CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10126 matches found

Tenable Nessus•added 2026/03/17 12:0 a.m.•12 views

Curl 7.33.0 < 8.19.0 Token Leak with Redirect and Netrc

The version of curl installed on the remote host is 7.33.0 prior to 8.19.0. It is, therefore, affected by a token leak with redirect and netrc vulnerability: - When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that...

5.3CVSS7.2AI score0.00028EPSS

Exploits1References2

Tenable Nessus•added 2026/03/17 12:0 a.m.•8 views

Photon OS 5.0: Curl PHSA-2026-5.0-0785

An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0785. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.5CVSS7.1AI score0.00073EPSS

Exploits4References5

OpenVAS•added 2026/03/17 12:0 a.m.•5 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1602)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS5.8AI score0.00033EPSS

Exploits1References2

Tenable Nessus•added 2026/03/17 12:0 a.m.•15 views

Curl 8.13.0 < 8.19.0 Use After Free in SMB Connection

The version of curl installed on the remote host is 8.13.0 prior to 8.19.0 . It is, therefore, affected by a use after free in SMB connection vulnerability: - When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

7.5CVSS7.2AI score0.0003EPSS

Exploits2References2

Tenable Nessus•added 2026/03/17 12:0 a.m.•7 views

Ubuntu 18.04 LTS / 20.04 LTS : curl vulnerabilities (USN-8099-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8099-1 advisory. Zhicheng Chen discovered that curl could incorrectly reuse the wrong connection for Negotiate- authenticated HTTP or HTTPS requests. This cou...

6.5CVSS7.2AI score0.00073EPSS

Exploits2References4

OpenVAS•added 2026/03/17 12:0 a.m.•3 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1574)

4.3CVSS5.8AI score0.00033EPSS

Exploits1References2

Tenable Nessus•added 2026/03/17 12:0 a.m.•12 views

Curl 7.10.6 < 8.19.0 Authentication Bypass

The version of curl installed on the remote host is 7.10.6 prior to 8.19.0. It is, therefore, affected by an authentication bypass vulnerability: - libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a po...

6.5CVSS7.1AI score0.00073EPSS

Exploits0References2

Hacker One•added 2026/03/16 10:23 p.m.•9 views

curl: HSTS accepted from HTTP origin behind HTTPS proxy

curl/libcurl appears to accept and persist Strict-Transport-Security from an http:// origin when the request is sent through an https:// proxy. After that, a later http:// request for the same host is automatically upgraded to https:// due to stored HSTS state. Affected versions 8.12.0 through...

5.7AI score

Exploits0

OSV•added 2026/03/16 5:35 p.m.•2 views

USN-8099-1 curl vulnerabilities

Zhicheng Chen discovered that curl could incorrectly reuse the wrong connection for Negotiate-authenticated HTTP or HTTPS requests. This could result in the use of credentials from a different connection, contrary to expectations. This issue only affected Ubuntu 20.04 LTS. CVE-2026-1965 It was...

6.5CVSS5.8AI score0.00073EPSS

Exploits2References4

Ubuntu•added 2026/03/16 5:35 p.m.•6 views

USN-8099-1: curl vulnerabilities

6.5CVSS5.8AI score0.00073EPSS

Exploits2

Hacker One•added 2026/03/16 2:54 p.m.•7 views

curl: Unescaped username in SASL DIGEST-MD5 response allows injection

Summary: The username is inserted into the digest-md5 response without escaping the quotes or backslashes. The HTTP digest path on line 863 in lib/vauth/digest.c uses authdigeststringquoted but the SASL does not line 478. Commit ac419bf sorted the HTTP in 2013. It looks like the SASL was moved in...

5.9AI score

Exploits0

OSV•added 2026/03/16 9:33 a.m.•4 views

CLSA-2026-1773653586 curl: Fix of CVE-2025-15224

CVE-2025-15224: fix libssh public-key auth fallback to SSH agent...

3.1CVSS5.8AI score0.00064EPSS

Exploits1References1

OpenVAS•added 2026/03/16 12:0 a.m.•1 views

openSUSE Security Advisory (SUSE-SU-2026:0885-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.8AI score0.00073EPSS

Exploits4References7

Tenable Nessus•added 2026/03/16 12:0 a.m.•2 views

EulerOS 2.0 SP11 : curl (EulerOS-SA-2026-1602)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms.Thi...

4.3CVSS6AI score0.00033EPSS

Exploits1References2

OpenVAS•added 2026/03/16 12:0 a.m.•2 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1355)

6.3CVSS5.8AI score0.00064EPSS

Exploits3References2

OpenVAS•added 2026/03/16 12:0 a.m.•4 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1478)

7.5CVSS5.8AI score0.00364EPSS

Exploits5References2

OpenVAS•added 2026/03/16 12:0 a.m.•4 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1386)