10280 matches found
CVE-2026-9080
Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...
CVE-2026-9080
CVE-2026-9080 is a use-after-free in libcurl triggered when curl_easy_pause() is called from the event-based CURLMOPT_SOCKETFUNCTION callback. The underlying issue is a freed mev_sh_entry pointer being used to update tracing fields, potentially allowing DoS or code execution paths. Affected softw...
CVE-2026-8927
When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...
CVE-2026-8926 password leak with netrc and user in URL
When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...
CVE-2026-8926
When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...
EUVD-2026-41507
When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...
CVE-2026-8926
CVE-2026-8926 affects curl when using a .netrc file for credentials while the URL contains a username (no password). The vulnerability can cause curl to fetch and use the password of another user for the same host if a matching host exists in .netrc, leading to credential disclosure. The issue is...
CVE-2026-8925 SASL double-free
The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free the same pointer twice...
CVE-2026-8925
The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free the same pointer twice...
CVE-2026-8925
The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free the same pointer twice...
CVE-2026-8925
CVE-2026-8925 affects curl with SASL authentication. The issue is a double-free: the GSASL context can be cleaned up twice without clearing the pointer, potentially freeing the same pointer twice. This vulnerability is present in curl versions prior to 8.21.0 (e.g., 8.15.0), and remote exploitati...
EUVD-2026-41506
The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free the same pointer twice...
CVE-2026-8924 trailing dot domain super cookie
A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...
EUVD-2026-41505
A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...
CVE-2026-8924
A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains...
CVE-2026-8924
CVE-2026-8924 – curl cookie parsing flaw. The vulnerability arises from curl’s cookie parsing logic, enabling a malicious HTTP server to set ‘super cookies’ that bypass the Public Suffix List check. This allows an attacker-controlled origin to inject cookies that curl subsequently scopes and tran...
CVE-2026-12064
When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...
CVE-2026-12064
When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...
CVE-2026-11586 WS Auto-PONG memory exhaustion
By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...
EUVD-2026-41500
By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...