Lucene search
K

3001 matches found

The Hacker News
The Hacker News
added 2 days ago10 views

CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in...

6.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 5 days ago8 views

libcurl 8.18.0 < 8.21.0 QUIC UDP Denial of Service (CVE-2026-11352)

The version of libcurl installed on the remote host is 8.18.0 prior to 8.21.0. It is, therefore, affected by a denial of service vulnerability: - An issue in curl's QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client...

7.5CVSS6.4AI score0.0101EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 5 days ago5 views

libcurl 8.11.0 < 8.21.0 HTTP/3 Early Data Information Disclosure (CVE-2026-9545)

The version of libcurl installed on the remote host is 8.11.0 prior to 8.21.0. It is, therefore, affected by an information disclosure vulnerability: - When libcurl returns to a hostname with a cached SSL session and early data enabled, libcurl might send the request bytes before enforcing the...

7.5CVSS6.1AI score0.00408EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 5 days ago8 views

libcurl 7.30.0 < 8.21.0 Wrong STARTTLS Connection Reuse (CVE-2026-8286)

The version of libcurl installed on the remote host is 7.30.0 prior to 8.21.0. It is, therefore, affected by a vulnerability: - A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration...

8.1CVSS6.1AI score0.0052EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 5 days ago9 views

libcurl 8.15.0 < 8.21.0 SASL Double-Free (CVE-2026-8925)

The version of libcurl installed on the remote host is 8.15.0 prior to 8.21.0. It is, therefore, affected by a double-free vulnerability: - The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free t...

9.8CVSS6.1AI score0.0108EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 5 days ago8 views

libcurl 8.11.1 < 8.21.0 Netrc Wrong User Password Leak (CVE-2026-8926)

The version of libcurl installed on the remote host is 8.11.1 prior to 8.21.0. It is, therefore, affected by a credential leak vulnerability: - When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a username without a password, curl could wrongly ge...

9.1CVSS6.1AI score0.0061EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 5 days ago6 views

libcurl 7.46.0 < 8.21.0 Super Cookie PSL Bypass (CVE-2026-8924)

The version of libcurl installed on the remote host is 7.46.0 prior to 8.21.0. It is, therefore, affected by a cookie injection vulnerability: - A flaw in curl's cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an...

9.1CVSS6.1AI score0.00649EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-10536

A flaw was found in libcurl. This use-after-free vulnerability occurs when an application configures an HTTP/2 stream-dependency tree and then performs a sequence of operations involving curleasyreset and curleasycleanup. During the final cleanup, libcurl attempts to access memory that has alread...

9.8CVSS5.8AI score0.00891EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-11856

A flaw was found in curl. When libcurl performs a transfer to an HTTP origin using Digest authentication and then reuses the same connection handle for a subsequent transfer to a different origin, it may incorrectly send the authentication header intended for the first origin to the second. This...

9.8CVSS5.8AI score0.01064EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/07/06 11:3 p.m.7 views

CVE-2026-11352

A flaw was found in curl and libcurl. A malicious HTTP/3 server can exploit an issue in the QUIC UDP receive function by continuously streaming empty UDP datagrams. This can lead to a remote denial of service DoS against a curl or libcurl client, as the helper function discards zero-length UDP...

7.5CVSS6.1AI score0.0101EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/07/06 8:28 p.m.6 views

CVE-2026-8932

A flaw was found in curl. The libcurl library, used for transferring data with URLs, could improperly reuse existing network connections. This occurred even when changes to mutual Transport Layer Security mTLS settings, particularly those for client certificates, should have prevented such reuse...

7.5CVSS6AI score0.00368EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/07/06 7:51 p.m.6 views

CVE-2026-9080

A flaw was found in libcurl. When curleasypause is called within the event-based CURLMOPTSOCKETFUNCTION callback, a use-after-free vulnerability is triggered. This occurs because libcurl attempts to store a flag using a pointer to memory that has already been freed. An attacker could potentially...

7.3CVSS6AI score0.00494EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/07/06 7:51 p.m.5 views

CVE-2026-9545

A flaw was found in libcurl. An attacker can exploit this by replacing a legitimate HTTP/3 server with an impostor machine. When libcurl attempts a second transfer to the same site with a cached SSL session and early data enabled, it may send sensitive request data before verifying the server's...

7.5CVSS5.6AI score0.00408EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/07/06 7:40 p.m.5 views

CVE-2026-9546

A flaw was found in libcurl. This vulnerability causes the HTTP Referer header to persist even after it has been explicitly cleared. This can lead to the previous referrer string being unintentionally reused and sent in subsequent requests, potentially disclosing sensitive information to unintend...

7.5CVSS5.7AI score0.00652EPSS
Exploits1References6
Snyk
Snyk
added 2026/07/03 8:19 a.m.7 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the omission of SSH host verification options in the --proto-default process. An attacker can intercept or impersonate an SSH server by exploiting the lack of host verification during connection establishmen...

7.5CVSS6AI score0.00574EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/03 8:18 a.m.8 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the curleasycleanup process after configuring an HTTP/2 stream-dependency tree using CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE and invoking curleasyreset. An attacker can cause the application to access freed memor...

9.8CVSS6.2AI score0.00891EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/03 8:18 a.m.7 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in the STARTTLS process. An attacker can compromise the security of the TLS connection by exploiting a scenario where a new transfer reuses an existing live connection despite a mismatch in TLS...

9.1CVSS6AI score0.0052EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/03 8:18 a.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the connection reuse process. An attacker can gain unauthorized access to resources or services by exploiting the reuse of an authenticated connection intended for a different service. Remediation Upgrade libcur...

6.9CVSS6AI score0.00543EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/03 8:18 a.m.6 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to the lack of an upper bound on memory allocation for unacknowledged WebSocket PING frames. An attacker can cause memory exhaustion by sending a rapid sequence of PING messages from a malicious server. Details...

8.7CVSS6AI score0.0086EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/03 8:18 a.m.7 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the Authorization header handling process. An attacker can cause sensitive authentication information to be sent to an unintended origin by reusing a handle for transfers to different HTTP origins...

9.8CVSS6AI score0.01064EPSS
Exploits1References2
Rows per page
Query Builder