Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2026-1375)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1375 advisory. No QUIC certificate pinning with GnuTLS NOTE: https://curl.se/docs/CVE-2025-13034.htmlNOTE: Introduced with: https://github.com/curl/curl/commit/3210101088dfa3d6a125d213226b092f2f866722...

Amazon Linux 2 : curl, --advisory ALAS2-2026-3173 (ALAS-2026-3173)

The version of curl installed on the remote host is prior to 8.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3173 advisory. curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host...

Advisory ROSA-SA-2026-3143

Software: curl 7.61.1 OS: ROSA Virtualization 3.1 unaffected versions = curl-7.61.1-34.0.2.rv31.9 affected versions curl-7.61.1-34.0.2.rv31.9 CVE-ID: CVE-2025-9086 BDU-ID: 2025-12599 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the cURL command line utility is related to reading data beyond buffe...

Advisory ROSA-SA-2026-3138

Software: curl 7.61.1 OS: ROSA Virtualization 3.0 unaffected versions = curl-7.61.1-34.0.2.rv30.9 affected versions curl-7.61.1-34.0.2.rv30.9 CVE-ID: CVE-2025-9086 BDU-ID: 2025-12599 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the cURL command line utility is related to reading data beyond buffe...

Advisory ROSA-SA-2026-3133

Software: curl 7.61.1 OS: ROSA Virtualization 2.1 unaffected versions = curl-7.61.1-34.0.2.rv3.9 affected versions curl-7.61.1-34.0.2.rv3.9 CVE-ID: CVE-2025-9086 BDU-ID: 2025-12599 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the cURL command line utility is related to reading data beyond buffer...

SUSE: Security Advisory (SUSE-SU-2026:0494-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : curl (SUSE-SU-2026:0494-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0494-1 advisory. - CVE-2023-27534: Regression fix for SFTP path resolving discrepancy bsc1219273 Tenable has extracted the preceding description block directly from the...

Security update for curl

This update for curl fixes the following issues: CVE-2025-14017: Fixed broken TLS options for threaded LDAPS bsc1256105. CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. CVE-2025-14819: libssh global knownhost override bsc1255732. CVE-2025-15079: libssh key passphrase bypa...

Security update for curl

This update for curl fixes the following issues: CVE-2023-27534: Regression fix for SFTP path resolving discrepancy bsc1219273 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

SUSE-SU-2026:0494-1 Security update for curl

This update for curl fixes the following issues: - CVE-2023-27534: Regression fix for SFTP path resolving discrepancy bsc1219273...

SUSE-SU-2026:20347-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS bsc1256105...

[SECURITY] Fedora 43 Update: osslsigncode-2.12-1.fc43

osslsigncode is a small tool that implements part of the functionality of the Microsoft tool signtool.exe - more exactly the Authenticode signing and timestamping. But osslsigncode is based on OpenSSL and cURL, and thus should be able to compile on most platforms where these exist...

Exploit for CVE-2025-69600

CVE-2025-69600 - author: Rafael José Núñez Gulías - com...

Siemens SCALANCE and RUGGEDCOM Buffer Over-read (CVE-2024-6874)

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

CVE-2025-14017 affecting package curl for versions less than 8.11.1-5

CVE-2025-14017 affecting package curl for versions less than 8.11.1-5. A patched version of the package is available...

CVE-2026-25857

Tenda G300-F router firmware version 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality formSetWanDiag. The implementation constructs a shell command that invokes curl and incorporates attacker-controlled input into the command line without...

CLSA-2026-1770370767 curl: Fix of CVE-2025-9086

CVE-2025-9086: cookie: don't treat the leading slash as trailing...

curl security update

An update is available for curl. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The curl packages provide the libcurl library and the curl utility for...

RLSA-2026:1825 Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: libcurl: Curl out of bounds read for cookie path CVE-2025-9086 For more details about the security issues, including...

MiracleLinux 9 : curl-7.76.1-35.el9_7.3 (AXSA:2026-147:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-147:01 advisory. curl: libcurl: Curl out of bounds read for cookie path CVE-2025-9086 Tenable has extracted the preceding description block directly from the MiracleLinux...