OESA-2026-2477 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If...

CURL-CVE-2026-5773 wrong reuse of SMB connection

libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...

web-to-domain-admin-lab

Web to Domain Admin Compromise Lab This project simulates a r...

CVE-2026-41356 OpenClaw < 2026.3.31 - Incomplete WebSocket Session Termination in device.token.rotate

OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previously compromised credentials can maintain unauthorized access through existing WebSocket connections after token rotation...

guardsix ODBC Enrichment Plugins 代码问题漏洞

Guardsix ODBC Enrichment Plugins are a set of data extension plugins developed by the Danish company Guardsix. Versions of Guardsix ODBC Enrichment Plugins prior to version 5.2.1 contained code vulnerabilities. These vulnerabilities were due to logical flaws that allowed for the reuse of stored...

CVE-2026-35548

An issue was discovered in guardsix formerly Logpoint ODBC Enrichment Plugins before 5.2.1 5.2.1 is used in guardsix 7.9.0.0. A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source,...

CVE-2026-35548

An issue was discovered in guardsix formerly Logpoint ODBC Enrichment Plugins before 5.2.1 5.2.1 is used in guardsix 7.9.0.0. A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source,...

wp-pie-exploit

🩸 BigWear — DockerLabs Writeup !Platformhttps://img.shield...

curl: ignoring 'options' when doing connection reuse

libcurl contains a significant logic flaw in its connection pool matching mechanism. When a transfer specifies a required authentication policy—such as a specific SASL mechanism e.g., ;AUTH=GSSAPI or a restricted set of SSH authentication types CURLOPTSSHAUTHTYPES—libcurl fails to verify these...

CVE-2026-4924

Improper authentication in the two-factor authentication 2FA feature in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multifactor authentication and gain unauthorized access to the victim account via reuse of a partially authenticated session...

CLSA-2026-1774259901 curl: Fix of 3 CVEs

CVE-2026-1965: fix incorrect connection reuse; prevent reuse of Negotiate- authenticated connections with different credentials and require authentication identity match - CVE-2026-3784: fix wrong proxy connection reuse with different credentials; check proxy user/password in proxyinfomatches to...

SUSE-SU-2026:20760-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...

OPENSUSE-SU-2026:20404-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...

SUSE SLES12 Security Update : curl (SUSE-SU-2026:0921-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0921-1 advisory. - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. -...

Ubuntu 18.04 LTS / 20.04 LTS : curl vulnerabilities (USN-8099-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8099-1 advisory. Zhicheng Chen discovered that curl could incorrectly reuse the wrong connection for Negotiate- authenticated HTTP or HTTPS requests. This cou...

USN-8099-1: curl vulnerabilities

Zhicheng Chen discovered that curl could incorrectly reuse the wrong connection for Negotiate-authenticated HTTP or HTTPS requests. This could result in the use of credentials from a different connection, contrary to expectations. This issue only affected Ubuntu 20.04 LTS. CVE-2026-1965 It was...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : curl vulnerabilities (USN-8084-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8084-1 advisory. Zhicheng Chen discovered that curl could incorrectly reuse the wrong connection for Negotiate- authenticated HTTP or HTTPS requests...

USN-8084-1: curl vulnerabilities

Zhicheng Chen discovered that curl could incorrectly reuse the wrong connection for Negotiate-authenticated HTTP or HTTPS requests. This could result in the use of credentials from a different connection, contrary to expectations. CVE-2026-1965 It was discovered that curl incorrectly leaked OAuth...

USN-8084-1 curl vulnerabilities

Zhicheng Chen discovered that curl could incorrectly reuse the wrong connection for Negotiate-authenticated HTTP or HTTPS requests. This could result in the use of credentials from a different connection, contrary to expectations. CVE-2026-1965 It was discovered that curl incorrectly leaked OAuth...

CVE-2026-1965

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...