Lucene search
+L

3015 matches found

thn
thn
added 4 days ago13 views

CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in...

6.2AI score
Exploits0
susecve
susecve
added 2026/07/10 3:20 a.m.7 views

SUSE CVE-2026-8458

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

4.2CVSS6.1AI score0.00543EPSS
Exploits1References8
susecve
susecve
added 2026/07/10 3:20 a.m.5 views

SUSE CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

5.3CVSS6.1AI score0.00752EPSS
Exploits1References9
susecve
susecve
added 2026/07/10 3:20 a.m.4 views

SUSE CVE-2026-9079

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

7.5CVSS6.1AI score0.01064EPSS
Exploits1References8
susecve
susecve
added 2026/07/10 3:20 a.m.4 views

SUSE CVE-2026-9080

Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...

5.9CVSS6AI score0.00494EPSS
Exploits1References8
susecve
susecve
added 2026/07/10 3:20 a.m.4 views

SUSE CVE-2026-9545

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

5.9CVSS6AI score0.00408EPSS
Exploits1References8
susecve
susecve
added 2026/07/10 3:20 a.m.4 views

SUSE CVE-2026-9547

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS6.1AI score0.00508EPSS
Exploits1References8
susecve
susecve
added 2026/07/10 3:20 a.m.6 views

SUSE CVE-2026-10536

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...

5.5CVSS6.1AI score0.00891EPSS
Exploits1References8
nessus
nessus
added 2026/07/10 12:0 a.m.6 views

libcurl 8.11.0 < 8.21.0 HTTP/3 Early Data Information Disclosure (CVE-2026-9545)

The version of libcurl installed on the remote host is 8.11.0 prior to 8.21.0. It is, therefore, affected by an information disclosure vulnerability: - When libcurl returns to a hostname with a cached SSL session and early data enabled, libcurl might send the request bytes before enforcing the...

7.5CVSS6.1AI score0.00408EPSS
Exploits1References2
nessus
nessus
added 2026/07/10 12:0 a.m.9 views

libcurl 7.30.0 < 8.21.0 Wrong STARTTLS Connection Reuse (CVE-2026-8286)

The version of libcurl installed on the remote host is 7.30.0 prior to 8.21.0. It is, therefore, affected by a vulnerability: - A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration...

8.1CVSS6.1AI score0.0052EPSS
Exploits1References2
nessus
nessus
added 2026/07/10 12:0 a.m.10 views

libcurl 8.15.0 < 8.21.0 SASL Double-Free (CVE-2026-8925)

The version of libcurl installed on the remote host is 8.15.0 prior to 8.21.0. It is, therefore, affected by a double-free vulnerability: - The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free t...

9.8CVSS6.1AI score0.0108EPSS
Exploits1References2
nessus
nessus
added 2026/07/10 12:0 a.m.9 views

libcurl 8.11.1 < 8.21.0 Netrc Wrong User Password Leak (CVE-2026-8926)

The version of libcurl installed on the remote host is 8.11.1 prior to 8.21.0. It is, therefore, affected by a credential leak vulnerability: - When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a username without a password, curl could wrongly ge...

9.1CVSS6.1AI score0.0061EPSS
Exploits1References2
nessus
nessus
added 2026/07/10 12:0 a.m.7 views

libcurl 7.46.0 < 8.21.0 Super Cookie PSL Bypass (CVE-2026-8924)

The version of libcurl installed on the remote host is 7.46.0 prior to 8.21.0. It is, therefore, affected by a cookie injection vulnerability: - A flaw in curl's cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an...

9.1CVSS6.1AI score0.00649EPSS
Exploits1References2
nessus
nessus
added 2026/07/10 12:0 a.m.10 views

libcurl 8.18.0 < 8.21.0 QUIC UDP Denial of Service (CVE-2026-11352)

The version of libcurl installed on the remote host is 8.18.0 prior to 8.21.0. It is, therefore, affected by a denial of service vulnerability: - An issue in curl's QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client...

7.5CVSS6.4AI score0.0101EPSS
Exploits1References2
redhatcve
redhatcve
added 2026/07/08 7:27 p.m.5 views

CVE-2026-10536

A flaw was found in libcurl. This use-after-free vulnerability occurs when an application configures an HTTP/2 stream-dependency tree and then performs a sequence of operations involving curleasyreset and curleasycleanup. During the final cleanup, libcurl attempts to access memory that has alread...

9.8CVSS5.8AI score0.00891EPSS
Exploits1References6
redhatcve
redhatcve
added 2026/07/08 4:21 p.m.5 views

CVE-2026-11856

A flaw was found in curl. When libcurl performs a transfer to an HTTP origin using Digest authentication and then reuses the same connection handle for a subsequent transfer to a different origin, it may incorrectly send the authentication header intended for the first origin to the second. This...

9.8CVSS5.8AI score0.01064EPSS
Exploits1References6
redhatcve
redhatcve
added 2026/07/06 11:3 p.m.8 views

CVE-2026-11352

A flaw was found in curl and libcurl. A malicious HTTP/3 server can exploit an issue in the QUIC UDP receive function by continuously streaming empty UDP datagrams. This can lead to a remote denial of service DoS against a curl or libcurl client, as the helper function discards zero-length UDP...

7.5CVSS6.1AI score0.0101EPSS
Exploits1References6
redhatcve
redhatcve
added 2026/07/06 8:28 p.m.7 views

CVE-2026-8932

A flaw was found in curl. The libcurl library, used for transferring data with URLs, could improperly reuse existing network connections. This occurred even when changes to mutual Transport Layer Security mTLS settings, particularly those for client certificates, should have prevented such reuse...

7.5CVSS6AI score0.00368EPSS
Exploits1References6
redhatcve
redhatcve
added 2026/07/06 7:51 p.m.7 views

CVE-2026-9080

A flaw was found in libcurl. When curleasypause is called within the event-based CURLMOPTSOCKETFUNCTION callback, a use-after-free vulnerability is triggered. This occurs because libcurl attempts to store a flag using a pointer to memory that has already been freed. An attacker could potentially...

7.3CVSS6AI score0.00494EPSS
Exploits1References6
redhatcve
redhatcve
added 2026/07/06 7:51 p.m.6 views

CVE-2026-9545

A flaw was found in libcurl. An attacker can exploit this by replacing a legitimate HTTP/3 server with an impostor machine. When libcurl attempts a second transfer to the same site with a cached SSL session and early data enabled, it may send sensitive request data before verifying the server's...

7.5CVSS5.6AI score0.00408EPSS
Exploits1References6
Rows per page
Query Builder