Lucene search
+L

20 matches found

EUVD
EUVD
added 2026/07/03 6:15 a.m.10 views

EUVD-2026-41507

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...

6AI score0.0061EPSS
Exploits1References3
Hacker One
Hacker One
added 2026/06/26 8:40 a.m.21 views

curl: mbedTLS / wolfSSL / rustls backends silently skip hostname verification when CURLOPT_SSL_VERIFYPEER=0

Summary When an application sets CURLOPTSSLVERIFYPEER=0 while keeping CURLOPTSSLVERIFYHOST=2 the default, the mbedTLS, wolfSSL, and rustls TLS backends silently skip the hostname-vs-certificate check. The OpenSSL, GnuTLS, and Schannel backends correctly preserve hostname checking under the same...

6.1AI score
Exploits0
OSV
OSV
added 2026/05/13 8:28 a.m.2 views

CVE-2026-7009 OCSP stapling bypass with Apple SecTrust

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine...

5.3CVSS7.1AI score0.00267EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.6 views

PT-2026-35897

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description When using the Certificate Status Request TLS extension, commonly known as OCSP stapling, to verify server certificate validity, the software fails to detect OCSP problems and incorrectly treats...

5.2AI score0.00267EPSS
Exploits1References9
OSV
OSV
added 2026/03/23 12:46 p.m.2 views

CVE-2026-4587 HybridAuth SSL Curl.php certificate validation

A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. The attack can be launched remotely. This...

6.3CVSS5.3AI score0.00181EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/02/20 12:0 a.m.14 views

Tenable Security Center Multiple Vulnerabilities (TNS-2026-06)

According to its self-reported version, the Tenable Security Center running on the remote host prior or equal to 6.7.2 and missing relevant patches. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2026-06 advisory. - In PHP versions:8.1. before 8.1.34, 8.2. before...

8.8CVSS7.3AI score0.01165EPSS
Exploits7References13
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.2 views

EulerOS 2.0 SP11 : curl (EulerOS-SA-2025-2478)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname,...

7.5CVSS6.2AI score0.01301EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-7242

Malicious code in bioql PyPI...

5.5CVSS5.5AI score0.00767EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-8030

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient escaping in the Copy as cURL feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in...

8.1CVSS7.2AI score0.00306EPSS
Exploits0References3
Hacker One
Hacker One
added 2025/07/17 6:40 p.m.21 views

curl: curl ASSERTs when accessing an LDAP URL

Summary: curl can crash when accessing an LDAP URL. curl ldap://localhost:1388 curl: result.c:930: tryread1msg: Assertion !BERBVISEMPTY &resoid ' failed. Aborted core dumped No AI was used in the production of this report. This was enabled by oss-fuzz, but initiated by me adding LDAP support to...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2023-46219

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS...

5.3CVSS6.4AI score0.01133EPSS
Exploits1References2
Amazon
Amazon
added 2025/01/09 12:0 a.m.34 views

Medium: curl

Issue Overview: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform...

6.5CVSS6AI score0.0197EPSS
Exploits1
Hacker One
Hacker One
added 2024/10/18 9:29 p.m.27 views

curl: When curl uses Schannel as TLS backend, it fails to enforce TLS 1.3 cipher suite selections correctly

Vulnerability description not provided...

7.1AI score
Exploits0
OSV
OSV
added 2024/03/27 7:0 a.m.15 views

UBUNTU-CVE-2024-2004

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been...

3.5CVSS7AI score0.01681EPSS
Exploits1References5
OSV
OSV
added 2023/12/22 11:6 a.m.4 views

OESA-2023-1959 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file...

5.3CVSS6.9AI score0.01133EPSS
Exploits1References2
OSV
OSV
added 2023/12/12 2:15 a.m.13 views

AZL-32125 CVE-2023-46219 affecting package mysql for versions less than 8.0.40-1

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use...

5.3CVSS6.7AI score0.01133EPSS
Exploits1References1
OSV
OSV
added 2023/12/12 2:15 a.m.8 views

AZL-35020 CVE-2023-46219 affecting package mysql for versions less than 8.0.40-1

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use...

5.3CVSS6.6AI score0.01133EPSS
Exploits1References1
OSV
OSV
added 2023/12/06 12:5 p.m.6 views

SUSE-SU-2023:4659-1 Security update for curl

This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass bsc1217573. - CVE-2023-46219: HSTS long file name clears contents bsc1217574...

6.5CVSS6.1AI score0.01685EPSS
Exploits2References5
OSV
OSV
added 2021/04/28 7:23 a.m.7 views

SUSE-SU-2021:1396-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22876: Fixed an issue where the automatic referer was leaking credentials bsc1183933...

5.3CVSS5.7AI score0.05301EPSS
Exploits1References3
OSV
OSV
added 2020/06/24 12:0 a.m.4 views

UBUNTU-CVE-2020-8177

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used...

7.8CVSS6.7AI score0.01236EPSS
Exploits1References3
Rows per page
Query Builder