Lucene search
K

1784 matches found

CVE
CVE
added 2026/03/11 10:9 a.m.56 views

CVE-2026-3805

CVE-2026-3805 describes a heap-use-after-free in curl’s SMB connection reuse. During needle-based connection reuse, curl sets req->path to point inside the connection-owned smbc->share memory. When the needle is freed, smbc->share is freed as well, but req->path on the easy handle rem...

7.5CVSS5.8AI score0.00715EPSS
Exploits2References4Affected Software1
Debian CVE
Debian CVE
added 2026/03/11 10:9 a.m.5 views

CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

7.5CVSS7.2AI score0.00715EPSS
Exploits2
OSV
OSV
added 2026/03/11 8:0 a.m.6 views

CURL-CVE-2026-3805 use after free in SMB connection reuse

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

7.5CVSS5.8AI score0.00715EPSS
Exploits2
curl security advisories
curl security advisories
added 2026/03/11 8:0 a.m.7 views

use after free in SMB connection reuse

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

7.5CVSS7.2AI score0.00715EPSS
Exploits2References1Affected Software2
FreeBSD
FreeBSD
added 2026/03/11 12:0 a.m.12 views

curl -- Multiple vulnerabilties

The curl project reports: use after free in SMB connection reuse wrong proxy connection reuse with credentials token leak with redirect and netrc bad reuse of HTTP Negotiate connection...

7.5CVSS5.8AI score0.00715EPSS
Exploits4References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.4 views

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from or to a server. Curl has a security vulnerability that stems from the use of data pointers pointing to freed memory during repeated SMB requests, which may lead to memory corruption...

7.5CVSS7.1AI score0.00715EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2026/03/10 5:5 p.m.2 views

CVE-2026-26128 Windows SMB Server Elevation of Privilege Vulnerability

...

7.8CVSS5.8AI score0.00447EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/10 5:5 p.m.31 views

CVE-2026-26128 Windows SMB Server Elevation of Privilege Vulnerability

...

7.8CVSS0.00447EPSS
Exploits1References1
CVE
CVE
added 2026/03/10 5:5 p.m.42 views

CVE-2026-26128

CVE-2026-26128 concerns an elevation-of-privilege flaw in Windows SMB Server caused by improper authentication. The vulnerability affects Windows SMB Server and is described in connected sources as allowing an authorized local attacker to obtain higher privileges. Evidence from the connected docu...

7.8CVSS5.8AI score0.00447EPSS
Exploits1References3Affected Software14
CVE
CVE
added 2026/03/10 5:4 p.m.35 views

CVE-2026-24294

CVE-2026-24294 affects Windows SMB Server. The core issue is improper authentication in the SMB component, enabling an authorized local attacker to elevate privileges. The CVE is rated high (CVSS 3.1 base 7.8) with local attack vector, low complexity, and no user interaction required, and the imp...

7.8CVSS5.8AI score0.02732EPSS
Exploits1References4Affected Software14
Cvelist
Cvelist
added 2026/03/10 5:4 p.m.28 views

CVE-2026-24294 Windows SMB Server Elevation of Privilege Vulnerability

...

7.8CVSS0.02732EPSS
Exploits1References1
Ubuntu
Ubuntu
added 2026/03/10 3:20 p.m.6 views

USN-8059-8: Linux kernel (NVIDIA) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; CVE-2025-22037, CVE-2025-37899...

7.8CVSS7.1AI score0.23278EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2026/03/10 2:0 p.m.3 views

Windows SMB Server Elevation of Privilege Vulnerability

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.02732EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.3 views

PT-2026-24288

Name of the Vulnerable Software and Affected Versions Windows Server 2025 Description Improper authentication in the Windows SMB Server allows an authorized attacker to elevate privileges locally. The issue involves an NTLM reflection bypass where the core SMB component skips authentication check...

7.8CVSS7AI score0.02732EPSS
Exploits1References19
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.11 views

PT-2026-36050

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 Description An infinite loop in the SMB2 protocol dissector can lead to a denial of service. Recommendations Update Wireshark versions 4.6.0 through 4.6.4 to a...

7.8CVSS6AI score0.00206EPSS
Exploits23References102
Hacker One
Hacker One
added 2026/03/08 11:47 a.m.11 views

curl: Use-After-Free in SMB connection reuse (req->path dangling pointer after needle destruction)

Summary A heap-use-after-free occurs in smbsendopen at lib/smb.c when curl processes two SMB URLs targeting the same host. The function smbparseurlpath sets req-path as a non-owning pointer into smbc-share connection-owned memory. During connection reuse, the needle connection is freed via...

5.5AI score
Exploits0
Hacker One
Hacker One
added 2026/03/08 11:32 a.m.21 views

curl: CVE-2026-3805: use after free in SMB connection reuse

Summary A heap-use-after-free occurs in smbsendopen at lib/smb.c when curl processes two SMB URLs targeting the same host. The function smbparseurlpath sets req-path as a non-owning pointer into smbc-share connection-owned memory. During connection reuse, the needle connection is freed via...

7.5CVSS5.8AI score0.00715EPSS
Exploits2
Ubuntu
Ubuntu
added 2026/03/04 3:22 p.m.7 views

USN-8059-7: Linux kernel (AWS FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; CVE-2025-22037, CVE-2025-37899...

7.8CVSS6AI score0.23278EPSS
Exploits2
Hacker One
Hacker One
added 2026/03/04 7:25 a.m.13 views

curl: LM Challenge-Response Hash Always Sent in SMB Authentication

LM Challenge-Response Hash Always Sent in SMB Authentication Summary The curl SMB client unconditionally computes and sends both the legacy LAN Manager LM and NT challenge-response hashes during SMB session setup. The LM hash is cryptographically broken — it splits the password into two 7-charact...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/03 12:0 a.m.11 views

RHEL 9 : kernel-rt (RHSA-2026:3375)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3375 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

7.8CVSS7.3AI score0.00544EPSS
Exploits3References19
Rows per page
Query Builder