9905 matches found
Php-mod/curl Library <2.3.2 - Cross-Site Scripting
Php-mod/curl library before 2.3.2 contains a cross-site scripting vulnerability via the postfilepathupload.php key parameter and the POST data to postmultidimensional.php. An attacker can inject arbitrary script, which can allow theft of cookie-based authentication credentials and launch of other...
Photon OS 5.0: Curl PHSA-2026-5.0-0856
An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0856. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
curl: PRE_PROXY change leaks stale Proxy Digest state across proxy-chain boundary
Summary After a Digest-authenticated HTTP proxy transfer, changing only CURLOPTPREPROXY on the same libcurl easy handle does not clear stale proxy Digest/auth state. If the new SOCKS pre-proxy resolves the same HTTP proxy hostname to a different proxy endpoint, the second proxy receives a...
curl: curl/libcurl 8.20.0 NOPROXY bypass via uppercase-hex IPv4 aliases leaks off-proxy Basic credentials to the configured proxy
Summary: curl/libcurl 8.20.0 fails to enforce CURLOPTNOPROXY, --noproxy, and NOPROXY consistently for uppercase-hex IPv4 aliases such as 0X7f.1 on glibc-based systems that accept these legacy numeric IPv4 forms. When a canonical IP literal is excluded from proxying, curl sends the canonical form...
SUSE CVE-2026-49129
Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...
NeuroLog: Reasoning You Can Audit -- Neuro-Symbolic Vulnerability Discovery Via LLM Facts, Datalog, and SMT
Vulnerability discovery on C/C++ source asks the analyst to choose between heavyweight static analysers, which need a working build before a single query runs, and free-form LLMs, which read source readily but invent details and lose track of cross-function dataflow on real codebases. We present...
CVE-2026-49129
Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...
ROOT-OS-DEBIAN-12-CVE-2025-14524 CVE-2025-14524 in rootio-curl - Patched by Root
Root has patched CVE-2025-14524 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2025-14819 CVE-2025-14819 in rootio-curl - Patched by Root
Root has patched CVE-2025-14819 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-1965 CVE-2026-1965 in rootio-curl - Patched by Root
Root has patched CVE-2026-1965 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-3784 CVE-2026-3784 in rootio-curl - Patched by Root
Root has patched CVE-2026-3784 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-6253 CVE-2026-6253 in rootio-curl - Patched by Root
Root has patched CVE-2026-6253 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-4873 CVE-2026-4873 in rootio-curl - Patched by Root
Root has patched CVE-2026-4873 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-5545 CVE-2026-5545 in rootio-curl - Patched by Root
Root has patched CVE-2026-5545 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2025-15079 CVE-2025-15079 in rootio-curl - Patched by Root
Root has patched CVE-2025-15079 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-6429 CVE-2026-6429 in rootio-curl - Patched by Root
Root has patched CVE-2026-6429 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2024-2379 CVE-2024-2379 in rootio-curl - Patched by Root
Root has patched CVE-2024-2379 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2025-14017 CVE-2025-14017 in rootio-curl - Patched by Root
Root has patched CVE-2025-14017 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-3783 CVE-2026-3783 in rootio-curl - Patched by Root
Root has patched CVE-2026-3783 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2025-0725 CVE-2025-0725 in rootio-curl - Patched by Root
Root has patched CVE-2025-0725 in the rootio-curl package for Root:Debian:12. Multiple fixed versions available...