CVE-2026-1648

The CVE-2026-1648 entry concerns the WordPress Performance Monitor plugin (versions up to 1.0.6). It describes a Server-Side Request Forgery (SSRF) in the /wp-json/performance-monitor/v1/curl_data endpoint caused by insufficient validation of the 'url' parameter. This allows unauthenticated attac...

PT-2026-26814

The Performance Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.6. This is due to insufficient validation of the 'url' parameter in the '/wp-json/performance-monitor/v1/curl data' REST API endpoint. This makes it possible for...

OESA-2026-1704 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl feature...

SUSE: Security Advisory (SUSE-SU-2026:0911-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2026:0921-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2026-1773938530 curl: Fix of CVE-2026-3783

CVE-2026-3783: prevent bearer token leak on HTTPS redirect when .netrc contains entries for the redirected host...

SUSE SLES12 Security Update : curl (SUSE-SU-2026:0921-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0921-1 advisory. - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. -...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1635)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Photon OS 4.0: Curl PHSA-2026-4.0-0977

An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0977. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2026:0911-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0911-1 advisory. - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1627)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MAL-2026-1898 Malicious code in curl-requester (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in curl-requester (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Security update for curl

This update for curl fixes the following issues: CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. CVE-2026-3783: token leak with redirect and netrc bsc1259363. CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. Patch Instructions: To install this SUSE update...

SUSE-SU-2026:0921-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364...

curl-8.19.0-1.1 on GA media (moderate)

curl-8.19.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10371-1 Rating: moderate Cross-References: CVE-2026-1965 CVE-2026-3783 CVE-2026-3784 CVE-2026-3805 CVSS scores: CVE-2026-1965 SUSE : 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N CVE-2026-1965 SUSE : 6.9...

Security update for curl

This update for curl fixes the following issues: CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. CVE-2026-3783: token leak with redirect and netrc bsc1259363. CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. CVE-2026-3805: use after free in SMB connection...

curl: Bearer Token Leaked to Attacker via .netrc Despite CVE-2026-3783 Fix

curl versions 8.19.0 and later were meant to fix CVE-2026-3783, which causes OAuth2 bearer tokens to leak on HTTP redirects when the user has a .netrc file configured. However, the vulnerability still exists in the current codebase. VULNERABILITY: When a curl user specifies an OAuth2 bearer token...

SUSE-SU-2026:0903-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...

Ubuntu: Security Advisory (USN-8099-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...