Lucene search
K

226 matches found

RedhatCVE
RedhatCVE
added 6 days ago3 views

CVE-2026-11564

A flaw was found in curl. When libcurl reuses a connection from its connection pool, an easy handle that initially used default native Certificate Authority CA trust may continue to trust the native platform store. This occurs even after the application has switched that same handle to custom CA...

9.1CVSS5.8AI score0.0061EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2026/07/07 3:21 p.m.9 views

SUSE CVE-2026-6734

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...

8.8CVSS5.9AI score0.00358EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/06 2:47 p.m.5 views

undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing

A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from...

8.8CVSS6.6AI score0.00358EPSS
Exploits0References6
Snyk
Snyk
added 2026/07/03 8:18 a.m.6 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in the connection pool process. An attacker can bypass intended certificate validation by reusing a handle that initially used the default native CA trust and then switching it to custom CA...

9.1CVSS6AI score0.0061EPSS
Exploits1References2
NVD
NVD
added 2026/07/03 7:16 a.m.7 views

CVE-2026-11564

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

9.1CVSS0.0061EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/03 6:16 a.m.9 views

EUVD-2026-41509

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

6.2AI score0.00368EPSS
Exploits1References3
CVE
CVE
added 2026/07/03 6:16 a.m.20 views

CVE-2026-8932

CVE-2026-8932 : The vulnerability describes incomplete mTLS config matching in libcurl’s connection reuse logic. A previously used TLS client-certificate-related setting (notably the private key) was omitted from the configuration match checks, causing connections in the pool to be reused even wh...

7.5CVSS6.2AI score0.00368EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/07/03 6:14 a.m.51 views

CVE-2026-8458 wrong reuse for different services

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

0.00543EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/07/03 6:12 a.m.5 views

CVE-2026-11564

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

9.1CVSS6AI score0.0061EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/03 6:12 a.m.8 views

EUVD-2026-41499

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

6AI score0.0061EPSS
Exploits1References3
CVE
CVE
added 2026/07/03 6:12 a.m.22 views

CVE-2026-11564

CVE-2026-11564 (libcurl) describes an issue where libcurl keeps previously used connections in a pool and may continue trusting the native CA store after an application switches a handle to custom CA material for a later transfer. The connected sources confirm this behavior across multiple feeds ...

9.1CVSS6AI score0.0061EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/07/03 6:12 a.m.36 views

CVE-2026-11564 Native CA trust persist

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

0.0061EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-55223

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a sink for deserialization...

6.3CVSS5.9AI score0.00284EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:17 p.m.10 views

CVE-2026-55223

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection match the getXXX form, so JavaBean...

6.3CVSS0.00284EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:17 p.m.4 views

UBUNTU-CVE-2026-55223

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection match the getXXX form, so JavaBean...

6.3CVSS5.7AI score0.00284EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 2:0 p.m.3 views

UBUNTU-CVE-2026-11564

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

9.1CVSS5.9AI score0.0061EPSS
Exploits1References4
OSV
OSV
added 2026/06/24 8:0 a.m.10 views

CURL-CVE-2026-8458 wrong reuse for different services

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different "services". libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS5.8AI score0.00543EPSS
Exploits1
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.7 views

Native CA trust persist

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

9.1CVSS5.9AI score0.0061EPSS
Exploits1References1Affected Software2
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.30 views

incomplete mTLS config matching in conn reuse

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

7.5CVSS5.8AI score0.00368EPSS
Exploits1References1Affected Software2
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.8 views

wrong reuse for different services

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different "services". libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS5.8AI score0.00543EPSS
Exploits1References1Affected Software2
Rows per page
Query Builder