| Use-after-free in `curl_easy_duphandle()` with HTTP/2 stream-dependency tree |
Use After Free |
giant_anteater |
None |
2026-06-01 |
| Low priority HSTS bypass in curl_easy_duphandle() |
Information Exposure Through Sent Data |
ajohnston3825 |
Low |
2026-06-01 |
| Mentioned unites are at the same time .Then we have to increase the bounty. |
Forced Browsing |
karthiktp1810 |
None |
2026-06-01 |
| TLS conn reuse and session cache ignore fsslctx callback and ssl_config_data flags ( incomplete fix variant of 7541ae569 ) |
Insufficiently Protected Credentials |
fg0x0 |
High |
2026-06-01 |
| lib/ldap.c follows attacker-controlled LDAP referrals and binds to a second server; WinLDAP builds leak current logon credentials (confirmed on Window |
Insufficiently Protected Credentials |
tpfeng |
Medium |
2026-06-01 |
| Heap-OOB read in urlapi `redirect_url()` via `CURLU_GUESS_SCHEME` + `CURLU_NO_GUESS_SCHEME` flow |
Buffer Over-read |
giant_anteater |
No rating |
2026-05-25 |
| curl GnuTLS backend accepts a clientAuth-only certificate for HTTPS server authentication |
Improper Certificate Validation |
jingzhou |
Medium |
2026-05-25 |
| curl --skip-existing has a TOCTOU race that lets a post-check symlink redirect the later download write |
Time-of-check Time-of-use (TOCTOU) Race Condition |
sdjasj |
Medium |
2026-05-20 |
| Credentials forwarded to HTTP after HTTPS→HTTP same-port redirect — url_set_data_creds uses scheme-blind comparator |
None supplied |
giant_anteater |
None |
2026-05-20 |
| HTTP/3 paused transfer buffers incoming data without bound up to ~1 GiB |
Allocation of Resources Without Limits or Throttling |
giant_anteater |
No rating |
2026-05-19 |
| Schannel custom-CA path skips Extended Key Usage enforcement |
Business Logic Errors |
giant_anteater |
No rating |
2026-05-19 |
| Connection reuse ignores haproxyprotocol and HAPROXY_CLIENT_IP settings, allowing PROXY context to persist across transfers |
Incorrect Authorization |
7omoo |
None |
2026-05-19 |
| SSL session-cache peer key omits signature_algorithms: strict-sigalg handle silently resumes a permissive sibling's session |
Improper Certificate Validation |
hexproof |
No rating |
2026-05-19 |
| CURLOPT_PROXY_CAINFO_BLOB silently activates native CA store on Apple builds |
Business Logic Errors |
giant_anteater |
None |
2026-05-19 |
| TLS peer-verification bypass via mid-transfer ssl_config mutation |
Business Logic Errors |
giant_anteater |
No rating |
2026-05-19 |
| TLS verifyhost bypass in rustls, mbedTLS, and wolfSSL when verifypeer=0 |
Business Logic Errors |
giant_anteater |
No rating |
2026-05-19 |
| HTTP/2 proxy CONNECT tunnel unbounded 1xx chain (missing Curl_bump_headersize cap in cf-h2-proxy.c) |
Allocation of Resources Without Limits or Throttling |
giant_anteater |
None |
2026-05-19 |
| CURLOPT_HSTS_CTRL disables shared HSTS without share guard — use-after-free and double-free |
Use After Free |
giant_anteater |
No rating |
2026-05-18 |
| cookie: case-insensitive path comparison in replace_existing() allows cookie eviction across distinct paths |
Business Logic Errors |
giant_anteater |
No rating |
2026-05-18 |
| libssh SFTP initialization ignores CURLOPT_TIMEOUT, hangs indefinitely |
Allocation of Resources Without Limits or Throttling |
giant_anteater |
No rating |
2026-05-18 |
| rustls backend silently ignores CURLOPT_CRLFILE when native CA store is active |
Business Logic Errors |
giant_anteater |
No rating |
2026-05-18 |
| HSTS multi-trailing-dot bypass-ish: possible incomplete fix for CVE-2022-30115 |
Cleartext Transmission of Sensitive Information |
giant_anteater |
Medium |
2026-05-18 |
| Trailing-dot IPv4 URL bypasses IP-address guard, allows wildcard DNS SAN match |
Business Logic Errors |
giant_anteater |
None |
2026-05-17 |
| NULL pointer dereference in libcurl URL API redirect_url() with CURLU_DEFAULT_SCHEME |
NULL Pointer Dereference |
mulan_dh |
None |
2026-05-17 |
| Kerberos/SPNEGO Connection Reuse Vulnerability |
None supplied |
rootofpi_ramesh |
No rating |
2026-05-14 |
| mbedTLS private-key blob null-termination asymmetry in lib/vtls/mbedtls.c (mbed_load_privkey) |
Improper Null Termination |
shecantcode2 |
No rating |
2026-05-07 |
| wcurl treats some URL operands after -- as curl options |
Improper Neutralization of Value Delimiters |
p4p3r_hak |
Medium |
2026-05-06 |
| Potential Resource Leak in tool_parsecfg.c at line 279 during fileerror |
Uncontrolled Resource Consumption |
ravindrasl2026 |
Low |
2026-05-05 |
| libcurl 8.20.0 incomplete fix for CVE-2026-7168: changing only CURLOPT_PROXYPORT leaks stale Proxy Digest auth to a different proxy |
None supplied |
codexxxx |
Medium |
2026-05-05 |
| MQTT CONNACK Packet Type Bypass leads to RCE via Malicious Broker |
ASI05: Unexpected Code Execution (RCE) |
orelbn7 |
Critical |
2026-05-05 |
| MQTT state machine confusion: PINGRESP/DISCONNECT with non-zero remaining_length dispatches to stale nextstate |
Improper Input Validation |
fxv_ray_st |
Medium |
2026-04-29 |
| Use-After-Free in SMB connection reuse (req->path dangling pointer after needle destruction) |
Use After Free |
nadsec42 |
High |
2026-04-29 |
| Negotiate connection reuse with wrong credentials when using CURLAUTH_ANY |
Authentication Bypass by Primary Weakness |
anonymous_237 |
Medium |
2026-04-29 |
| Negotiate Authentication Premature on Connection Reuse |
Improper Authentication - Generic |
sdainard |
High |
2026-04-29 |
| CVE-2026-7168: cross-proxy Digest auth state leak |
Exposure of Data Element to Wrong Session |
xkilua |
Medium |
2026-04-29 |
| CVE-2026-7009: OCSP stapling bypass with Apple SecTrust |
Improper Certificate Validation |
3lcarry |
Medium |
2026-04-29 |
| CVE-2026-6253: proxy credentials leak over redirect-to proxy |
None supplied |
joesephdiver |
Medium |
2026-04-29 |
| CVE-2026-5545: wrong reuse of HTTP Negotiate connection |
Authentication Bypass by Primary Weakness |
quaccws |
Medium |
2026-04-29 |
| CVE-2026-6276: stale custom cookie host causes cookie leak |
Exposure of Data Element to Wrong Session |
arkss |
Low |
2026-04-29 |
| CVE-2026-6429: netrc credential leak with reused proxy connection |
Information Exposure Through Sent Data |
nobcoderr |
Medium |
2026-04-29 |
| CVE-2026-4873: connection reuse ignores TLS requirement |
Cleartext Transmission of Sensitive Information |
bonaire |
Low |
2026-04-29 |
| CVE-2026-5773: wrong reuse of SMB connection |
None supplied |
osama-hamad |
Low |
2026-04-29 |
| Use-after-free in `curl_easy_ssls_export()` during callback re-entrancy |
Use After Free |
m1llie |
High |
2026-04-29 |
| Heap-buffer-overflow in `Curl_ssl_push_certinfo_len()` — sole bounds check is `DEBUGASSERT` |
Out-of-bounds Read |
h3zh3z |
High |
2026-04-29 |
| Stack exhaustion in MIME multipart reading with deeply nested subparts |
Uncontrolled Recursion |
wi110w |
Medium |
2026-04-29 |
| libcurl omits IPv6 zoneid from host identity and leaks credentials/cookies across scoped link-local realms |
Information Disclosure |
valvelvel |
Medium |
2026-04-19 |
