Lucene search
K

2976 matches found

Snyk
Snyk
added 5 days ago5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the process responsible for clearing proxy authentication credentials. An attacker can gain unauthorized access to sensitive proxy credentials by leveraging subsequent transfers that reuse stale authentication...

9.8CVSS6AI score0.00754EPSS
Exploits1References2
OSV
OSV
added 5 days ago3 views

ALPINE-CVE-2026-9080

Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...

7.3CVSS5.9AI score0.00407EPSS
Exploits1References1
OSV
OSV
added 5 days ago3 views

ALPINE-CVE-2026-9079

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

9.8CVSS6AI score0.00754EPSS
Exploits1References1
OSV
OSV
added 5 days ago3 views

ALPINE-CVE-2026-9545

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS5.9AI score0.00312EPSS
Exploits1References1
OSV
OSV
added 5 days ago2 views

ALPINE-CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS6AI score0.00589EPSS
Exploits1References1
OSV
OSV
added 5 days ago3 views

ALPINE-CVE-2026-9546

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

7.5CVSS5.9AI score0.00492EPSS
Exploits1References1
OSV
OSV
added 5 days ago2 views

ALPINE-CVE-2026-8932

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

7.5CVSS6.2AI score0.00281EPSS
Exploits1References1
OSV
OSV
added 5 days ago4 views

ALPINE-CVE-2026-9547

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS6AI score0.00384EPSS
Exploits1References1
NVD
NVD
added 5 days ago6 views

CVE-2026-9545

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS0.00312EPSS
Exploits1References3
NVD
NVD
added 5 days ago6 views

CVE-2026-9079

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

9.8CVSS0.00754EPSS
Exploits1References3
NVD
NVD
added 5 days ago8 views

CVE-2026-9546

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

7.5CVSS0.00492EPSS
Exploits1References3
NVD
NVD
added 5 days ago6 views

CVE-2026-9547

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS0.00384EPSS
Exploits1References3
OSV
OSV
added 5 days ago4 views

ALPINE-CVE-2026-8458

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS6AI score0.00421EPSS
Exploits1References1
OSV
OSV
added 5 days ago2 views

ALPINE-CVE-2026-10536

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...

9.8CVSS6AI score0.00631EPSS
Exploits1References1
OSV
OSV
added 5 days ago5 views

ALPINE-CVE-2026-11856

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

9.8CVSS6AI score0.00754EPSS
Exploits1References1
NVD
NVD
added 5 days ago6 views

CVE-2026-10536

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...

9.8CVSS0.00631EPSS
Exploits1References3
NVD
NVD
added 5 days ago8 views

CVE-2026-11856

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

9.8CVSS0.00754EPSS
Exploits1References3
NVD
NVD
added 5 days ago7 views

CVE-2026-11564

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

9.1CVSS0.00479EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 5 days ago5 views

CVE-2026-9547

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS6AI score0.00384EPSS
Exploits1References3
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-41495

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

6AI score0.00384EPSS
Exploits1References3
Rows per page
Query Builder