Lucene search
K

2975 matches found

OSV
OSV
added 2026/06/24 2:0 p.m.2 views

UBUNTU-CVE-2026-10536

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...

9.8CVSS5.9AI score0.00206EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 2:0 p.m.3 views

UBUNTU-CVE-2026-9546

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result, the previous referrer string was erroneously...

7.5CVSS5.8AI score0.00206EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 2:0 p.m.2 views

UBUNTU-CVE-2026-11564

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

9.1CVSS5.9AI score0.00196EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 2:0 p.m.4 views

UBUNTU-CVE-2026-11856

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

9.8CVSS5.9AI score0.0025EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 2:0 p.m.3 views

UBUNTU-CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS5.9AI score0.0025EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 2:0 p.m.4 views

UBUNTU-CVE-2026-9079

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent tranfers that should not know nor use them...

9.8CVSS5.9AI score0.0025EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 2:0 p.m.3 views

UBUNTU-CVE-2026-9080

Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...

7.3CVSS5.7AI score0.00206EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 8:0 a.m.10 views

CURL-CVE-2026-8458 wrong reuse for different services

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different "services". libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS5.8AI score0.00206EPSS
Exploits0
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.5 views

env-set cross-proxy Digest auth state leak

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS5.8AI score0.0025EPSS
Exploits0References1Affected Software2
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.5 views

cross-origin Digest auth state leak

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

9.8CVSS5.9AI score0.0025EPSS
Exploits0References1Affected Software2
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.5 views

Native CA trust persist

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

9.1CVSS5.9AI score0.00196EPSS
Exploits0References1Affected Software2
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.5 views

HTTP/2 stream-dependency tree UAF

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...

9.8CVSS5.9AI score0.00206EPSS
Exploits0References1Affected Software2
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.5 views

sending old referer

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result, the previous referrer string was erroneously...

7.5CVSS5.9AI score0.00206EPSS
Exploits0References1Affected Software2
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.13 views

UAF after pause in socket callback

Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...

7.3CVSS5.7AI score0.00206EPSS
Exploits0References1Affected Software2
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.5 views

proto-default skips SSH verification

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.5CVSS6AI score0.00208EPSS
Exploits0References1Affected Software2
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.7 views

stale proxy password leak

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

9.8CVSS5.8AI score0.0025EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2026/06/24 8:0 a.m.5 views

CURL-CVE-2026-8927 env-set cross-proxy Digest auth state leak

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS5.8AI score0.0025EPSS
Exploits0
OSV
OSV
added 2026/06/24 8:0 a.m.7 views

CURL-CVE-2026-9080 UAF after pause in socket callback

Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...

7.3CVSS5.7AI score0.00206EPSS
Exploits0
OSV
OSV
added 2026/06/24 8:0 a.m.7 views

CURL-CVE-2026-11856 cross-origin Digest auth state leak

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

9.8CVSS5.9AI score0.0025EPSS
Exploits0
OSV
OSV
added 2026/06/24 8:0 a.m.11 views

CURL-CVE-2026-9546 sending old referer

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result, the previous referrer string was erroneously...

7.5CVSS5.9AI score0.00206EPSS
Exploits0
Rows per page
Query Builder