| Digest Auth State Leak on Cross-Origin Redirect via Netrc - Username and Password Hash Sent to Wrong Host |
Insufficiently Protected Credentials |
fg0x0 |
Medium |
2026-04-19 |
| libcurl reuses a learned RTSP Session header across different hosts on the same easy handle, enabling cross-host session leak and replay |
Exposure of Data Element to Wrong Session |
skksndk |
Medium |
2026-04-18 |
| libcurl stale CURLOPT_AUTOREFERER leaks a previous request URL to a different origin on a reused easy handle |
Information Exposure Through Sent Data |
asdwe |
Low |
2026-04-17 |
| lib/http2.c: SSL connections accept non-HTTP push schemes (incomplete fix for 2e8c922a) |
Authentication Bypass by Primary Weakness |
hybirdss |
Medium |
2026-04-16 |
| Argument Injection via curl Short-Flag Grouping |
Command Injection - Generic |
midoussa7 |
Critical |
2026-04-13 |
| Integer Overflow/Signedness Mismatch in Printf Precision for HTTP/2 Trailer Headers |
Integer Overflow |
pwnpwn |
None |
2026-04-11 |
| libcurl: Integer truncation in curl_easy_ssls_import() causes TLS sessions to never expire |
None supplied |
adityasunny_06 |
Medium |
2026-04-09 |
| no_proxy IDN mismatch: Unicode hostnames bypass proxy exclusion list |
Improper Access Control - Generic |
mzfr |
No rating |
2026-04-07 |
| FTP entrypath accepts 0xFF (Telnet IAC) through incomplete ISCNTRL filter, sent on wire via CWD on connection reuse |
None supplied |
mzfr |
No rating |
2026-04-07 |
| Improper enforcement of CURLOPT_SOCKS5_AUTH due to missing reuse key validation in libcurl |
Improper Authorization |
cutiapretaa |
Low |
2026-04-07 |
| # SCURLOPT_SSH_KNOWNHOSTS and host fingerprint pins are silently bypassed when an SSH connection is reused from the connection pool |
Exposed Dangerous Method or Function |
spiderchan26 |
No rating |
2026-04-06 |
| SMTP Command Injection via CRLF in libcurl MAIL_FROM / MAIL_RCPT (lib/smtp.c) |
CRLF Injection |
divsz |
No rating |
2026-04-06 |
| ignoring 'options' when doing connection reuse |
Incorrect Comparison |
spichanlio76 |
No rating |
2026-04-05 |
| Data race in Curl_dnscache_add_negative() corrupts shared DNS cache — heap corruption and double-free when using CURLOPT_SHARE with CURL_LOCK_DATA_DNS |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
intrax |
Medium |
2026-04-04 |
| Internal application wrapper or script using curl |
Code Injection |
rougerseven7 |
Critical |
2026-04-03 |
| Missing server identity policy enforcement in SSH connection reuse allows host key verification bypass via pool poisoning |
Authentication Bypass by Primary Weakness |
intrax71 |
High |
2026-04-03 |
| Cookie attribute TAB injection regression in Set-Cookie parsing |
Improper Input Validation |
calaba_zas |
Low |
2026-04-03 |
| Bypassing Strict SSH Server Verification via Connection Pool Reuse in libcurl |
None supplied |
whitehat411 |
No rating |
2026-03-31 |
| Use-After-Free race condition in url_move_hostname() via shared connection pool |
Use After Free |
h3xb1tx |
Medium |
2026-03-31 |
| HackerOne Vulnerability Report: libcurl SSL/TLS Identity Leakage via Insecure Connection Reuse |
Authentication Bypass by Primary Weakness |
ankitsingh131225 |
No rating |
2026-03-31 |
| HTTP/2 PUSH_PROMISE header loss on OOM bypasses scheme validation (regression of 2e8c922a89) |
Improper Handling of Insufficient Permissions or Privileges |
m42kl33 |
Medium |
2026-03-31 |
| Unbounded GZIP Decompression Leading to Event-Loop Starvation |
Improper Handling of Highly Compressed Data (Data Amplification) |
ok3y |
Medium |
2026-03-31 |
| CRLF Injection in HAProxy PROXY Protocol via CURLOPT_HAPROXY_CLIENT_IP allows IP spoofing and protocol injection |
CRLF Injection |
sakthi02_sk |
Medium |
2026-03-30 |
| HTTP/2 server push accepts a non-authoritative :scheme=https over cleartext h2c, enabling HTTPS cache-key poisoning |
Improper Input Validation |
argareksapatii |
High |
2026-03-29 |
| Bearer Token Leaked to Attacker via .netrc Despite CVE-2026-3783 Fix |
None supplied |
wizard021 |
No rating |
2026-03-26 |
| Security Vulnerability Report: Protocol Injection via Programmatic Options |
CRLF Injection |
divyasingh_76 |
No rating |
2026-03-26 |
| HTTP/1.1 Response Desynchronization via conflicting CL/TE headers in Proxy CONNECT |
HTTP Request Smuggling |
3lcarry |
Low |
2026-03-25 |
| Function `do_pubkey()` can have out-of-bound read issue |
Out-of-bounds Read |
tynus |
None |
2026-03-25 |
| Exposed .git/config File Leading to Potential Sensitive Information Disclosure |
None supplied |
zoroo2 |
Low |
2026-03-20 |
| HSTS accepted from HTTP origin behind HTTPS proxy |
Acceptance of Extraneous Untrusted Data With Trusted Data |
lg_oled77c5pua |
No rating |
2026-03-17 |
| Unescaped username in SASL DIGEST-MD5 response allows injection |
Improper Neutralization of Escape, Meta, or Control Sequences |
am-perip |
Low |
2026-03-17 |
| SMB READ_ANDX DataOffset not validated |
None supplied |
tavro |
High |
2026-03-16 |
| Curl_compareheader() fails to match multi-value HTTP headers |
Expected Behavior Violation |
henriqueg |
Medium |
2026-03-12 |
| urlapi: off-by-one in custom scheme validation skips last character |
Off-by-one Error |
otiscui |
High |
2026-03-12 |
| NULL Pointer Dereference (DoS) in libcurl SFTP QUOTE command parsing due to missing return statement |
NULL Pointer Dereference |
m777m0 |
Medium |
2026-03-11 |
| CVE-2026-3805: use after free in SMB connection reuse |
Use After Free |
rat5ak |
Medium |
2026-03-11 |
| CVE-2026-3784: wrong proxy connection reuse with credentials |
Incorrect Authorization |
xaksaskookqdo |
Low |
2026-03-11 |
| CVE-2026-3783: token leak with redirect and netrc |
Information Exposure Through Sent Data |
spectreglobalsec |
Medium |
2026-03-11 |
| Connection Reuse Ignores OAuth Bearer Token Mismatch |
Improper Authentication - Generic |
sabari_n |
Medium |
2026-03-10 |
| CURLOPT_UNRESTRICTED_AUTH Dangerous Default Documentation Gap |
Information Disclosure |
sabari_n |
Low |
2026-03-10 |
| LM Challenge-Response Hash Always Sent in SMB Authentication |
Reversible One-Way Hash |
brewm4ster |
Medium |
2026-03-09 |
| In curl's SASL OAUTHBEARER authentication, including the SOH character (0x01) in the username corrupts the message structure. |
Improper Neutralization of Value Delimiters |
y_security |
Medium |
2026-03-08 |
| SSTI leads to Command injection |
Command Injection - Generic |
errorbehavior200 |
None |
2026-03-04 |
| Use after free in hyperfifo example |
Use After Free |
deepbluev7 |
None |
2026-03-03 |
| Integer Overflow in curl_multi_get_handles() Leading to Heap Buffer Overflow |
Classic Buffer Overflow |
knickers |
Medium |
2026-02-26 |
| RTSP RTP Interleaved Parser Assertion Failure (Zero-Length RTP Payload) |
Improper Check or Handling of Exceptional Conditions |
davkor |
None |
2026-02-26 |
| Able to bypass HSTS using trailing dot |
Missing Required Cryptographic Step |
shan_nandi |
Medium |
2026-02-26 |
| Curl Telnet Handler Buffer Overflow |
Buffer Underflow |
pelioro |
None |
2026-02-26 |
| MQTT Protocol Packet Injection via Unchecked CONNACK Remaining Length |
None supplied |
