Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
HaxxCurl

17 matches found

CVE
CVEadded 2023/02/23 8:15 p.m.514 views

CVE-2023-23916

An allocation of resources without limits or throttling vulnerability exists in curl

6.5CVSS6.7AI score0.00051EPSS
CVE
CVEadded 2023/12/07 1:15 a.m.488 views

CVE-2023-46218

This flaw allows a malicious HTTP server to set "super cookies" in curl thatare then passed back to more origins than what is otherwise allowed orpossible. This allows a site to set cookies that then would get sent todifferent and unrelated sites and domains. It could do this by exploiting a mixed ...

6.5CVSS6.2AI score0.00432EPSS
CVE
CVEadded 2023/02/23 8:15 p.m.443 views

CVE-2023-23915

A cleartext transmission of sensitive information vulnerability exists in curl

6.5CVSS6.2AI score0.00052EPSS
CVE
CVEadded 2022/06/02 2:15 p.m.345 views

CVE-2022-27776

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

6.5CVSS7.3AI score0.00647EPSS
CVE
CVEadded 2024/09/11 10:15 a.m.304 views

CVE-2024-8096

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than ...

6.5CVSS6.6AI score0.00187EPSS
CVE
CVEadded 2021/08/05 9:15 p.m.301 views

CVE-2021-22922

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and thecli...

6.5CVSS6.6AI score0.0021EPSS
CVE
CVEadded 2024/11/06 8:15 a.m.285 views

CVE-2024-9681

When curl is asked to use HSTS, the expiry time for a subdomain mightoverwrite a parent domain's cache entry, making it end sooner or later thanotherwise intended. This affects curl using applications that enable HSTS and use URLs with theinsecure HTTP:// scheme and perform transfers with hosts lik...

6.5CVSS6.7AI score0.00473EPSS
CVE
CVEadded 2024/03/27 8:15 a.m.282 views

CVE-2024-2466

libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate che...

6.5CVSS6.4AI score0.00098EPSS
CVE
CVEadded 2022/12/05 10:15 p.m.278 views

CVE-2022-35260

curl can be told to parse a .netrc file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a ...

6.5CVSS7.5AI score0.00244EPSS
CVE
CVEadded 2022/07/07 1:15 p.m.274 views

CVE-2022-32206

curl

6.5CVSS7.9AI score0.02535EPSS
CVE
CVEadded 2024/03/27 8:15 a.m.268 views

CVE-2024-2379

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.

6.3CVSS7.1AI score0.00139EPSS
CVE
CVEadded 2017/10/05 1:29 a.m.153 views

CVE-2017-1000101

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a car...

6.5CVSS6.6AI score0.00911EPSS
CVE
CVEadded 2014/04/15 2:55 p.m.123 views

CVE-2014-0138

The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue t...

6.4CVSS6.3AI score0.02575EPSS
CVE
CVEadded 2015/06/22 7:59 p.m.97 views

CVE-2015-3237

The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.

6.4CVSS8.1AI score0.02529EPSS
CVE
CVEadded 2018/07/27 7:29 p.m.97 views

CVE-2017-2629

curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even when there is none or if the server doe...

6.5CVSS6.5AI score0.00762EPSS
CVE
CVEadded 2013/07/31 1:20 p.m.86 views

CVE-2013-2174

Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.

6.8CVSS6.6AI score0.09235EPSS
CVE
CVEadded 2025/05/28 7:15 a.m.53 views

CVE-2025-4947

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.

6.5CVSS6.4AI score0.00018EPSS