CVE-2026-4947

creationtimestamp| type| source ---|---|--- 2026-04-01 03:18:36+00:00| seen| Telegram/jyatwHTsuiD0gHBEYEMrZjBra-amFrxPGWmF0zTmxDIL8I 2026-04-01 05:16:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mifwqza4sr27...

CVE-2022-4947

creationtimestamp| type| source ---|---|--- 2026-03-06 16:02:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgfoq6q5ca24...

SUSE: Security Advisory (SUSE-SU-2025:03198-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for curl

This update for curl fixes the following issues: Update to version 8.14.1 jscPED-13055, jscPED-13056. Security issues fixed: CVE-2025-0665: eventfd double close can cause libcurl to act unreliably bsc1236589. CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks...

SUSE-SU-2025:20675-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-5399: libcurl can possibly get trapped in an endless busy-loop when processing specially crafted packets bsc1243933. - CVE-2025-5025: No QUIC certificate pinning with wolfSSL bsc1243706. - CVE-2025-4947: QUIC certificate check skip with...

CBL Mariner 2.0 Security Update: cmake / mysql (CVE-2025-4947)

The version of cmake / mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4947 advisory. - libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host...

Azure Linux 3.0 Security Update: cmake (CVE-2025-4947)

The version of cmake installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4947 advisory. - libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specifi...

CVE-2025-4947 affecting package cmake for versions less than 3.30.3-7

CVE-2025-4947 affecting package cmake for versions less than 3.30.3-7. A patched version of the package is available...

curl-8.14.0-1.1 on GA media (moderate)

curl-8.14.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15176-1 Rating: moderate Cross-References: CVE-2025-4947 CVE-2025-5025 CVSS scores: CVE-2025-4947 SUSE : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2025-4947 SUSE : 8.3...

CVE-2025-4947

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...

Curl 8.8.0 < 8.14.0 Improper Certificate Validation (CVE-2025-4947)

The version of Curl installed on the remote host is is missing security update. It is, therefore, affected by a improper certificate validation vulnerability. - libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the...

Slackware: Security Advisory (SSA:2025-148-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-4947 QUIC certificate check skip with wolfSSL

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...

CVE-2025-4947 QUIC certificate check skip with wolfSSL

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...

CVE-2025-4947

CWE-2025-4947 affects libcurl: when using QUIC, a host specified by an IP address in the URL may bypass certificate verification, preventing detection of impostors or MITM attacks. Documents confirm the vulnerability, its impact (certificate check bypass for QUIC/HTTP3), and that it is being trac...

curl -- Multiple vulnerabilities

curl security team reports: CVE-2025-5025: No QUIC certificate pinning with wolfSSL CVE-2025-4947: QUIC certificate check skip with wolfSSL...

CVE-2023-4947

The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

curl: CVE-2025-4947: QUIC certificate check skip with wolfSSL

Summary: When using WolfSSL as the TLS backend, there is an issue where the CN or SAN in the certificate is not verified when connecting to an IP address over HTTP/3. wolfSSLX509checkhost is only called when peer-sni is not NULL. However, when an IP address is specified, peer-sni is NULL, so the...

Linux Distros Unpatched Vulnerability : CVE-2024-4947

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Adobe Reader < 2015.006.30418 / 2017.011.30080 / 2018.011.20040 Multiple Vulnerabilities (APSB18-09) (macOS)

The version of Adobe Reader installed on the remote macOS host is a version prior to 2015.006.30418, 2017.011.30080, or 2018.011.20040. It is, therefore, affected by multiple vulnerabilities. - Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and...