pajarori |
Low |
2026-02-05 |
| wcurl Argument Injection via Unquoted Variable |
Command Injection - Generic |
playerofficial19 |
Medium |
2026-01-26 |
| Integer Underflow in src/var.c |
Integer Underflow |
f_i_h |
Medium |
2026-01-26 |
| Cross‑origin cookies leak and injection risk when using a custom Host header |
Insufficiently Protected Credentials |
b4c90000040c1287364ccde6de680 |
No rating |
2026-01-20 |
| SSL options ISSUERCERT, EC_CURVES and CRLFILE silently ignored by non-OpenSSL backends |
Missing Required Cryptographic Step |
foobar4213 |
Medium |
2026-01-20 |
| Cookie Replacement Use-After-Free Vulnerability |
Use After Free |
bhaskar_ram |
None |
2026-01-19 |
| Cookie Max-Age Integer Overflow Vulnerability |
Integer Overflow |
bhaskar_ram |
Critical |
2026-01-19 |
| libcurl: Improper Authentication State Management on Cross-Protocol Redirects |
Insufficiently Protected Credentials |
andrewml |
Low |
2026-01-17 |
| IMAP Protocol Desynchronization and Response Smuggling via Naive Literal Parsing |
Improper Input Validation |
shiftj |
Low |
2026-01-14 |
| Integer-underflow leads to heap over-read in TFTP implementation |
Buffer Over-read |
z2_ |
Low |
2026-01-14 |
| Digest Authentication Header Injection |
HTTP Response Splitting |
andrew-bbp |
Low |
2026-01-14 |
| Directory listing vulnerability is disclosing names and emails, widespread (thousands of records, publicly accessible without auth) |
Information Exposure Through Directory Listing |
sawhack100 |
Critical |
2026-01-14 |
| Gopher Protocol Command Injection (SSRF Smuggling) |
Server-Side Request Forgery (SSRF) |
andrew-bbp |
High |
2026-01-14 |
| Use-After-Free in curl_easy_nextheader when reusing header handle across requests |
Use After Free |
adce626q |
No rating |
2026-01-14 |
| MQTT: unsigned integer underflow bypasses MAX_MQTT_MESSAGE_SIZE check |
None supplied |
0xshakib0x04 |
No rating |
2026-01-13 |
| integer Overflow in MQTT Protocol Handling Allows Bypassing Message Size Limit |
Integer Overflow |
gudyuu |
High |
2026-01-13 |
| Heap Out-of-Bounds Read in lib/http2.c via Malformed PUSH_PROMISE Headers |
Out-of-bounds Read |
darksql |
High |
2026-01-10 |
| CRLF Injection in HTTP header values allows arbitrary header injection |
CRLF Injection |
unknowperson0212 |
None |
2026-01-10 |
| State Isolation Failure in Multiplexed Connections (Shared Auth Context) |
Exposure of Data Element to Wrong Session |
raulvdv |
Critical |
2026-01-08 |
| Stack Buffer Overflow in mprintf.c formatting function (fallback path) |
Classic Buffer Overflow |
ankitsingh015 |
High |
2026-01-08 |
| inconsistently Rejection Logic in file:// URLs with Authority |
Path Traversal |
unknowperson0212 |
Low |
2026-01-08 |
| CVE-2025-14524: bearer token leak on cross-protocol redirect |
Insufficiently Protected Credentials |
anonymous_237 |
Low |
2026-01-07 |
| CVE-2025-15079: libssh global knownhost override |
Improper Validation of Certificate with Host Mismatch |
nyymi |
Low |
2026-01-07 |
| CVE-2025-15224: libssh key passphrase bypass without agent set |
None supplied |
nyymi |
Low |
2026-01-07 |
| MQTT: Missing upper bound on incoming Remaining Length allows server-controlled long wait |
Uncontrolled Resource Consumption |
gaurav_7777 |
Low |
2026-01-06 |
| Path Traversal in curl file:// Protocol Handler Allows Unauthorized File Access |
Path Traversal |
7hackerstar |
High |
2026-01-04 |
| Alt-Svc bypasses credential leak protection (CVE-2018-1000007) |
Information Exposure Through Sent Data |
amik_f |
High |
2026-01-04 |
| PROTOCOL-LEVEL: Persistent UDP Amplification and Cache Poisoning via Alt-Svc Logic Flaw |
Business Logic Errors |
huntsd |
High |
2026-01-02 |
| HTTP Request Smuggling and SSRF via CRLF Injection in Curl_add_custom_headers |
HTTP Request Smuggling |
n12d11n |
High |
2026-01-02 |
| CRLF Injection in Gopher Protocol (`lib/gopher.c`) |
CRLF Injection |
gaurav0212 |
Medium |
2026-01-02 |
| MQTT Protocol Violation & Integer Overflow in libcurl |
Integer Overflow |
ssyyaa |
High |
2026-01-01 |
| A quiet New Year wish for security researchers |
None supplied |
ltl_professor |
None |
2026-01-01 |
| HTTP/2 and HTTP/3 Header Injection in curl |
HTTP Response Splitting |
cyberguardianrd |
No rating |
2025-12-30 |
| Proxy-Authorization header is leaked to origin server after redirect from proxied to direct connection |
Information Exposure Through Sent Data |
yupiy |
High |
2025-12-30 |
| SMTP CRLF Injection & Protocol Desynchronization in libcurl |
CRLF Injection |
ltl_professor |
Medium |
2025-12-29 |
| Telnet Suboption Buffer Pointer Underflow in lib/telnet.c leads to Out-of-Bounds Read |
Buffer Under-read |
stif |
Low |
2025-12-29 |
| Cross‑Layer State Confusion in libcurl: Credential & Key‑Material Persistence Across Redirect / Connection Reuse Boundaries |
Violation of Secure Design Principles |
onevone |
Critical |
2025-12-28 |
| WebSocket Logic Error: Control Frame (PING/PONG) Starvation causes Connection Drop (DoS) during large transfers |
Business Logic Errors |
efrsxcv |
Medium |
2025-12-28 |
| Heap Buffer Over-read in lib/http2.c (on_header) handling PUSH_PROMISE frames |
Buffer Over-read |
efrsxcv |
High |
2025-12-28 |
| CRLF Injection / Protocol Smuggling in libcurl via CURLOPT_USERNAME (IMAP) |
CRLF Injection |
efrsxcv |
Critical |
2025-12-28 |
| HTTP/3 Protocol Smuggling and Header Injection via CRLF in QPACK value conversion |
CRLF Injection |
0x0000nosfu |
Critical |
2025-12-27 |
| Security hardening: missing integer overflow check in curl_load_library() |
Integer Overflow |
y_security |
Low |
2025-12-27 |
| Protocol Smuggling / CRLF Injection via Gopher Protocol allows Arbitrary Command Injection |
CRLF Injection |
0x0000nosfu |
High |
2025-12-25 |
| Integer Overflow in `curl_easy_escape()` may lead to heap buffer overflow and stack memory disclosure on 32-bit platforms |
Integer Overflow |
vovohelo |
Low |
2025-12-25 |
| Public-suffix cookie injection when libpsl is disabled |
None supplied |
pwnie |
No rating |
2025-12-25 |
| Heap Buffer Over-Read via Malicious SMB Server READ_ANDX Response |
Out-of-bounds Read |
strokep |
Medium |
2025-12-25 |
| HAProxy Connection Reuse leads to IP Spoofing and mTLS Context Smuggling |
Improper Access Control - Generic |
anonymous_237 |
High |
2025-12-23 |
| libcurl WebSocket handshake accepts any Sec-WebSocket-Accept |
None supplied |
pwnie |
No rating |
2025-12-23 |
| Functional Regression in Digest Authentication: Failure to handle optional spaces and escaped quotes |
Improper Input Validation |
herdiyanitdev |
Low |
2025-12-21 |
| A logic error in detect_proxy caused truncation of environment variable names for long protocol schemes. |
Business Logic Errors |
herdiyanitdev |
Low |
2025-12-21 |
| Unbounded memory consumption via compressed HTTP responses (gzip/brotli/zstd) |
Uncontrolled Resource Consumption |
gaurav0212 |
Medium |
2025-12-21 |
| Heap Buffer Over-Read via Malicious SMB Server READ_ANDX Response |
Out-of-bounds Read |
strokep |
High |
2025-12-20 |
| File URL UNC Path Access (Windows SSRF) |
