curl: MQTT Protocol Packet Injection via Unchecked CONNACK Remaining Length

I'm not sure if this is a vulnerability or intended behavior, but I noticed that curl MQTT implementation accepts CONNACK packets with Remaining Length values greater than 2, which appears to violate the MQTT v3.1.1 specification. According to the MQTT spec, CONNACK packets should have a Remainin...

AlmaLinux 9 : curl (ALSA-2026:1350)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:1350 advisory. curl: libcurl: Curl out of bounds read for cookie path CVE-2025-9086 Tenable has extracted the preceding description block directly from the AlmaLinux security...

Photon OS 4.0: Curl PHSA-2026-4.0-0941

An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0941. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

RHSA-2026:1477 Red Hat Security Advisory: curl security update

Bulletin has no description...

ROS-20260129-73-0066

Vulnerability in curl related to url redirection to an untrusted site. Exploitation of the vulnerability could allow an attacker acting remotely to redirect a user to an arbitrary url address...

ROS-20260129-73-0067

Vulnerability in curl related to incorrect certificate authentication. Exploitation of the vulnerability could allow an attacker acting remotely to conduct spoofing attacks...

ROS-20260129-73-0065

Vulnerability in curl related to a flaw in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM. Vulnerability Details CVEID:CVE-2025-11083 DESCRIPTION: A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component...

RHSA-2026:1350 Red Hat Security Advisory: curl security update

Bulletin has no description...

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

curl: libcurl: Curl out of bounds read for cookie path

An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site...

Fedora: Security Advisory (FEDORA-2026-3f0f0f85be)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 10 : curl (RHSA-2026:1477)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1477 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP,...

Fedora 42 : curl (2026-3f0f0f85be)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3f0f0f85be advisory. - fix broken TLS options for threaded LDAPS CVE-2025-14017 Tenable has extracted the preceding description block directly from the Fedora security advisory...

[R1] Tenable Network Monitor Version 6.5.3 Fixes Multiple Vulnerabilities

R1 Tenable Network Monitor Version 6.5.3 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 01/27/2026 - 14:02 Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several of the third-party components libxml2, libxslt, expat, c-ares, curl, sqlite were fou...

[R1] Tenable Network Monitor Version 6.5.3 Fixes Multiple Vulnerabilities

R1 Tenable Network Monitor Version 6.5.3 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 01/27/2026 - 14:02 Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several of the third-party components libxml2, libxslt, expat, c-ares, curl, sqlite were fou...

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: libcurl: Curl out of bounds read for cookie path CVE-2025-9086 For more details about the security issues, including...

Oracle Linux 9 : curl (ELSA-2026-1350)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-1350 advisory. 7.76.1-35.el97.3 - http: fix crash in rate-limited upload RHEL-129493 7.76.1-35.el97.2 - openssl: respect system crypto policy for TLS max version RHEL-128921...

This flaw allows a malicious HTTP server to set "super cookies" in curl

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...