CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10126 matches found

OSV•added 2026/03/11 6:0 p.m.•1 views

UBUNTU-CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

7.5CVSS5.8AI score0.0003EPSS

Exploits2References4

UbuntuCve•added 2026/03/11 6:0 p.m.•3 views

CVE-2026-3783

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...

5.3CVSS7.2AI score0.00028EPSS

Exploits1References4

UbuntuCve•added 2026/03/11 6:0 p.m.•1 views

CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

7.5CVSS5.9AI score0.0003EPSS

Exploits2References3

SUSE CVE•added 2026/03/11 4:18 p.m.•0 views

SUSE CVE-2026-3783

4.7CVSS5.8AI score0.00028EPSS

Exploits1References12

SUSE CVE•added 2026/03/11 4:18 p.m.•1 views

SUSE CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

4.6CVSS5.8AI score0.00029EPSS

Exploits1References12

SUSE CVE•added 2026/03/11 4:18 p.m.•1 views

SUSE CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

2.5CVSS5.8AI score0.0003EPSS

Exploits2References11

Hacker One•added 2026/03/11 4:6 p.m.•8 views

curl: Curl_compareheader() fails to match multi-value HTTP headers

Summary Curlcompareheader in lib/http.c fails to scan the full value of HTTP headers for substring matches. Due to an incorrect loop condition, only the first byte position of the header value is checked. This causes curl to miss connection options like close when they appear as non-first tokens ...

5.8AI score

Exploits0

Hacker One•added 2026/03/11 3:2 p.m.•6 views

curl: urlapi: off-by-one in custom scheme validation skips last character

Summary In lib/urlapi.c, the seturlscheme function has an off-by-one error when validating custom scheme names. The validation loop checks scheme0 twice once by ISALPHA, once in the loop and never checks the last character. This allows schemes ending with any arbitrary byte e.g., foo!, bar, bad/ ...

5.9AI score

Exploits0

Snyk•added 2026/03/11 12:41 p.m.•2 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in smb.c, which may reuse already freed memory from a previous SMB connection request. The window of opportunity to exploit this is small, and the region of memory exposed is small and out of the attacker's control...

7.5CVSS5.8AI score0.0003EPSS

Exploits2References2

EUVD•added 2026/03/11 12:31 p.m.•2 views

EUVD-2026-11139

6.5CVSS5.8AI score0.00029EPSS

Exploits1References5

EUVD•added 2026/03/11 12:31 p.m.•3 views

EUVD-2026-11141

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

7.5CVSS5.8AI score0.0003EPSS

Exploits2References5

OSV•added 2026/03/11 12:11 p.m.•1 views

USN-8084-1 curl vulnerabilities

Zhicheng Chen discovered that curl could incorrectly reuse the wrong connection for Negotiate-authenticated HTTP or HTTPS requests. This could result in the use of credentials from a different connection, contrary to expectations. CVE-2026-1965 It was discovered that curl incorrectly leaked OAuth...

7.5CVSS7.3AI score0.00331EPSS

Exploits5References6