None supplied |
im4x |
High |
2025-12-18 |
| Certificate Pinning Bypass with wolfSSL backend over HTTP/3 |
Improper Certificate Validation |
anonymous_237 |
Medium |
2025-12-17 |
| Heap buffer overflow in Curl_ipv4_resolve_r due to incorrect buffer alignment and size calculation on AmigaOS |
None supplied |
badrodin22 |
No rating |
2025-12-17 |
| Heap Overflow in cURL AmigaOS Socket Implementation |
Heap Overflow |
the-pink-panther |
Medium |
2025-12-16 |
| Curl Alt-Svc Parser Stack Buffer Overflow |
Stack Overflow |
the-pink-panther |
Medium |
2025-12-16 |
| Path Traversal Bypass in file:// URLs Due to Incomplete URL-Encoded Path Normalization |
Path Traversal |
ba5 |
High |
2025-12-15 |
| testing hackerone functions |
Improper Restriction of Authentication Attempts |
qqqqqqqqqqqqqqqq |
None |
2025-12-13 |
| Denial of Service (DoS) vulnerability in dedotdotify() URL path normalization |
Uncontrolled Resource Consumption |
sy2n0 |
High |
2025-12-13 |
| Buffer Overflow in cURL Internal printf Function |
Stack Overflow |
mlgzackfly |
Critical |
2025-12-12 |
| Terminal Output Not Great |
Improper Neutralization of Escape, Meta, or Control Sequences |
kelsier |
Low |
2025-12-11 |
| Certificate Hostname Validation Bypass via Leading Dot in Hostname |
Improper Certificate Validation |
4bccc |
Medium |
2025-12-09 |
| Stack Buffer Overflow in cURL wolfSSL Backend (lib/vtls/wolfssl.c) |
Stack Overflow |
lm3alm |
No rating |
2025-12-09 |
| curl built with GnuTLS backend defaults to weak crypto parameters |
Inadequate Encryption Strength |
nyymi |
None |
2025-12-08 |
| Title: Use-After-Free in cURL Test Suite via Improper Cleanup of Global Handle |
Use After Free |
rootx1337 |
High |
2025-12-05 |
| SMTP Protocol Injection via CRLF in CURLOPT_MAIL_FROM leading to Email Spoofing |
CRLF Injection |
anonymous_237 |
No rating |
2025-12-04 |
| Path Traversal in file:// protocol allows Arbitrary File Read |
Path Traversal |
qss |
High |
2025-12-01 |
| Heap Buffer Overflow in TFTP |
Heap Overflow |
helspy |
Critical |
2025-12-01 |
| Infinite loop issue in the state machine of the curl project |
None supplied |
kak1 |
No rating |
2025-11-26 |
| runs javascript on powershell when it shouldnt |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
lim_e |
No rating |
2025-11-26 |
| [SFTP] TOCTOU Race Condition in Upload Resume Logic Leads to Arbitrary File Append |
Time-of-check Time-of-use (TOCTOU) Race Condition |
cainvsilf |
Medium |
2025-11-24 |
| Arbitrary free in curl's config file parsing. |
None supplied |
letshack9707 |
Low |
2025-11-23 |
| Out-of-bounds read in HTTP method handling causes undefined behavior and potential crash This is sharp, Gaurav. We’ve got a real memory-safety bug ins |
Buffer Over-read |
gaurav_7777 |
High |
2025-11-20 |
| Double free in tool_ssls_load() |
Double Free |
xkernel |
No rating |
2025-11-18 |
| Double-free vulnerability in libcurl with rustls via NoServerCertVerifier condition leads to application crash |
None supplied |
xkernel |
No rating |
2025-11-16 |
| Incorrect sizeof() in Rustls Backend Memory Allocation |
Incorrect Calculation of Buffer Size |
pelioro |
Low |
2025-11-15 |
| Off-by-One Buffer Overflow in SMB Path Handler |
Off-by-one Error |
pelioro |
Medium |
2025-11-15 |
| Malicious server forces .curlrc creation via curl -OJ leading to local file exfiltration |
None supplied |
djogho |
No rating |
2025-11-15 |
| libcurl FTP path normalization flaw allows decoded %2e%2e → CWD .. and directory escape (Path Traversal, CWE-22) |
Path Traversal |
ahn0x |
High |
2025-11-11 |
| Hash exposed in public repository |
Exposed Dangerous Method or Function |
skymander |
None |
2025-11-11 |
| Command Injection - CRITICISM |
Command Injection - Generic |
tomar-re |
No rating |
2025-11-11 |
| Silent TLS Trust Model Hijacking via `CURL_CA_BUNDLE` Environment Variable Leads to MITM |
Improper Certificate Validation |
rootsecret3 |
Critical |
2025-11-11 |
| Arbitrary Configuration File Inclusion: via External Control of File Name or Path |
External Control of File Name or Path |
rootsecret3 |
Critical |
2025-11-10 |
| SMTP CRLF Injection in curl/libcurl via MAIL FROM/RCPT TO parameters |
None supplied |
haider790h |
Critical |
2025-11-10 |
| libcurl MQTT `CURLOPT_POSTFIELDSIZE_LARGE` overflow leads to immediate DoS |
Integer Overflow |
jiyong |
Medium |
2025-11-10 |
| Unsafe use of strcpy in Curl_ldap_err2string (packages/OS400/os400sys.c) — stack-buffer-overflow (PoC + ASan) |
Classic Buffer Overflow |
biswarup_das |
Medium |
2025-11-10 |
| SMTP CRLF Command Injection in CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT |
CRLF Injection |
bau1u |
Medium |
2025-11-10 |
| CVE-2025-10966: missing SFTP host verification with wolfSSH |
Improper Certificate Validation |
giant_anteater |
Low |
2025-11-05 |
| HackerOne |
Array Index Underflow |
hackerpllim |
None |
2025-11-03 |
| Hi Hacker |
Business Logic Errors |
hackerpllim |
None |
2025-11-03 |
| Directory Traversal Vulnerability in cURL via Content-Disposition Header Processing |
Path Traversal |
oliverkremer |
Medium |
2025-11-01 |
| Buffer over-read,, Missing NUL termination in addvariable() causes undefined behavior |
Buffer Over-read |
sagorhawlader |
No rating |
2025-10-31 |
| SOCKS5 Heap Buffer Overflow via Malicious HTTP Redirect with Oversized Hostname |
Heap Overflow |
abdullah-107 |
Medium |
2025-10-31 |
| Logical Flaw in curl_url_set Leads to Inconsistent Query Parameter Encoding |
Improper Input Validation |
exploitguru101 |
Medium |
2025-10-29 |
| Memory leak in Curl_auth_create_ntlm_type3_message |
Uncontrolled Resource Consumption |
tjbecker_theori |
Low |
2025-10-28 |
| curl’s persistence files inherit world-readable/writable perms from umask, leaking and tampering with cookies/HSTS/Alt-Svc caches |
Cleartext Storage of Sensitive Information |
geeknik |
Medium |
2025-10-28 |
| libcurl MQTT PUBLISH length overflow (heap overflow) |
Heap Overflow |
max_from_secmate |
Low |
2025-10-28 |
| Cookie exposure due to unexpected file permission change |
File and Directory Information Exposure |
nyymi |
Medium |
2025-10-27 |
| CURLX_SET_BINMODE(NULL) can call fileno(NULL) and cause undefined behavior / crash |
None supplied |
sippysir |
High |
2025-10-27 |
| Integer Overflow to Heap Overflow in DoH Response Handling |
Heap Overflow |
asdkjhasldkjahslfdkjfa |
No rating |
2025-10-25 |
| Use of Deprecated strcpy() with User-Controlled Environment Variable in Memory Debug Initialization |
None supplied |
idris_0x |
High |
2025-10-22 |
| Use of Deprecated strcpy() with Fixed-Size Buffers in Progress Time Formatting |
None supplied |
idris_0x |
Medium |
2025-10-22 |
| Buffer Overflow in WebSocket Handshake (lib/ws.c:1287) |
Classic Buffer Overflow |
aybanda |
High |
2025-10-21 |
| SMTP Command Injection Vulnerability in libcurl 8.16.0 via RFC 3461 Suffix |
CRLF Injection |
spolu-dust |
No rating |
2025-10-17 |
| Missing enforcement of SFTP quote syntax can lead to operation on wrong object |
Improper Validation of Syntactic Correctness of Input |
nyymi |
No rating |
2025-10-12 |
