Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

25 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2019-15025

Malware in sbrugna...

4.3CVSS4.6AI score0.00165EPSS
Exploits1References16
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-47867

Malicious code in bioql PyPI...

4.3CVSS6.2AI score0.0099EPSS
Exploits1References4
Veracode
Veracodeadded 2024/07/30 9:26 a.m.21 views

Out-of-Bounds Read

libcurl.so is vulnerable to an Out-of-Bounds Read. The vulnerability is due to a flaw in the URL API function curlurlget when using the macidn IDN backend. It arises from the function filling the provided buffer exactly without null-terminating the string. Attackers can exploit this to read stack...

4.3CVSS6.5AI score0.0099EPSS
Exploits1References6Affected Software2
RedhatCVE
RedhatCVEadded 2024/07/25 6:41 a.m.19 views

CVE-2024-6874

A buffer overread vulnerability was found in Curl's URL API function curlurlget. This issue allows a remote attacker to obtain sensitive information due to a punycode buffer overread flaw. By sending a specially crafted request, an attacker can gain sensitive information and potentially launch...

5.3CVSS6.4AI score0.0099EPSS
Exploits1References6
NVD
NVDadded 2024/07/24 8:15 a.m.32 views

CVE-2024-6874

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS0.0099EPSS
Exploits1References5
OSV
OSVadded 2024/07/24 8:15 a.m.1 views

AZL-47020 CVE-2024-6874 affecting package curl for versions less than 8.8.0-1

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS7.3AI score0.0099EPSS
Exploits1References1
OSV
OSVadded 2024/07/24 8:15 a.m.18 views

CVE-2024-6874

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS6.8AI score0.0099EPSS
Exploits1References5
OSV
OSVadded 2024/07/24 8:0 a.m.20 views

CURL-CVE-2024-6874 macidn punycode buffer overread

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS6.9AI score0.0099EPSS
Exploits1
Vulnrichment
Vulnrichmentadded 2024/07/24 7:36 a.m.22 views

CVE-2024-6874 macidn punycode buffer overread

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

6.5AI score0.0099EPSS
Exploits1References4
Debian CVE
Debian CVEadded 2024/07/24 7:36 a.m.30 views

CVE-2024-6874

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS7AI score0.0099EPSS
Exploits1
CVE
CVEadded 2024/07/24 7:36 a.m.158 views

CVE-2024-6874

CVE-2024-6874 affects libcurl’s URL API function curl_url_get() when built with the macidn IDN backend. If the input name is exactly 256 bytes, the function may read past a stack-based buffer, and when the conversion fills the provided buffer, it does not null-terminate the string, potentially ca...

4.3CVSS6.6AI score0.0099EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2024/07/24 7:36 a.m.28 views

CVE-2024-6874 macidn punycode buffer overread

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

0.0099EPSS
Exploits1References4
Hacker One
Hacker Oneadded 2024/07/24 7:19 a.m.10 views

Internet Bug Bounty: curl: stack-buffer overread during punycode conversions

The vulnerability in libcurl's URL API function curlurlget was discovered, where it performed punycode conversions. When converting a 256-byte domain name, the function read outside of a stack-based buffer, potentially leaking adjacent stack memory as part of the converted string. The flaw was...

4.3CVSS4.4AI score0.0099EPSS
Exploits1
UbuntuCve
UbuntuCveadded 2024/07/24 12:0 a.m.20 views

CVE-2024-6874

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS6.9AI score0.0099EPSS
Exploits1References2
F5 Networks
F5 Networksadded 2023/02/21 6:33 p.m.41 views

K08125515: cURL vulnerability CVE-2019-5435

Security Advisory Description An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. CVE-2019-5435 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated th...

4.3CVSS5.2AI score0.00165EPSS
Exploits1
Hacker One
Hacker Oneadded 2021/10/06 3:23 p.m.62 views

Fastify: 1-click DOS in fastify-static via directly passing user's input to new URL() of NodeJS without try/catch

Summary: When fastify-static is mounted at root and registered the option redirect: true default of redirect option is false, the following line directly feed user's input which is req.raw.url to URL API without try/catch: https://github.com/fastify/fastify-static/blob/master/index.jsL439. A remo...

6.8CVSS8.3AI score0.00362EPSS
Exploits1
NVD
NVDadded 2019/05/28 7:29 p.m.17 views

CVE-2019-5435

An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1...

4.3CVSS6.5AI score0.00165EPSS
Exploits1References8
OSV
OSVadded 2019/05/28 7:29 p.m.1 views

DEBIAN-CVE-2019-5435

An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1...

3.7CVSS5.2AI score0.00165EPSS
Exploits1References1
OSV
OSVadded 2019/05/28 7:29 p.m.19 views

CVE-2019-5435

An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1...

3.7CVSS7.1AI score0.00165EPSS
Exploits1References8
Prion
Prionadded 2019/05/28 7:29 p.m.23 views

Integer overflow

An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1...

4.3CVSS5.9AI score0.00165EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder