Lucene search
K

12 matches found

OSV
OSV
added 2026/01/27 12:0 a.m.5 views

ALSA-2026:1350 Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: libcurl: Curl out of bounds read for cookie path CVE-2025-9086 For more details about the security issues, including...

7.5CVSS5.4AI score0.01301EPSS
Exploits1References4
OSV
OSV
added 2026/01/22 2:32 p.m.8 views

CLSA-2026-1769092364 curl: Fix of CVE-2025-9086

CVE-2025-9086: cookie: don't treat the leading slash as trailing...

7.5CVSS6.8AI score0.01301EPSS
Exploits1References1
OSV
OSV
added 2026/01/07 5:57 p.m.8 views

CLSA-2026-1767808644 curl: Fix of CVE-2025-9086

CVE-2025-9086: cookie: don't treat the leading slash as trailing...

7.5CVSS5.8AI score0.01301EPSS
Exploits1References1
Debian
Debian
added 2026/01/05 1:4 a.m.9 views

[SECURITY] [DLA 4432-1] curl security update

Debian LTS Advisory DLA-4432-1 [email protected] https://www.debian.org/lts/security/ Carlos Henrique Lima Melara January 04, 2026 https://wiki.debian.org/LTS Package : curl Version : 7.74.0-1.3+deb11u16 CVE ID : CVE-2025-9086 Debian Bug : A vulnerability was found in Curl, an easy-to-u...

7.5CVSS6.5AI score0.01301EPSS
Exploits1
Rockylinux
Rockylinux
added 2025/12/19 9:2 a.m.10 views

curl security update

An update is available for curl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The curl packages provide the libcurl library and the curl utility for downloadi...

7.5CVSS6.9AI score0.01301EPSS
Exploits1
OpenVAS
OpenVAS
added 2025/12/11 12:0 a.m.2 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2025-2478)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.01301EPSS
Exploits1References2
IBM AIX
IBM AIX
added 2025/12/10 4:31 p.m.10 views

AIX is vulnerable to a denial of service (CVE-2025-9086) due to cURL libcurl

IBM SECURITY ADVISORY First Issued: Wed Dec 10 16:31:39 CST 2025 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curladvisory8.asc Security Bulletin: AIX is vulnerable to a denial of service CVE-2025-9086 due to cURL libcurl...

7.5CVSS6.3AI score0.01301EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/12/10 12:0 a.m.4 views

RHEL 9 : curl (RHSA-2025:23043)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23043 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP,...

7.5CVSS6.3AI score0.01301EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/09/19 12:0 a.m.3 views

SUSE SLED15: brotli / curl / libbrotli-devel / libbrotlicommon1 / etc (SUSE-SU-2025:03268-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03268-1 advisory. Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies c...

7.5CVSS6.8AI score0.01301EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/09/12 8:8 p.m.1 views

CVE-2025-9086

1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path='/'. Since this site is not...

7.5CVSS6.3AI score0.01301EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2025/09/12 12:0 a.m.4 views

Mageia: Security Advisory (MGASA-2025-0232)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.01301EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2025/09/10 7:0 a.m.3 views

CVE-2025-9086

A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...

7.5CVSS6.6AI score0.01301EPSS
Exploits1References3
Rows per page
Query Builder