| Apple SecTrust legacy path accepts untrusted certificates on pre-10.14 macOS/iOS when built with USE_APPLE_SECTRUST |
Improper Certificate Validation |
giant_anteater |
High |
2025-10-09 |
| OpenSSL backend: X509 peer certificate not freed in ossl_get_channel_binding causes per-request memory leak (DoS risk for long-lived clients) |
Uncontrolled Resource Consumption |
giant_anteater |
Low |
2025-10-08 |
| Unsanitized IPFS CID Allows SSRF Against Configured Gateway |
Server-Side Request Forgery (SSRF) |
donutshunter |
Medium |
2025-10-03 |
| AWS SigV4 Signature Disclosure via Verbose Logging in libcurl |
Information Disclosure |
leftyha |
No rating |
2025-10-01 |
| Use-after-free when POST body buffer is freed before transfer |
Use After Free |
giant_anteater |
Medium |
2025-09-26 |
| SMTP Command Injection Vulnerabilities in curl |
Command Injection - Generic |
giant_anteater |
No rating |
2025-09-26 |
| Inconsistent URL Parsing in curl Leading to Potential SSRF and Access Control Bypass |
Improper Input Validation |
z3r0yu |
Low |
2025-09-26 |
| Race condition on global `gss_context` during SOCKS5 GSS-API negotiation in libcurl |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
giant_anteater |
Medium |
2025-09-26 |
| Timing Attack Vulnerability in curl Digest Authentication via Non-Constant-Time String Comparison |
Information Exposure Through Timing Discrepancy |
frizo_05 |
Medium |
2025-09-18 |
| Security Analysis Report: CURL Integer Overflow Vulnerability |
Integer Overflow |
mohiq |
No rating |
2025-09-18 |
| int overflow in krb5_read_data() leads to (possible) massive `recv()` write |
Integer Overflow |
smiliesandco |
Low |
2025-09-18 |
| Stack Buffer Overflow in cURL Cookie Parsing Leads to RCE |
Stack Overflow |
batuhanilgarr |
High |
2025-09-16 |
| Multiple Unsafe strcpy() Function Calls Leading to Potential Buffer Overflow Vulnerabilities in cURL 8.16.1-DEV |
Classic Buffer Overflow |
anony_gaku |
High |
2025-09-14 |
| TOCTOU Race Condition in HTTP/2 Connection Reuse Leads to Certificate Validation Bypass |
Time-of-check Time-of-use (TOCTOU) Race Condition |
0xrey |
High |
2025-09-11 |
| CVE-2025-9086: Out of bounds read for cookie path |
Buffer Over-read |
bigsleep |
Low |
2025-09-10 |
| CVE-2025-10148: predictable WebSocket mask |
Reusing a Nonce, Key Pair in Encryption |
cruocco |
Low |
2025-09-10 |
| Confirmed Security Misconfigurations on curl.se (BREACH, Missing Security Headers, ETag Info Disclosure) |
Information Disclosure |
mohmed_shoukry |
Medium |
2025-09-09 |
| libcurl: Host-Only Cookies Leak to Alternate IPv4 Forms |
None supplied |
g3nj1z |
No rating |
2025-09-04 |
| Heap-buffer-overflow (Out-of-Bounds Read) in DoH hostname encoding |
Out-of-bounds Read |
reporascal_1 |
None |
2025-09-04 |
| Incorrect Parsing of IPv6 Zone ID in curl |
Authentication Bypass by Primary Weakness |
9vvert |
High |
2025-09-01 |
| Missing Security Headers |
None supplied |
balajidev |
Medium |
2025-08-22 |
| curl leaks destination IP via glibc getaddrinfo() UDP connect, bypassing SOCKS5/Tor |
Information Disclosure |
robert_min1 |
No rating |
2025-08-20 |
| Curl parse_connect_to_string Heap-Overread Leading to Denial of Service via CURLOPT_CONNECT_TO |
Buffer Over-read |
irene1hacker |
Medium |
2025-08-20 |
| WebSocket Fragmentation DoS on Curl Client |
Uncontrolled Resource Consumption |
pelioro |
High |
2025-08-19 |
| ## Title Heap Use-After-Free Vulnerability in `curl` Leading to Potential Code Execution |
Use After Free |
irene1hacker |
Medium |
2025-08-18 |
| Account/Repository Takeover via Abandoned GitHub Username in curl's href_extractor.c |
LLM05: Supply Chain Vulnerabilities |
ks_karem77 |
Medium |
2025-08-12 |
| Insecure WebSocket Usage in curl Documentation and Examples (CWE-319: Cleartext Transmission of Sensitive Information) |
Cleartext Transmission of Sensitive Information |
spectre-1 |
High |
2025-08-12 |
| Unsafe Global IFS Modification in OS400 Shell Script Enables Command Injection and Parsing Flaws (CWE-78/CWE-20) |
Improper Input Validation |
spectre-1 |
High |
2025-08-12 |
| Exposure of Hard-coded Private Keys and Credentials in curl Source Repository (CWE-321) |
Use of Hard-coded Cryptographic Key |
spectre-1 |
Critical |
2025-08-12 |
| Title: Remote Code Execution (RCE) via Arbitrary Library Loading in `--engine` option |
Code Injection |
z1andr4g0n |
Critical |
2025-08-10 |
| Path Traversal in SFTP QUOTE command leads to Arbitrary File Write and potential RCE |
Relative Path Traversal |
z1andr4g0n |
Critical |
2025-08-10 |
| Vulnerability Report: Local File Disclosure via file:// Protocol in cURL |
Path Traversal |
ahmedqc1 |
Medium |
2025-08-10 |
| Heap Buffer Overflow in Curl_memdup0() via CURLOPT_COPYPOSTFIELDS/CURLOPT_POSTFIELDSIZE Mismatch |
Buffer Over-read |
geeknik |
High |
2025-08-09 |
| Use After Free (that leads to arbitrary Write for some versions) |
Use After Free |
letshack9707 |
No rating |
2025-08-06 |
| Integer Overflow in schannel.c TLS Data Transmission |
Integer Overflow |
kakorrhaphiophobia |
Medium |
2025-08-02 |
| Stack use-after-scope in HTTP/3 POST request processing via CURLOPT_POSTFIELDS |
Use After Free |
geeknik |
High |
2025-07-31 |
| OpenSSL HTTP/3 bogus CURLINFO_TLS_SSL_PTR |
Use After Free |
nyymi |
No rating |
2025-07-28 |
| Vulnerability Report: Public Exposure of Security Audit File |
Information Disclosure |
cyph3r_nitro |
Medium |
2025-07-27 |
| Security check up |
Allocation of Resources Without Limits or Throttling |
ejejohn |
Low |
2025-07-24 |
| Use after free (or assert triggered) with failed allocations in openssl |
Use After Free |
catenacyber |
No rating |
2025-07-24 |
| Exposure of Private RSA Private Key in curl GitHub Repository |
Insecure Storage of Sensitive Information |
ahmedf_f |
No rating |
2025-07-23 |
| GnuTLS CURLINFO_TLS_SESSION / CURLINFO_TLS_SSL_PTR type confusion |
Type Confusion |
nyymi |
No rating |
2025-07-23 |
| on the implications of permitting procedural culling |
Use of Insufficiently Random Values |
lyb_unaffiliated |
Low |
2025-07-22 |
| curl ASSERTs when accessing an LDAP URL |
Business Logic Errors |
cmeister2 |
No rating |
2025-07-22 |
| Disk Space Exhaustion leading to a Denial of Service (DoS) |
LLM04: Model Denial of Service |
hadesguy |
Medium |
2025-07-14 |
| Uncontrolled File Write/Arbitrary File Creation |
Code Injection |
hadesguy |
High |
2025-07-13 |
| HTTP Request Smuggling Vulnerability Analysis - cURL Security Report |
HTTP Request Smuggling |
youssef111 |
Medium |
2025-07-13 |
| Default Minimum TLS Version Set to TLS v1.0 (Cryptographic Weakness) |
Use of a Broken or Risky Cryptographic Algorithm |
monkey_dee |
Medium |
2025-07-10 |
| Use-After-Free in OpenSSL Keylog Callback via SSL_get_ex_data() in libcurl |
Use After Free |
brobagazzzx |
High |
2025-07-09 |
| Arbitrary File Read via file:// Protocol in cURL |
Path Traversal |
mrtufan |
Critical |
2025-07-09 |
| access notes without permission |
Information Disclosure |
haydradz |
None |
2025-07-08 |
| Disclosure of email addresses |
Information Disclosure |
