CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в curl

There is an information disclosure vulnerability in curl v8.1.0 when performing HTTPS transfers. libcurl may incorrectly use the read callback CURLOPTREADFUNCTION to request data to be sent, even when the CURLOPTPOSTFIELDS option is set. This occurs if the same handle was previously used to issue...

5.3CVSS6.6AI score0.00631EPSS

Exploits1References2

OSV•added 2026/05/04 1:12 p.m.•3 views

JLSEC-2026-396

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...

9.8CVSS7.2AI score0.01853EPSS

Exploits1References22

CNNVD•added 2026/03/11 12:0 a.m.•2 views

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from or to a server. Curl has a security vulnerability that arises from the use of OAuth2 bearer tokens for HTTPS transfers. In some cases, this vulnerability may lead to the token being leaked to another hostname...

5.3CVSS7.1AI score0.00028EPSS

Exploits1References5

Tenable Nessus•added 2026/01/09 12:0 a.m.•3 views

Siemens Ruggedcom ROX Missing Encryption of Sensitive Data (CVE-2023-28322)

An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...

5.3CVSS6.2AI score0.00631EPSS

Exploits1References5

NVD•added 2025/11/26 11:15 p.m.•2 views

CVE-2025-64331

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body limit and enabled the...

7.5CVSS0.00071EPSS

Exploits0References1

Debian CVE•added 2025/11/26 11:0 p.m.•3 views

CVE-2025-64331

7.5CVSS5.3AI score0.00071EPSS

Exploits0

Tenable Nessus•added 2025/11/13 12:0 a.m.•4 views

Siemens SIMATIC S7-1500 Expected Behavior Violation (CVE-2022-32221)

9.8CVSS6.7AI score0.01853EPSS

Exploits1References5

Tenable Nessus•added 2025/03/05 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2023-28322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to...

5.3CVSS6.2AI score0.00631EPSS

Exploits1References2

Tenable Nessus•added 2024/02/29 12:0 a.m.•33 views

CentOS 9 : curl-7.76.1-26.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the curl-7.76.1-26.el9 build changelog. - A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on...

9.8CVSS7.3AI score0.00631EPSS

Exploits7References8

Tenable Nessus•added 2024/02/29 12:0 a.m.•24 views

CentOS 9 : curl-7.76.1-21.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the curl-7.76.1-21.el9 build changelog. - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the...

9.8CVSS6.9AI score0.01853EPSS

Exploits1References2

Tenable Nessus•added 2023/08/08 12:0 a.m.•34 views

EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-2578)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as 'Subjec...

5.9CVSS6.5AI score0.00631EPSS

Exploits2References3

Tenable Nessus•added 2023/06/07 12:0 a.m.•36 views

Fedora 38 : curl (2023-37eac50e9b)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-37eac50e9b advisory. - fix more POST-after-PUT confusion CVE-2023-28322 - fix IDN wildcard match CVE-2023-28321 Tenable has extracted the preceding description block...

5.9CVSS6.5AI score0.00631EPSS

Exploits2References3

Microsoft CVE•added 2023/05/27 7:0 a.m.•3 views

An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send even when the `CURLOPT_POSTFIELDS` option has been set if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

...

5.3CVSS6.6AI score0.00631EPSS

Exploits1

OSV•added 2023/05/26 9:15 p.m.•2 views

AZL-26792 CVE-2023-28322 affecting package curl for versions less than 8.0.1-2

3.7CVSS6.5AI score0.00631EPSS

Exploits1References1

OSV•added 2023/05/26 9:15 p.m.•1 views

ALPINE-CVE-2023-28322

3.7CVSS6.3AI score0.00631EPSS

Exploits1References1

OSV•added 2023/05/26 9:15 p.m.•41 views