Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Hacker One
Hacker Oneadded 2026/01/08 8:38 a.m.13 views

curl: inconsistently Rejection Logic in file:// URLs with Authority

curl's file:// protocol handler inconsistently applies path sanitization. in reject file://../ as Bad File:// URL" but allows the same traversal when an authority/host e.g.,localhost is present file://localhost/../. this inconsistency misleads developers who rely on the bad file:// URL error for...

7.2AI score
Exploits0
Hacker One
Hacker Oneadded 2025/11/30 12:7 a.m.21 views

curl: Path Traversal in file:// protocol allows Arbitrary File Read

Summary: The file:// protocol handler in curl does not properly sanitise or block path traversal sequences ../. This allows a maliciously crafted file:// URL to escape the intended directory and access arbitrary files on the filesystem with the permissions of the user running curl. When curl is...

6.7AI score
Exploits0
Vulnrichment
Vulnrichmentadded 2023/12/12 1:38 a.m.1 views

CVE-2023-46219

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use...

6.4AI score0.00139EPSS
Exploits1References5
OSV
OSVadded 2023/03/30 8:15 p.m.1 views

AZL-25806 CVE-2023-27534 affecting package mysql for versions less than 8.0.34-1

A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...

8.8CVSS7AI score0.00064EPSS
Exploits1References1
Packet Storm
Packet Stormadded 2021/09/29 12:0 a.m.188 views

Pet Shop Management System 1.0 Shell Upload

Title: Pet Shop Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 28.09.2021 Author: Mr.Gedik Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14962/petshop-management-system-using-phppdo-oop-full-source-code-complete.html...

7.4AI score
Exploits0
OSV
OSVadded 2017/12/19 3:29 p.m.0 views

CVE-2017-16786

The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via 1 the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or 2 vectors involving curl support of the "file" schema in the...

6.5CVSS5.9AI score
Exploits0References2
OSV
OSVadded 2017/01/04 12:0 a.m.0 views

UBUNTU-CVE-2016-9137

Use-after-free vulnerability in the CURLFile implementation in ext/curl/curlfile.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during wakeup processing...

9.8CVSS7.2AI score0.00942EPSS
Exploits1References5
OPENSUSE Linux
OPENSUSE Linuxadded 2016/11/21 2:6 p.m.50 views

Security update for php5 (important)

This update for php5 fixes the following issues: CVE-2016-9137: Fixed a use after free in unserialize in curl file deserialization boo1008029...

1.4AI score0.00942EPSS
Exploits1References1
Rows per page
Query Builder