haydradz |
None |
2025-07-08 |
| curl --continue-at confusion |
Business Logic Errors |
nyymi |
Medium |
2025-07-07 |
| Information Disclosure at : https://curl.se/.mailmap |
Information Disclosure |
haithamzakaria |
High |
2025-07-07 |
| information disclosure |
None supplied |
rono_07 |
None |
2025-07-07 |
| netrc crlf injection |
CRLF Injection |
nyymi |
No rating |
2025-07-07 |
| curl mishandles `%0c%0b` sequences in HTTP responses leading to CRLF confusions, Headers and Cookies Injection |
CRLF Injection |
mdakh404 |
No rating |
2025-07-07 |
| Arbitrary File Deletion Vulnerability in curl Source Code via os.unlink() |
Improper Input Validation |
aadityaathehacker |
High |
2025-07-07 |
| -H with space prefix leads to previous header injection when used with --proxy |
Improper Check or Handling of Exceptional Conditions |
spongebhav |
Medium |
2025-07-07 |
| OS Command Injection (subprocess Module Usage) |
OS Command Injection |
bulter |
Low |
2025-07-07 |
| Git repository found |
Information Disclosure |
tefa_ |
High |
2025-07-07 |
| Integer Overflow Risk in HTTP/2 Proxy Window Size Calculations |
Integer Overflow |
rbxcoolkidd |
Medium |
2025-07-07 |
| TLS Cipher Misconfiguration in HTTP/3/QUIC Support |
None supplied |
zzq1015 |
No rating |
2025-07-06 |
| CRLF injection in libcurl's SMTP client via --mail-from and --mail-rcpt allows SMTP command smuggling |
CRLF Injection |
skrcprst |
Medium |
2025-07-03 |
| curl doesn't hide credentials in /proc/XXX/cmdline provided via CLI arguments |
Cleartext Transmission of Sensitive Information |
stogusho |
Medium |
2025-07-03 |
| Elevation of Privileges (EoP) vulnerabilities related to the some easy_options on Windows |
Privilege Escalation |
justlikebono_official |
High |
2025-07-03 |
| Authorization Header Leak via --location-trusted in Curl |
Information Exposure Through Sent Data |
voggerloops |
High |
2025-07-03 |
| Memory leak of ftp (with proxy reuse) |
None supplied |
catenacyber |
None |
2025-07-01 |
| HTTP Proxy Bypass via `CURLOPT_CUSTOMREQUEST` Verb Tunneling |
Improper Access Control - Generic |
alphox |
High |
2025-07-01 |
| Speculative Execution Side-Channel in `curl` |
Authentication Bypass by Primary Weakness |
evilginx29 |
Medium |
2025-07-01 |
| arbitrary file read via `file://` path traversal with `--path-as-is` |
Path Traversal |
demsese |
Medium |
2025-07-01 |
| Heap buffer overflow vulnerability in conncache.c: incorrect use of pointer arrays resulting in out-of-bounds memory writes. |
Heap Overflow |
freak_coding |
Medium |
2025-07-01 |
| curl -OJ allows creating custom .curlrc file which allows exfiltrating private data, among other things |
None supplied |
wolfsage |
None |
2025-07-01 |
| curl_easy_header runs at O(N) or worse and can be abused to use minute(s) of CPU time |
Uncontrolled Resource Consumption |
wolfsage |
No rating |
2025-07-01 |
| [High] MITM via Insecure CA Path Handling in cURL (--capath, CURLOPT_CAPATH) (CWE-494: Download of Code Without Integrity Check) |
Reliance on Untrusted Inputs in a Security Decision |
oicus |
High |
2025-06-30 |
| [High] Arbitrary File Write via Path Traversal in cURL CLI (`-o`, `--output`) (CWE-22: Improper Limitation of a Pathname to a Restricted Directory) |
Path Traversal |
oicus |
High |
2025-06-30 |
| Potential XSS vector in curl via unsanitized URL parameter handling |
Code Injection |
redfoxsec |
High |
2025-06-30 |
| Double free caused by mqtt_doing() |
Double Free |
tdp3kel9g |
None |
2025-06-30 |
| Buffer Overflow in curl's Rustls Backend |
Integer Overflow |
cyberguardianrd |
No rating |
2025-06-30 |
| Stack-based Buffer Overflow in TELNET NEW_ENV Option Handling |
Stack Overflow |
0xagent0 |
High |
2025-06-30 |
| Heap Buffer Overflow in libcurl curl_slist_append via Unterminated String |
Heap Overflow |
geeknik |
High |
2025-06-30 |
| Memory leak from doh_write_cb |
Allocation of Resources Without Limits or Throttling |
catenacyber |
None |
2025-06-29 |
| HTTP/2 CONTINUATION Flood Vulnerability |
Allocation of Resources Without Limits or Throttling |
evilginx29 |
High |
2025-06-28 |
| Path Traversal Vulnerability in curl via Unsanitized IPFS_PATH Environment Variable |
Path Traversal |
ziad616 |
High |
2025-06-28 |
| Buffer Overflow in curl MQTT Test Server (tests/server/mqttd.c) via Malicious CONNECT Packet |
Memory Corruption - Generic |
drdee-hackerone |
Critical |
2025-06-28 |
| Free of uninitialized pointer in doh_decode_rdata_name() |
Use After Free |
tdp3kel9g |
No rating |
2025-06-28 |
| Improper Restriction of Authentication Attempts in cURL |
Improper Restriction of Authentication Attempts |
irfanmughal1122 |
Critical |
2025-06-28 |
| Stack Buffer Overflow in curl's OpenSSL Provider Handling |
Stack Overflow |
oblivionsage |
Medium |
2025-06-28 |
| OS Command Injection in scripts/firefox-db2pem.sh via untrusted certificate nicknames |
OS Command Injection |
behindtheblackwall |
High |
2025-06-28 |
| Failure to strip Proxy-Authorization header on change in origin |
Information Disclosure |
grahamcampbell |
Medium |
2025-06-27 |
| Arbitrary File Read via Unsanitized curl Usage Results in Sensitive File Exposure |
External Control of File Name or Path |
ednaq |
None |
2025-06-27 |
| Credential leak on redirect due to improper state clearing when parsing macdef in netrc.c |
Information Exposure Through Sent Data |
oxghostly |
Low |
2025-06-22 |
| Sensitive information disclosure with malicious netrc file |
LLM06: Sensitive Information Disclosure |
z2_ |
Medium |
2025-06-22 |
| CVE-2025-5399: WebSocket endless loop |
Loop with Unreachable Exit Condition ('Infinite Loop') |
z2_ |
Low |
2025-06-04 |
| CVE-2025-5025: No QUIC certificate pinning with wolfSSL |
Improper Certificate Validation |
kurohiro |
Medium |
2025-05-28 |
| CVE-2025-4947: QUIC certificate check skip with wolfSSL |
Improper Validation of Certificate with Host Mismatch |
kurohiro |
Medium |
2025-05-28 |
| Memory Leak in libcurl via Location Header Handling (CWE-770) |
Allocation of Resources Without Limits or Throttling |
senseijohnmed |
High |
2025-05-22 |
| `Curl_socketpair()` fallback vulnerable to man-in-the-middle attack |
Man-in-the-Middle |
jmanojlovich |
No rating |
2025-05-20 |
| Memory Leak |
Memory Corruption - Generic |
antypanty |
No rating |
2025-05-10 |
| CRLF Injection in `--proxy-header` allows extra HTTP headers (CWE-93) |
CRLF Injection |
oblivionsage |
None |
2025-05-08 |
| HTTP/3 Stream Dependency Cycle Exploit |
Improper Input Validation |
evilginx29 |
High |
2025-05-04 |
| Double Free Vulnerability in `libcurl` Cookie Management (`cookie.c`) |
Double Free |
tannicarcher |
No rating |
2025-04-29 |
| Use of a Broken or Risky Cryptographic Algorithm (CWE-327) in libcurl |
Use of a Broken or Risky Cryptographic Algorithm |
tannicarcher |
No rating |
2025-04-29 |
| Heap‑based buffer overflow in curl -K <config_file> allows arbitrary write . |
Heap Overflow |
bsr13 |
High |
2025-04-27 |
| Use after free (read) in curl_multi_perform with DoH and Proxy options, and resolve timeouts |
Use After Free |
catenacyber |
