1312213 matches found
curl: curl-ipv4-percent-normalization-SSRF
Summary: six or fewer sentences describing the issue in your own human voice and optionally a short proof-of-concept script Affected version Which curl/libcurl version are you using to reproduce? On which platform? curl -V typically generates good output to include Steps To Reproduce: add details...
8x8: jitsi-meet: Prosody/Jigasi missing header whitelist in mod_filter_iq_rayo allows arbitrary SIP header injection and Caller ID spoofing
A vulnerability was discovered in the Prosody and Jigasi components of Jitsi Meet. The Prosody filter implemented an incomplete blocklist that allowed authenticated users with outbound-call privileges to inject arbitrary SIP headers, enabling Caller ID spoofing on outgoing SIP calls in environmen...
curl: CVE-2026-11564: Native CA trust persist
A vulnerability was discovered in the libcurl library where a native CA trust could persist after an easy handle switches to custom CA material. The vulnerability was found to affect builds of libcurl that enable the native CA trust feature. The issue stemmed from the fact that the library did no...
curl: CVE-2026-11586: WS Auto-PONG memory exhaustion
Summary: TL;DR: a remote WebSocket peer can make default curl/libcurl grow memory until timeout or OOM by sending legal PING frames while refusing to read the client's automatic PONGs. curl automatically replies to each received WebSocket PING with a PONG unless CURLWSNOAUTOPONG is set. In...
curl: SSH/SFTP connection reuse can bypass SSH key identity after ssh_config_matches removal
Summary: libcurl's SSH/SFTP connection reuse logic no longer binds a pooled SSH connection to the SSH key identity requested by the new transfer. After sshconfigmatches was removed, urlmatchprotoconfig again has no SSH-specific check for CURLOPTSSHPUBLICKEYFILE or CURLOPTSSHPRIVATEKEYFILE. An...
curl: SOCKS5 no-auth accepted despite username/password-only authentication
Summary: curl/libcurl appears to allow unauthenticated SOCKS5 negotiation even when the caller explicitly configures username/password-only SOCKS5 authentication. With --socks5-basic and SOCKS5 credentials set, curl still advertises both SOCKS5 method 0x00 no authentication and 0x02...
curl: libcurl: HTTP/1.x bare LF byte in response header value enables cookie jar pollution and POST body/credential exfiltration via redirect — RC=0, curl 8
Summary curl's HTTP/1.x response header parser splits header lines using a single memchrbuf, '\n', blen call lib/http.c:4457, with no awareness of whether the current position is inside a quoted-string value. A server response containing any header field whose value embeds a raw LF byte \x0a caus...
curl: GnuTLS OCSP stapling accepts unrelated SingleResponse (no cert-ID binding)
Summary This report describes a variant of the publicly disclosed curl vulnerability CVE-2020-8286 OCSP stapling verification bypass, found in the GnuTLS TLS backend lib/vtls/gtls.c. The original CVE affected the NSS backend; this variant reproduces the same logical class of defect — accepting...
Revive Adserver: XML‑RPC login leak exposes valid session ID enabling unauthorized API access
Vulnerability description not provided...
curl: CVE-2026-11352: QUIC zero-length UDP datagrams busy-loop
Summary: curl's QUIC UDP receive helper ignores zero-length UDP datagrams before counting them against the per-call packet budget. On Linux, recvmmsgpackets loops while pkts maxpkts, but if!mmsgi.msglen continue; runs before pkts is incremented. The recvmsgpackets backend has the same no-progress...
Revive Adserver: CSRF in zone‑include.php allows unauthorized banner and campaign linking
The zone-include.php script in Revive Adserver 6.0.7 was vulnerable to a CSRF attack. Linking and unlinking banners or campaigns to zones could be triggered via crafted GET or POST requests without any verification of the CSRF token, allowing an attacker to perform these actions on behalf of an...
Revive Adserver: PHP code injection in delivery-limitation `logical` validation bypass - XML-RPC setChannelTargeting
Vulnerability description not provided...
Revive Adserver: Stored XSS in maintenance tools via unescaped entity names
A stored XSS vulnerability was discovered in the maintenance tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected in the maintenance-acl-check.php and maintenance-banners-check.php files...
curl: OpenSSL TLS 1.2 session resumption accepts expired server certificates in libcurl
Summary curl's OpenSSL backend can accept a new TLS 1.2 HTTPS connection after the server certificate has expired if the connection resumes a previously cached TLS session. A full handshake made at the same time with the same certificate fails with CURLEPEERFAILEDVERIFICATION, but the resumed...
Node.js: Incomplete Fix for CVE-2026-21637: OCSPRequest and resumeSession Events Crash Node.js TLS Server via Unhandled Synchronous Exceptions
Summary The March 2026 security release patched CVE-2026-21637 by wrapping SNICallback, ALPNCallback, and pskCallback invocations in try/catch blocks inside lib/internal/tls/wrap.js. That fix is present in v26.3.0. However, two other TLS callback paths in the same file were left unprotected: 1...
Revive Adserver: PHP code injection in delivery-limitation `logical` validation bypass
A vulnerability in the delivery-limitation logical validation was reported. The vulnerability allowed bypassing the fix for CVE-2026-34916 by sending a disallowed but otherwise valid plugin identifier as type, or using the ox.setChannelTargeting XML-RPC API method...
Revive Adserver: Reflected XSS via unsanitised refresh parameter in zone invocation tag
A missing sanitization of user input in the zone-include.php script of Revive Adserver 6.0.7 and earlier was reported. This vulnerability allowed a low-privileged user to perform reflected XSS attacks by exploiting the refresh parameter of the iFrame invocation tag...
curl: DNS domain search list followed for extant domain missing A or AAAA records
Summary: Curl calls getaddrinfo to resolve a domain's addresses, however glibc will continue though the domain search list to find data even if it gets a NODATA response. When using AFUNSPEC in the aihints, this search will stop at the first domain with either an A or AAAA record, however when...
Revive Adserver: Missing ownership validation allows cross‑manager tracker–campaign linking
A vulnerability was reported in Revive Adserver version 6.0.7 and earlier that allowed a low-privileged user to link their trackers to campaigns owned by other managers on the same instance. This was due to a lack of proper ownership validation in the tracker-campaigns.php script, which handled t...
AWS VDP: Non-Production API Endpoints for the Amazon S3 Tables Service Fails to Log to CloudTrail Resulting in Silent Permission Enumeration
A vulnerability was discovered in the Amazon S3 Tables service where certain non-production API endpoints failed to log calls to CloudTrail. This allowed permission enumeration to be performed without leaving any trace in CloudTrail. Twenty-three endpoints were identified that exhibited this...