Lucene search
K

2977 matches found

Hacker One
Hacker One
added 2026/06/10 5:0 a.m.10 views

curl: CVE-2026-11856: cross-origin Digest auth state leak

Summary: This issue is the HTTP sibling to the previously disclosed RTSP Digest auth leak. When an application uses libcurl and reuses the same easy handle for sequential transfers the documented best practice, the Digest authentication state captured from the first origin is silently sent to the...

9.8CVSS5.9AI score0.01064EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.12 views

TencentOS Server 4: curl (TSSA-2026:0345)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0345 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

6.5CVSS5.7AI score0.00519EPSS
Exploits2References3
Hacker One
Hacker One
added 2026/06/02 3:56 p.m.32 views

curl: PRE_PROXY change leaks stale Proxy Digest state across proxy-chain boundary

Summary After a Digest-authenticated HTTP proxy transfer, changing only CURLOPTPREPROXY on the same libcurl easy handle does not clear stale proxy Digest/auth state. If the new SOCKS pre-proxy resolves the same HTTP proxy hostname to a different proxy endpoint, the second proxy receives a...

5.8AI score
Exploits0
Hacker One
Hacker One
added 2026/06/02 9:6 a.m.25 views

curl: TFTP upload ignores --continue-at / CURLOPT_RESUME_FROM and leaks skipped local file prefix

Summary TFTP uploads ignore the configured resume offset. When a caller runs curl -C N -T file tftp://... or uses libcurl with CURLOPTUPLOAD and CURLOPTRESUMEFROM, curl should skip the first N bytes of the local source before uploading. Instead, the TFTP code sends the complete local file from by...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/28 8:16 p.m.8 views

DEBIAN-CVE-2026-49129

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...

6.9CVSS5.8AI score0.00281EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 8:16 p.m.48 views

UBUNTU-CVE-2026-49129

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...

6.9CVSS5.8AI score0.00281EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/28 7:10 p.m.30 views

CVE-2026-49129 Music Player Daemon < 0.24.11 SSRF via CurlInputPlugin

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...

6.9CVSS0.00281EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/28 7:10 p.m.13 views

CVE-2026-49129 Music Player Daemon < 0.24.11 SSRF via CurlInputPlugin

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...

6.9CVSS5.8AI score0.00281EPSS
Exploits0References7
Hacker One
Hacker One
added 2026/05/28 3:28 a.m.17 views

curl: CURLOPT_COOKIE leaked to cross-origin redirect target — CURLOPT_UNRESTRICTED_AUTH bypass for the STRING_COOKIE path

Summary: httpcookies at lib/http.c:2532-2534 appends the value of CURLOPTCOOKIE the cookie supplied via -b to outgoing Cookie: headers without invoking Curlauthallowedtohost. As a result, when CURLOPTFOLLOWLOCATION is enabled and the initial origin issues a cross-origin redirect open redirector,...

5.7CVSS6.7AI score0.01595EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.14 views

PT-2026-44496

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPT FOLLOWLOCATION is set without CURLOPT REDIR PROTOCOLS STR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTT...

6.9CVSS5.8AI score0.00281EPSS
Exploits0References7
Hacker One
Hacker One
added 2026/05/22 3:13 a.m.9 views

curl: CVE-2026-9546: sending old referer

Summary: libcurl documents that CURLOPTREFERER can be set to NULL to disable the Referer header again, but doing so after a transfer does not clear the cached per-handle referer state. As a result, the next HTTP request on the same easy handle can still send the previous request's Referer: value ...

7.5CVSS5.9AI score0.00652EPSS
Exploits1
OSV
OSV
added 2026/05/21 10:6 a.m.7 views

CLSA-2026-1779358008 Fix CVE(s): CVE-2026-5773

SECURITY UPDATE: libcurl may reuse the wrong connection for SMBS transfers, leading to access of an unintended SMB share with the same credentials. - debian/patches/CVE-2026-5773.patch: disable connection reuse for SMBS in lib/url.c by returning early from ConnectionExists when the requested...

7.5CVSS5.8AI score0.00549EPSS
Exploits1References1
OSV
OSV
added 2026/05/21 10:3 a.m.12 views

CLSA-2026-1779357791 Fix CVE(s): CVE-2026-5773

SECURITY UPDATE: libcurl may reuse the wrong connection for SMBS transfers, leading to access of an unintended SMB share with the same credentials. - debian/patches/CVE-2026-5773.patch: disable connection reuse for SMBS in lib/url.c by returning early from ConnectionExists when the requested...

7.5CVSS5.8AI score0.00549EPSS
Exploits1References1
Hacker One
Hacker One
added 2026/05/20 10:49 a.m.32 views

curl: CVE-2026-9079: stale proxy password leak

Product Product name: curl / libcurl Product link: https://github.com/curl/curl Suggested CWE: CWE-226: Sensitive Information in Resource Not Removed Before Reuse https://cwe.mitre.org/data/definitions/226.html; alternative CWE-200: Exposure of Sensitive Information to an Unauthorized Actor...

9.8CVSS5.9AI score0.01064EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/05/20 6:19 a.m.8 views

CVE-2026-7168

A flaw was found in libcurl. When a user performs a transfer over an HTTP proxy using Digest authentication and then reuses the same handle for a second transfer with a different proxy host, libcurl incorrectly sends the Proxy-Authorization header intended for the first proxy to the second proxy...

5.3CVSS5.6AI score0.00471EPSS
Exploits1References7
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in curl

There is an authentication bypass vulnerability in libcurl version 8.0.0, particularly in the FTP connection reuse feature. This vulnerability can cause incorrect credentials to be used during subsequent transfers. Previously created connections are retained in a connection pool for reuse if they...

5.9CVSS6.6AI score0.01607EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in curl

A authentication bypass vulnerability exists in libcurl prior to v8.0.0. It reuses an previously established SSH connection, even though one SSH option has been modified, which should prevent such reuse. libcurl maintains a pool of previously used connections and can reuse them for subsequent...

7.7CVSS6.5AI score0.01162EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux – Vulnerability in curl

Due to the use of a dangling pointer, libcurl versions 7.29.0 through 7.71.1 can use the wrong connection when sending data...

7.5CVSS6.7AI score0.03721EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in curl

libcurl will reuse a previously established connection even when options related to TLS or SSH have been changed, which should prevent such reuses. libcurl stores previously used connections in a connection pool, allowing for reuse if one of them matches the current setup. However, several TLS an...

7.5CVSS6.6AI score0.02596EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in curl

When an application instructs libcurl to enable HTTP/2 server push, and the number of received headers for the push exceeds the maximum allowed limit 1000, libcurl abends the server push. During this process, libcurl inadvertently does not free all of the previously allocated headers; instead, it...

8.6CVSS6.6AI score0.36081EPSS
Exploits1References2
Rows per page
Query Builder