CVE-2026-44170

A flaw was found in MariaDB server. When the CONNECT engine is installed and REST support is enabled on Windows, a user can exploit improper sanitization of the table HTTP attribute. This attribute is interpolated into the curl command line, allowing for arbitrary shell command execution on the...

CVE-2026-44170 MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP...

CVE-2026-44170

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP...

Advisory ROSA-SA-2026-3138

Software: curl 7.61.1 OS: ROSA Virtualization 3.0 unaffected versions = curl-7.61.1-34.0.2.rv30.9 affected versions curl-7.61.1-34.0.2.rv30.9 CVE-ID: CVE-2025-9086 BDU-ID: 2025-12599 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the cURL command line utility is related to reading data beyond buffe...

EUVD-2022-4541

Malicious code in bioql PyPI...

The vulnerability of the gzip_do_write() function in the zlib compression library allows a attacker to bypass ASLR protection, execute arbitrary code, or cause a denial-of-service attack.

The vulnerability of the gzipdowrite function in the zlib compression library, a command-line utility of CURL, is related to integer overflow. Exploiting this vulnerability allows an attacker to bypass ASLR protection, execute arbitrary code, or cause a denial-of-service attack...

Advisory ROSA-SA-2025-2748

Software: curl 7.61.1 OS: ROSA Virtualization 2.1 packageevrstring: curl-7.61.1-34.0.2.rv3.2 CVE-ID: CVE-2022-32221 BDU-ID: 2022-07403 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the cURL command line utility is related to a logical error in the reused descriptor when processing subsequent...

[SECURITY] Fedora 41 Update: curl-8.9.1-3.fc41

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

ROS-20240708-21

Vulnerability in cURL command line utility is due to bugs in protocol removal logic. Exploitation The exploitation of the vulnerability may allow a remote intruder to gain access to protected information Vulnerability in the HTTP/2 network protocol implementation of the cURL command line utility ...

[SECURITY] Fedora 39 Update: curl-8.2.1-5.fc39

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

The vulnerability lies in the implementation of the TLS protocol in the cURL command-line utility. This allows a hacker to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the TLS protocol’s command-line utility cURL stems from an erroneous preservation of the session identifier due to lack of verification of certificate revocation. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions and gain unauthorized...

Exploit for Out-of-bounds Write in Haxx Libcurl

CVE-2023-38545 POC for the curl command line tool This POC i...

The vulnerability of the implementation of the SOCKS5 protocol in the command-line utility cURL allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the SOCKS5 protocol implementation in the CURL command-line utility is related to the issue of the operation going beyond the buffer boundaries when processing the hostname length. Exploiting this vulnerability allows a remote attacker to cause service failures or execute...

The vulnerability of the HSTS (HTTP Strict Transport Security) mechanism in the cURL command line utility allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the HSTS HTTP Strict Transport Security mechanism in the CURL command line utility is related to the transmission of critical information in plaintext when IDN symbols in host names are replaced with similar ASCII symbols. Exploiting this vulnerability can allow an unauthoriz...

ROS-20220516-30

Vulnerability in the cURL command line utility is related to OAUTH2 connection reuse errors for SASL-enabled protocols such as SMPTPS, IMAPS, POP3S, and LDAPS openldap only. Exploitation of the vulnerability could allow an attacker acting remotely to reuse the OAUTH2 authenticated connections...

The vulnerability of the cURL command-line utility’s script, related to the use of an uninitialized resource, allows a hacker to gain access to confidential data.

The vulnerability of the cURL command-line utility lies in the use of an uninitialized resource. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

[SECURITY] Fedora 33 Update: curl-7.71.1-11.fc33

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

CVE-2021-22925

curl supports the -t command line option, known as CURLOPTTELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEWENV variables, libcurlcould be made to pass on uninitialized data from a stack based...

[SECURITY] Fedora 27 Update: curl-7.55.1-14.fc27

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

[ASA-201807-8] libcurl-compat: arbitrary code execution

Arch Linux Security Advisory ASA-201807-8 ========================================= Severity: High Date : 2018-07-16 CVE-ID : CVE-2018-0500 Package : libcurl-compat Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-733 Summary ======= The package libcurl-compa...