Lucene search
K

2976 matches found

AlpineLinux
AlpineLinux
added 5 days ago5 views

CVE-2026-11856

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

9.8CVSS6AI score0.00754EPSS
Exploits1References3
CVE
CVE
added 5 days ago17 views

CVE-2026-11564

CVE-2026-11564 (libcurl) describes an issue where libcurl keeps previously used connections in a pool and may continue trusting the native CA store after an application switches a handle to custom CA material for a later transfer. The connected sources confirm this behavior across multiple feeds ...

9.1CVSS6AI score0.00479EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-11564 Native CA trust persist

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

0.00479EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 5 days ago4 views

CVE-2026-11564

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

9.1CVSS6AI score0.00479EPSS
Exploits1References3
CVE
CVE
added 5 days ago19 views

CVE-2026-10536

CVE-2026-10536 describes a use-after-free in libcurl when an application builds an HTTP/2 stream-dependency tree with CURLOPT_STREAM_DEPENDS/CURLOPT_STREAM_DEPENDS_E, then calls curl_easy_reset() and ends with curl_easy_cleanup(). During final cleanup libcurl may access/modify an internal structu...

9.8CVSS6AI score0.00631EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-41497

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...

6AI score0.00631EPSS
Exploits1References3
Cvelist
Cvelist
added 5 days ago54 views

CVE-2026-10536 HTTP/2 stream-dependency tree UAF

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...

0.00631EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 5 days ago4 views

CVE-2026-10536

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...

9.8CVSS6AI score0.00631EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.13 views

libcurl 7.88.0 < 8.21.0 HTTP/2 Stream-Dependency Tree Use-After-Free

The version of libcurl installed on the remote host is 7.88.0 prior to 8.21.0. It is, therefore, affected by a use-after-free vulnerability: - A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree and subsequently invokes curleasyreset...

9.8CVSS5.8AI score0.00631EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

libcurl 7.10.6 < 8.21.0 Cross-Origin Digest Auth State Leak

The version of libcurl installed on the remote host is 7.10.6 prior to 8.21.0. It is, therefore, affected by a credential disclosure vulnerability: - Successfully using libcurl with Digest authentication and then changing the origin to a different host for a second transfer, reusing the same...

9.8CVSS5.8AI score0.00754EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

libcurl 8.18.0 < 8.21.0 Persistent Referer Header Information Disclosure

The version of libcurl installed on the remote host is 8.18.0 prior to 8.21.0. It is, therefore, affected by an information disclosure vulnerability: - A vulnerability in libcurl caused the HTTP Referer header to persist even when explicitly cleared, potentially leaking sensitive information to...

7.5CVSS5.9AI score0.00492EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.6 views

libcurl 7.7 < 8.21.0 Incomplete mTLS Config Matching in Connection Reuse

The version of libcurl installed on the remote host is 7.7 prior to 8.21.0. It is, therefore, affected by an improper certificate validation vulnerability: - libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited...

7.5CVSS6.2AI score0.00281EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.10 views

libcurl 7.43.0 < 8.21.0 Wrong Negotiate Connection Reuse

The version of libcurl installed on the remote host is 7.43.0 prior to 8.21.0. It is, therefore, affected by an improper connection reuse vulnerability: - libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use...

6.5CVSS5.8AI score0.00421EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.25 views

libcurl 8.8.0 < 8.21.0 Stale Proxy Password Leak

The version of libcurl installed on the remote host is 8.8.0 prior to 8.21.0. It is, therefore, affected by a credential disclosure vulnerability: - libcurl had a flaw that when instructed to clear proxy authentication credentials, it did not do so, leaving the old credentials around to get used...

9.8CVSS5.9AI score0.00754EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.14 views

libcurl 7.69.0 < 8.21.0 SSH Improper Host Validation

The version of libcurl installed on the remote host is 7.69.0 prior to 8.21.0. It is, therefore, affected by an improper host validation vulnerability: - When a libcurl-based application performs transfers via SCP or SFTP and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an...

7.4CVSS5.8AI score0.00384EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

libcurl 7.12.0 < 8.21.0 Cross-Proxy Digest Auth State Leak

The version of libcurl installed on the remote host is 7.12.0 prior to 8.21.0. It is, therefore, affected by a proxy credential disclosure vulnerability: - When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy...

9.1CVSS5.8AI score0.00589EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

libcurl 8.13.0 < 8.21.0 Use-After-Free in Socket Callback

The version of libcurl installed on the remote host is 8.13.0 prior to 8.21.0. It is, therefore, affected by a use-after-free vulnerability: - Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability. CVE-2026-9080 Note that Nessus has n...

7.3CVSS5.8AI score0.00407EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.5 views

libcurl 8.17.0 < 8.21.0 Native CA Trust Persist

The version of libcurl installed on the remote host is 8.17.0 prior to 8.21.0. It is, therefore, affected by an improper certificate validation vulnerability: - An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches th...

9.1CVSS5.9AI score0.00479EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in curl

When performing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl may still mistakenly accept connections to hosts that are not present in the specified file, if those hosts are added as recognized in the libssh global knownhosts file...

5.3CVSS6.7AI score0.00457EPSS
Exploits1References3
OSV
OSV
added 2026/06/24 2:0 p.m.3 views

UBUNTU-CVE-2026-9546

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result, the previous referrer string was erroneously...

7.5CVSS5.8AI score0.00492EPSS
Exploits1References3
Rows per page
Query Builder