CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

70 matches found

EulerOS 2.0 SP13 : curl (EulerOS-SA-2026-2283)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to dox000D an Negotiate-authenticated HTTP or HTTPS request.x000D x000D...

6.5CVSS7.4AI score0.00073EPSS

Exploits2References4

Tenable Nessus•added 3 days ago•4 views

EulerOS 2.0 SP11 : curl (EulerOS-SA-2026-2238)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the...

6.5CVSS7.4AI score0.00073EPSS

Exploits2References4

Tenable Nessus•added 3 days ago•5 views

EulerOS 2.0 SP11 : curl (EulerOS-SA-2026-2200)

6.5CVSS7.4AI score0.00073EPSS

Exploits2References4

Tenable Nessus•added 6 days ago•5 views

EulerOS Virtualization 2.12.0 : curl (EulerOS-SA-2026-2097)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request.libcur...

6.5CVSS5.6AI score0.00073EPSS

Exploits2References4

Tenable Nessus•added 6 days ago•5 views

EulerOS Virtualization 2.12.1 : curl (EulerOS-SA-2026-2072)

6.5CVSS5.6AI score0.00073EPSS

Exploits2References4

OSV•added 2026/05/29 1:33 p.m.•9 views

OESA-2026-2477 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If...

7.5CVSS5.8AI score0.00104EPSS

Exploits7References8

EUVD•added 2026/05/13 6:30 p.m.•8 views

EUVD-2026-29923

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid...

6.5CVSS5.8AI score0.00036EPSS

Exploits1References4

NVD•added 2026/05/13 1:1 p.m.•6 views

CVE-2026-5545

6.5CVSS0.00036EPSS

Exploits1References3

OSV•added 2026/05/13 1:1 p.m.•2 views

ALPINE-CVE-2026-5545

6.5CVSS5.4AI score0.00036EPSS

Exploits1References1

CVE•added 2026/05/13 8:27 a.m.•17 views

CVE-2026-5545

CVE-2026-5545 affects libcurl: a logical error in connection reuse can cause a request to a server usingNegotiate authentication with user1:password1 to be mistakenly sent over a connection still authenticated for user1 when a second operation tries to authenticate as user2:password2 on the same ...

6.5CVSS5.8AI score0.00036EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/05/13 8:27 a.m.•34 views

CVE-2026-5545 wrong reuse of HTTP Negotiate connection

0.00036EPSS

Exploits1References3

Debian CVE•added 2026/05/13 8:27 a.m.•4 views

CVE-2026-5545

6.5CVSS5.8AI score0.00036EPSS

Exploits1

Vulnrichment•added 2026/05/13 8:27 a.m.•6 views

CVE-2026-5545 wrong reuse of HTTP Negotiate connection

5.8AI score0.00036EPSS

Exploits1References3

CNNVD•added 2026/05/13 12:0 a.m.•6 views

libcurl 代码问题漏洞

libcurl is an open-source, free, and easy-to-use client URL transfer library for cURL. There are code vulnerabilities in libcurl, stemming from a logical error in connection reuse logic. This error may lead to the incorrect reuse of connections that use different credentials after Negotiate...

6.5CVSS5.9AI score0.00036EPSS

Exploits1References1

OSV•added 2026/05/06 12:13 p.m.•4 views

SUSE-SU-2026:1717-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. -...

7.5CVSS7.1AI score0.00073EPSS

Exploits5References13

SUSE CVE•added 2026/05/06 1:42 a.m.•2 views

SUSE CVE-2026-32952

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

5.3CVSS5.8AI score0.0007EPSS

Exploits0References2

OSV•added 2026/05/04 1:12 p.m.•2 views

JLSEC-2026-436

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

6.5CVSS7AI score0.00073EPSS

Exploits0References2