Lucene search
+L

33 matches found

AlpineLinux
AlpineLinux
added 2026/07/03 6:17 a.m.8 views

CVE-2026-9545

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS5.9AI score0.00408EPSS
Exploits1References3
NVD
NVD
added 2026/05/13 1:1 p.m.9 views

CVE-2026-6276

Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom Host: header set, the second request would use stale information and pass on cookies meant for the first host in the second reques...

7.5CVSS0.00291EPSS
Exploits1References4
OSV
OSV
added 2026/05/13 1:1 p.m.13 views

ALPINE-CVE-2026-6276

Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom Host: header set, the second request would use stale information and pass on cookies meant for the first host in the second reques...

7.5CVSS5.5AI score0.00291EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/13 8:28 a.m.98 views

CVE-2026-6276 stale custom cookie host causes cookie leak

Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom Host: header set, the second request would use stale information and pass on cookies meant for the first host in the second reques...

0.00291EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/13 8:28 a.m.27 views

EUVD-2026-29928

Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom Host: header set, the second request would use stale information and pass on cookies meant for the first host in the second reques...

7.5CVSS5.8AI score0.00291EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:28 a.m.12 views

CVE-2026-6276

Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom Host: header set, the second request would use stale information and pass on cookies meant for the first host in the second reques...

5.8AI score0.00291EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/05/13 8:28 a.m.60 views

CVE-2026-6276

CVE-2026-6276 affects libcurl: if a custom Host header is initially set for an HTTP request and a subsequent request on the same easy handle is made without the Host header, the second request can reuse stale host information and leak cookies intended for the first host. The issue manifests as a ...

7.5CVSS5.8AI score0.00291EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/13 8:28 a.m.1 views

CVE-2026-6276 stale custom cookie host causes cookie leak

Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom Host: header set, the second request would use stale information and pass on cookies meant for the first host in the second reques...

7.5CVSS7.1AI score0.00291EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2026/05/13 8:28 a.m.10 views

CVE-2026-6276

Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom Host: header set, the second request would use stale information and pass on cookies meant for the first host in the second reques...

7.5CVSS5.8AI score0.00291EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/05/13 8:28 a.m.24 views

CVE-2026-6276

Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom Host: header set, the second request would use stale information and pass on cookies meant for the first host in the second reques...

7.5CVSS5.8AI score0.00291EPSS
Exploits1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

libcurl 安全漏洞

libcurl is a free and easy-to-use client URL transfer library for cURL, which is open-source. There is a security vulnerability in libcurl, caused by improper handling of custom Host headers. This vulnerability may lead to the incorrect transmission of cookies from the first request during the...

7.5CVSS5.8AI score0.00291EPSS
Exploits1References1
OSV
OSV
added 2026/04/29 8:0 a.m.5 views

CURL-CVE-2026-6276 stale custom cookie host causes cookie leak

Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom Host: header set, the second request would use stale information and pass on cookies meant for the first host in the second reques...

7.5CVSS5.3AI score0.00291EPSS
Exploits1
curl security advisories
curl security advisories
added 2026/04/29 8:0 a.m.18 views

stale custom cookie host causes cookie leak

Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom Host: header set, the second request would use stale information and pass on cookies meant for the first host in the second reques...

7.5CVSS5.2AI score0.00291EPSS
Exploits1References1Affected Software2
RedhatCVE
RedhatCVE
added 2026/04/01 6:51 a.m.12 views

CVE-2026-34441

A flaw was found in cpp-httplib, a C++11 HTTP/HTTPS library. This vulnerability, known as HTTP Request Smuggling, allows a remote attacker to embed an arbitrary HTTP request within the body of a GET request. The server's static file handler fails to consume the entire request body, leaving unread...

6.5CVSS6AI score0.00196EPSS
Exploits1References2
OSV
OSV
added 2026/03/11 11:16 a.m.4 views

DEBIAN-CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

7.5CVSS7.2AI score0.00715EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/03/11 10:9 a.m.27 views

CVE-2026-3805 use after free in SMB connection reuse

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

0.00715EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/03/11 10:9 a.m.3 views

CVE-2026-3805 use after free in SMB connection reuse

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

5.8AI score0.00715EPSS
Exploits2References3
OSV
OSV
added 2026/03/11 10:9 a.m.6 views

CVE-2026-3805 use after free in SMB connection reuse

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

7.5CVSS7.1AI score0.00715EPSS
Exploits2References6
OSV
OSV
added 2026/03/11 8:0 a.m.8 views

CURL-CVE-2026-3805 use after free in SMB connection reuse

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

7.5CVSS5.8AI score0.00715EPSS
Exploits2
curl security advisories
curl security advisories
added 2026/03/11 8:0 a.m.9 views

use after free in SMB connection reuse

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

7.5CVSS7.2AI score0.00715EPSS
Exploits2References1Affected Software2
Rows per page
Query Builder