Lucene search
K

7 matches found

EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41495

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

6AI score0.00398EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in curl

When performing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl may still mistakenly accept connections to hosts that are not present in the specified file, if those hosts are added as recognized in the libssh global knownhosts file...

5.3CVSS6.7AI score0.00457EPSS
Exploits1References3
OSV
OSV
added 2026/02/19 11:51 a.m.14 views

CLSA-2026-1771501913 curl: Fix of CVE-2025-15079

CVE-2025-15079: fix accepting hosts not present in the specified knownhosts during SSH-based SCP/SFTP transfers when global knownhosts contained them restrict host verification to the specified knownhosts file...

5.3CVSS6.6AI score0.00457EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/01/06 7:0 a.m.5 views

CVE-2025-15224

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

3.1CVSS6AI score0.00413EPSS
Exploits1References4
OSV
OSV
added 2026/01/06 7:0 a.m.4 views

UBUNTU-CVE-2025-15224

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

3.1CVSS6AI score0.00413EPSS
Exploits1References5
Amazon
Amazon
added 2023/06/07 12:0 a.m.5 views

Medium: curl

Issue Overview: The curl advisory describes this issue as follows: curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the...

9.8CVSS6.8AI score0.02195EPSS
Exploits6
Veracode
Veracode
added 2023/03/21 12:27 a.m.30 views

Path Traversal

curl is vulnerable to Path Traversal. The library supports SFTP transfers with a tilde character as the first path element to denote a path relative to the user's home directory. However, due to a bug, this can be used wrongly when used as a prefix in the first element...

8.8CVSS8.8AI score0.02195EPSS
Exploits1References8Affected Software3
Rows per page
Query Builder