Wget, identified as CVE-2024-10524, allows for potential attacks such as phishing, SSRF, and MiTM by exploiting its support for deprecated shorthand URL formats. These vulnerabilities can lead to serious security breaches like bypassing resource restrictions and exposing sensitive information. The flaw, which affects all Wget versions up to 1.24.5, occurs when using shorthand HTTP URLs with user-provided input, potentially redirecting requests to attacker-controlled or restricted hosts. A patch addressing this issue was released in Wget version 1.25.0, which removed support for the shorthand FTP format. Users are advised to update to this version or mitigate the vulnerability by converting shorthand URLs to their full formats. While the vulnerability holds a medium severity score due to its uncommon exploitation in real-world scenarios, it serves as a reminder of the importance of input sanitization and security updates.