No rating |
2025-03-06 |
| Format string vulnerability, curl_msnprintf() function |
Use of Externally-Controlled Format String |
orcahack |
Medium |
2025-02-20 |
| ("possible") UAF |
Memory Corruption - Generic |
7mkrooal |
None |
2025-02-08 |
| CVE-2025-0167: netrc and default credential leak |
LLM06: Sensitive Information Disclosure |
sherlock2010 |
Low |
2025-02-07 |
| CVE-2025-0665: eventfd double close |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
ankomcoper |
Low |
2025-02-07 |
| curl allows SSH connection even if host is not in known_hosts |
Improper Certificate Validation |
nyymi |
High |
2025-02-05 |
| CVE-2025-0725: gzip integer overflow |
Integer Overflow to Buffer Overflow |
z2_ |
Low |
2025-02-05 |
| Hackers Attack Curl Vulnerability Accessing Sensitive Information |
Information Disclosure |
scottarterbury |
Medium |
2024-12-27 |
| bypass of this Fixed #2437131 [ Inadequate Protocol Restriction Enforcement in curl ] |
Cleartext Transmission of Sensitive Information |
hackeriron1 |
Low |
2024-12-19 |
| CVE-2024-11053: netrc + redirect credential leak |
Information Disclosure |
nyymi |
Low |
2024-12-11 |
| Buffer Overflow Risk in Curl_inet_ntop and inet_ntop4 |
Classic Buffer Overflow |
b3fbcf5debe00185bbe06c0 |
High |
2024-12-08 |
| Buffer Overflow Vulnerability in strcpy() Leading to Remote Code Execution |
Classic Buffer Overflow |
lostnotfound123 |
Critical |
2024-12-02 |
| Buffer overflow in strcpy |
Buffer Underflow |
rootgh0st |
Critical |
2024-11-07 |
| CVE-2024-9681: HSTS subdomain overwrites parent cache entry |
Business Logic Errors |
newfunction |
Low |
2024-11-06 |
| Exploitable Format String Vulnerability in curl_mfprintf Function |
Use of Externally-Controlled Format String |
reterix |
High |
2024-11-06 |
| When curl uses Schannel as TLS backend, it fails to enforce TLS 1.3 cipher suite selections correctly |
Business Logic Errors |
newfunction |
Medium |
2024-11-04 |
| CVE-2024-8096: OCSP stapling bypass with GnuTLS |
Improper Certificate Validation |
kurohiro |
Medium |
2024-09-11 |
| CVE-2024-7264: ASN.1 date parser overread |
Buffer Over-read |
dubek |
Low |
2024-08-01 |
| CVE-2024-6197: freeing stack buffer in utf8asn1str |
Free of Memory not on the Heap |
z2_ |
Medium |
2024-07-24 |
| CVE-2024-6874: macidn punycode buffer overread |
Buffer Over-read |
z2_ |
Low |
2024-07-24 |
| NULL dereference when encoding DN of x509 certificate |
NULL Pointer Dereference |
z2_ |
Low |
2024-06-19 |
| Unicode-to-ASCII conversion on Windows can lead to argument injection and more |
Encoding Error |
splitline |
High |
2024-06-18 |
| Incorrect Encoding Conversion in hostname results in indeterminate SSRF vulnerabilities |
Type Confusion |
z3r0yu |
Low |
2024-06-18 |
| Denial of Service in curl Request - HTTP headers eat all memory |
Allocation of Resources Without Limits or Throttling |
stux3net08 |
Medium |
2024-06-18 |
| Incorrect Type Conversion in interpreting IPv4-mapped IPv6 addresses and below `curl` results in indeterminate SSRF vulnerabilities. |
Type Confusion |
z3r0yu |
Critical |
2024-05-08 |
| cookie is sent on redirect |
Insufficiently Protected Credentials |
iylz |
Medium |
2024-03-28 |
| CVE-2024-2004: Usage of disabled protocol |
Misinterpretation of Input |
dfandrich |
Low |
2024-03-27 |
| HTTP/2 PUSH_PROMISE DoS |
Uncontrolled Resource Consumption |
w0x42 |
Medium |
2024-03-27 |
| CVE-2024-2466: TLS certificate check bypass with mbedTLS |
Improper Validation of Certificate with Host Mismatch |
frankyueh |
Medium |
2024-03-27 |
| CVE-2024-2398: HTTP/2 push headers memory-leak |
Uncontrolled Resource Consumption |
w0x42 |
Medium |
2024-03-27 |
| CVE-2024-2379: QUIC certificate check bypass with wolfSSL |
Improper Certificate Validation |
fullmetal5 |
Low |
2024-03-27 |
| CVE-2024-0853: OCSP verification bypass with TLS session reuse |
Improper Check for Certificate Revocation |
kurohiro |
Low |
2024-01-31 |
| Buffer Overflow Vulnerability in WebSocket Handling |
Heap Overflow |
hackers_ |
High |
2024-01-02 |
| CVE-2023-46219: HSTS long file name clears contents |
Missing Encryption of Sensitive Data |
cxshakal |
Low |
2023-12-08 |
| CVE-2023-46218: cookie mixed case PSL bypass |
Information Exposure Through Sent Data |
nyymi |
Medium |
2023-12-06 |
| Buffer overflow and affected url:-https://github.com/curl/curl/blob/master/docs/examples/hsts-preload.c |
Classic Buffer Overflow |
cyberguardianrd |
Critical |
2023-11-15 |
| [Critical] Curl CVE-2023-38545 vulnerability code changes are disclosed on the internet |
Information Disclosure |
shelldoit |
Critical |
2023-10-16 |
| CVE-2023-38546: cookie injection with none file |
External Control of File Name or Path |
w0x42 |
Low |
2023-10-11 |
| CVE-2023-38545: socks5 heap buffer overflow |
Heap Overflow |
raysatiro |
High |
2023-10-11 |
| NULL Pointer dereference in idn.c |
NULL Pointer Dereference |
s0urc3_ |
Critical |
2023-09-20 |
| CVE-2023-38039: HTTP header allocation DOS |
Allocation of Resources Without Limits or Throttling |
selmelc |
Medium |
2023-09-13 |
| CVE-2023-32001: fopen race condition |
Time-of-check Time-of-use (TOCTOU) Race Condition |
selmelc |
Medium |
2023-07-25 |
| CVE-2023-28319: UAF in SSH sha256 fingerprint check |
Use After Free |
wct |
Medium |
2023-05-24 |
| Cache purge requests are not authenticated |
Business Logic Errors |
redx_cybersec |
Medium |
2023-05-20 |
| CVE-2023-28321: IDN wildcard match |
Improper Certificate Validation |
kurohiro |
Low |
2023-05-18 |
| CVE-2023-28322: more POST-after-PUT confusion |
Expected Behavior Violation |
kurohiro |
Low |
2023-05-18 |
| CVE-2023-28320: siglongjmp race condition |
Improper Synchronization |
nyymi |
Low |
2023-05-17 |
| CVE-2023-27538: SSH connection too eager reuse still |
Authentication Bypass by Primary Weakness |
nyymi |
Low |
2023-03-22 |
| CVE-2023-27536: GSS delegation too eager connection re-use |
Authentication Bypass by Primary Weakness |
nyymi |
Low |
2023-03-22 |
| CVE-2023-27535: FTP too eager connection reuse |
Authentication Bypass by Primary Weakness |
nyymi |
Medium |
2023-03-22 |
| CVE-2023-27534: SFTP path ~ resolving discrepancy |
Path Traversal |
nyymi |
Low |
2023-03-22 |
| CVE-2023-27533: Telnet option IAC injection |
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) |
nyymi |
Low |
2023-03-22 |
| CVE-2023-27537: HSTS double-free |
Double Free |
kurohiro |
Low |
2023-03-20 |
| CVE-2023-23916: HTTP multi-header compression denial of service |
Allocation of Resources Without Limits or Throttling |
monnerat |
Medium |
2023-02-20 |
| CVE-2023-23914: curl HSTS ignored on multiple requests |
Cleartext Transmission of Sensitive Information |
nyymi |
Low |
2023-02-15 |
| CVE-2023-23915: HSTS amnesia with --parallel |
Cleartext Transmission of Sensitive Information |
nyymi |
Low |
2023-02-15 |
| curl file writing susceptible to symlink attacks |
Business Logic Errors |
nyymi |
Low |
2023-01-07 |
| libssh backend CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 validation bypass |
Business Logic Errors |
nyymi |
Low |
2023-01-07 |
