Lucene search
K

368547 matches found

CVE
CVE
added 2 days ago15 views

CVE-2026-9079

CVE-2026-9079 concerns libcurl: when instructed to clear proxy authentication credentials, it failed to do so, leaving the old credentials in place and potentially reused in subsequent transfers that should not know or use them. The description across multiple sources consistently states this cre...

6AI score0.0025EPSS
Exploits0References3
CVE
CVE
added 2 days ago13 views

CVE-2026-8932

libcurl (client library) is affected by CVE-2026-8932 due to incomplete mTLS config matching in the connection reuse logic. The vulnerability arises because TLS settings related to client certificates, notably the private key, were omitted from the configuration match checks, allowing a previousl...

6.2AI score0.00129EPSS
Exploits0References3
CVE
CVE
added 2 days ago14 views

CVE-2026-8927

CVE-2026-8927 affects libcurl: when reusing a handle for sequential transfers driven by environment-variable proxies, the proxy authentication state is not cleared between requests, causing leakage of the Proxy-Authorization header from an initial proxy (proxyA) to a subsequent proxy (proxyB). Af...

5.9AI score0.0025EPSS
Exploits0References3
CVE
CVE
added 2 days ago15 views

CVE-2026-8926

Curl 8.x is affected by CVE-2026-8926: when using a .netrc file to locate credentials and specifying a URL containing a username (without a password), curl could leak the password for another user configured in the same host’s .netrc file if there is no exact user match. The vulnerability concern...

6AI score0.00196EPSS
Exploits0References3
CVE
CVE
added 2 days ago11 views

CVE-2026-8925

The CVE-2026-8925 issue in curl is a SASL double-free where the GSASL context can be freed twice due to cleanup without clearing the pointer in between. This is specifically tied to curl’s SASL authentication path and can lead to a denial of service or arbitrary code execution in affected builds....

5.9AI score0.00248EPSS
Exploits0References3
CVE
CVE
added 2 days ago17 views

CVE-2026-8924

CVE-2026-8924 affects curl due to a flaw in its cookie parsing logic. A malicious HTTP server can set “super cookies” that bypass the Public Suffix List, allowing an attacker-controlled origin to inject cookies that curl scopes and transmits to unrelated third-party domains. The connected documen...

6AI score0.00219EPSS
Exploits0References3
CVE
CVE
added 2 days ago12 views

CVE-2026-8458

CVE-2026-8458 affects libcurl. A logical error can cause a reused connection to the same server that was authenticated under a different service when performing Negotiate-authenticated requests. The issue arises from libcurl’s connection pool reusing “recent connections” and failing to ensure mat...

6AI score0.00206EPSS
Exploits0References3
CVE
CVE
added 2 days ago19 views

CVE-2026-8286

CVE-2026-8286 concerns curl: a STARTTLS upgrade may reuse an existing live connection even when the TLS configuration does not match, indicating a flaw in how curl handles STARTTLS-based upgrades. Public references describe the issue consistently across multiple advisories (NVD, CVE list, OSV, Ub...

5.9AI score0.00196EPSS
Exploits0References3
CVE
CVE
added 2 days ago18 views

CVE-2026-12064

CVE-2026-12064 affects curl versions including 7.81.0 prior to 8.21.0. When using a schemeless URL with --proto-default for SFTP/ SCP, the tool layer fails to initialize SSH host verification options (CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 and CURLOPT_SSH_KNOWNHOSTS) while libcurl proceeds with the c...

6AI score0.00208EPSS
Exploits0References3
CVE
CVE
added 2 days ago18 views

CVE-2026-11856

CVE-2026-11856 describes a cross-origin Digest authentication state leak in libcurl: when performing a first transfer to hostA with Digest auth and then reusing the same handle for a second transfer to hostB, libcurl may forward the Authorization header intended for hostA to hostB. The issue is d...

6AI score0.0025EPSS
Exploits0References3
CVE
CVE
added 2 days ago20 views

CVE-2026-11586

The CVE-2026-11586 issue affects curl’s WebSocket handling: curl auto-responds to PING frames and has no upper bound on memory allocation for unacknowledged frames, enabling memory exhaustion via rapid PING floods. Affected are curl versions prior to 8.21.0 (e.g., 8.16.0). Remediation: upgrade to...

6AI score0.00206EPSS
Exploits0References3
CVE
CVE
added 2 days ago14 views

CVE-2026-11564

CVE-2026-11564 affects libcurl where a handle using default native CA trust may later switch to custom CA material and continue trusting the platform store, due to keeping previously used connections in a pool for reuse. Public docs describe the issue for versions affected by libcurl 8.17.0 prior...

6AI score0.00196EPSS
Exploits0References3
CVE
CVE
added 2 days ago14 views

CVE-2026-11352

CVE-2026-11352 affects curl/libcurl. A bug in QUIC UDP receive handling discards zero-length UDP datagrams toward the per-call budget, allowing a connected HTTP/3 server to continuously stream empty datagrams and cause a remote denial of service on the client. The provided documents do not specif...

6.7AI score0.0028EPSS
Exploits0References3
CVE
CVE
added 2 days ago14 views

CVE-2026-10536

libcurl (HTTP/2) contains a use-after-free vulnerability. If an application builds an HTTP/2 stream-dependency tree using CURLOPT_STREAM_DEPENDS/…_E, then calls curl_easy_reset() and later curl_easy_cleanup(), libcurl may access/modify an internal structure that was freed during reset. This is a ...

6AI score0.00206EPSS
Exploits0References3
CVE
CVE
added 2 days ago10 views

CVE-2026-4967

In IMS, this CVE-2026-4967 describes a possible out-of-bounds read caused by a missing bounds check, which could lead to remote denial of service without extra privileges. The NVD and CVE records confirm the issue and provide a CVSSv3.1 base score of 7.5 (HIGH) with network attack vector and no u...

7.5CVSS6AI score0.00403EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-9626

The CVE-2026-9626 entry concerns the WordPress JSON API User plugin (

6.4CVSS5.9AI score0.00228EPSS
Exploits0References6
CVE
CVE
added 2 days ago12 views

CVE-2026-9180

MotoPress Appointment Booking for WordPress (versions up to 2.4.4) is vulnerable to an Authorization Bypass via a user-controlled booking_id. The REST endpoint POST /motopress/appointment/v1/bookings is registered with a permissive permission_callback (return_true ), and createBooking() loads the...

5.3CVSS5.7AI score0.00342EPSS
Exploits0References6
CVE
CVE
added 2 days ago13 views

CVE-2026-8892

CVE-2026-8892 affects the CM Business Directory plugin for WordPress (versions up to and including 1.5.7). The vulnerability is a Stored Cross-Site Scripting (XSS) via the Business Address Meta Fields, caused by insufficient input sanitization and output escaping. Authenticated attackers with con...

6.4CVSS5.9AI score0.00212EPSS
Exploits0References7
CVE
CVE
added 2 days ago10 views

CVE-2026-11397

The CVE-2026-11397 entry concerns the WordPress plugin WP Import Export Lite (versions

5.5CVSS5.9AI score0.00235EPSS
Exploits0References6
CVE
CVE
added 2 days ago12 views

CVE-2026-9725

The CVE-2026-9725 issue affects the Printcart Web to Print Product Designer for WooCommerce plugin for WordPress (versions

9.1CVSS6.5AI score0.00742EPSS
Exploits0References6
Rows per page
Query Builder