| CVE-2022-43552: HTTP Proxy deny use-after-free |
Use After Free |
bagder |
Low |
2022-12-26 |
| CVE-2022-43551: Another HSTS bypass via IDN |
Cleartext Transmission of Sensitive Information |
kurohiro |
Medium |
2022-12-21 |
| CVE-2022-42915: HTTP proxy double-free |
Double Free |
bagder |
Medium |
2022-11-26 |
| CVE-2022-32221: POST following PUT confusion |
Expected Behavior Violation |
robbotic |
Medium |
2022-11-26 |
| CVE-2022-42916: HSTS bypass via IDN |
Cleartext Transmission of Sensitive Information |
kurohiro |
Medium |
2022-10-27 |
| CVE-2022-35260: .netrc parser out-of-bounds access |
Out-of-bounds Read |
kurohiro |
Low |
2022-10-27 |
| CVE-2022-35252: control code in cookie denial of service |
Improper Input Validation |
haxatron1 |
Low |
2022-08-31 |
| CVE-2022-32205: Set-Cookie denial of service |
Allocation of Resources Without Limits or Throttling |
nyymi |
Low |
2022-06-27 |
| CVE-2022-32206: HTTP compression denial of service |
Allocation of Resources Without Limits or Throttling |
nyymi |
Medium |
2022-06-27 |
| CVE-2022-32207: Unpreserved file permissions |
Business Logic Errors |
nyymi |
Medium |
2022-06-27 |
| CVE-2022-32208: FTP-KRB bad message verification |
Business Logic Errors |
nyymi |
Low |
2022-06-27 |
| Credential leak when use two url |
Insufficiently Protected Credentials |
liang1 |
Medium |
2022-06-27 |
| curl "globbing" can lead to denial of service attacks |
Uncontrolled Resource Consumption |
iylz |
Low |
2022-06-16 |
| Integer overflows in unescape_word() |
Integer Overflow |
ddme |
Low |
2022-06-09 |
| match |
External Control of Critical State Data |
maslahhunter |
High |
2022-06-09 |
| Heap overflow via HTTP/2 PUSH_PROMISE |
Heap Overflow |
nyymi |
Low |
2022-06-05 |
| KRB-FTP: Security level downgrade |
Business Logic Errors |
nyymi |
None |
2022-06-05 |
| CVE-2022-27781: CERTINFO never-ending busy-loop |
Uncontrolled Resource Consumption |
sybr |
Low |
2022-05-16 |
| Credential leak on redirect |
Insufficiently Protected Credentials |
iylz |
Medium |
2022-05-14 |
| error parse uri path in curl |
Improper Access Control - Generic |
iylz |
High |
2022-05-13 |
| Memory leak in CURLOPT_XOAUTH2_BEARER |
Uncontrolled Resource Consumption |
pappacoda |
Medium |
2022-05-13 |
| Cookie injection from non-secure context |
Session Fixation |
nyymi |
High |
2022-05-13 |
| CVE-2022-30115: HSTS bypass via trailing dot |
Missing Required Cryptographic Step |
haxatron1 |
Medium |
2022-05-11 |
| CVE-2022-27780: percent-encoded path separator in URL host |
Server-Side Request Forgery (SSRF) |
haxatron1 |
Medium |
2022-05-11 |
| CVE-2022-27782: TLS and SSH connection too eager reuse |
Business Logic Errors |
nyymi |
Medium |
2022-05-11 |
| CVE-2022-27779: cookie for trailing dot TLD |
Information Exposure Through Sent Data |
haxatron1 |
Medium |
2022-05-11 |
| CVE-2022-27778: curl removes wrong file on error |
Business Logic Errors |
nyymi |
Medium |
2022-05-11 |
| Certificate authentication re-use on redirect |
Business Logic Errors |
nyymi |
Medium |
2022-05-11 |
| CVE-2022-22576: OAUTH2 bearer bypass in connection re-use |
Improper Authentication - Generic |
monnerat |
Medium |
2022-04-29 |
| CVE-2022-27776: Auth/cookie leak on redirect |
Insufficiently Protected Credentials |
nyymi |
Medium |
2022-04-27 |
| CVE-2022-27775: Bad local IPv6 connection reuse |
Business Logic Errors |
nyymi |
Low |
2022-04-27 |
| CVE-2022-27774: Credential leak on redirect |
Insufficiently Protected Credentials |
nyymi |
High |
2022-04-27 |
| CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 comparison disaster |
Cryptographic Issues - Generic |
nyymi |
Medium |
2022-04-25 |
| CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 bypass if string not 32 chars |
Business Logic Errors |
nyymi |
Medium |
2022-04-25 |
| --libcurl code injection via trigraphs |
Code Injection |
nyymi |
Low |
2022-04-24 |
| curl proceeds with unsafe connections when -K file can't be read |
Improper Check or Handling of Exceptional Conditions |
medianmedianstride |
High |
2022-04-21 |
| Denial of Service vulnerability in curl when parsing MQTT server response |
Uncontrolled Resource Consumption |
jenny |
Medium |
2022-03-28 |
| Use of Unsafe function || Strcpy |
Classic Buffer Overflow |
shobhit2401200 |
High |
2022-03-09 |
| Binary output bypass |
Classic Buffer Overflow |
eliasknudsen |
Low |
2022-03-09 |
| Occasional use-after-free in multi_done() libcurl-7.81.0 |
Use After Free |
luminixaaron |
Low |
2022-03-09 |
| Remote memory disclosure vulnerability in libcurl on 64 Bit Windows |
Information Exposure Through Sent Data |
nsq11 |
High |
2022-02-21 |
| CVE-2021-22947: STARTTLS protocol injection via MITM |
Cryptographic Issues - Generic |
monnerat |
Medium |
2021-09-24 |
| CVE-2021-22946: Protocol downgrade required TLS bypassed |
Missing Required Cryptographic Step |
monnerat |
Medium |
2021-09-24 |
| CVE-2021-22945: UAF and double-free in MQTT sending |
Double Free |
z2_ |
Medium |
2021-09-15 |
| CVE-2021-22924: Bad connection reuse due to flawed path name checks |
Improper Input Validation |
nyymi |
High |
2021-07-21 |
| CVE-2021-22925: TELNET stack contents disclosure again |
Information Disclosure |
thoger |
Low |
2021-07-21 |
| CVE-2021-22923: Metalink download sends credentials |
Cleartext Transmission of Sensitive Information |
nyymi |
Medium |
2021-07-21 |
| CVE-2021-22922: Wrong content via metalink not discarded |
Business Logic Errors |
nyymi |
Medium |
2021-07-21 |
| CVE-2021-22926: CURLOPT_SSLCERT mixup with Secure Transport |
Business Logic Errors |
nyymi |
Medium |
2021-07-21 |
| CVE-2021-22898: TELNET stack contents disclosure |
Information Disclosure |
nyymi |
Medium |
2021-05-26 |
| CVE-2021-22901: TLS session caching disaster |
Use After Free |
nyymi |
High |
2021-05-26 |
| CVE-2021-22897: schannel cipher selection surprise |
Business Logic Errors |
nyymi |
Low |
2021-05-26 |
| CVE-2021-22890: TLS 1.3 session ticket proxy host mixup |
Man-in-the-Middle |
mingtao |
Low |
2021-04-30 |
| CVE-2021-22876: Automatic referer leaks credentials |
None supplied |
vsz |
Low |
2021-04-30 |
| Proxy-Authorization header carried to a new host on a redirect |
Cleartext Transmission of Sensitive Information |
dftrace |
Medium |
2021-03-08 |
| Inadequate Cryptographic Key Size and Insecure Cryptographic Mode. File Name :- curl_ntlm_core.c |
Use of a Broken or Risky Cryptographic Algorithm |
sanchitcfc |
High |
2021-03-08 |
| Heap buffer overflow in TFTP when using small blksize |
Heap Overflow |
thomas_v |
Medium |
2020-11-14 |
| krb5: double-free in read_data() after realloc() fail |
Double Free |
thomas_v |
Medium |
2020-11-14 |
| Connect-only connections can use the wrong connection |
Information Disclosure |
m42a |
Low |
2020-11-05 |
| Data race conditions reported by helgrind when performing parallel DNS queries in libcurl |
Information Disclosure |
brumbrum |
Medium |
2020-11-04 |
| Parallel upload hangs curl if upload file not found |
Denial of Service |
brumbrum |
None |
2020-10-29 |
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles