haxx

199 tracked vulnerabilities.

CVE-2026-9547 HIGH
curl SCP/SFTP - SSH Host Key Validation Bypass
Jul 03, 2026
CVSS 7.4
EPSS 0.01
CVE-2026-9546 HIGH
curl - Sending Old Referer
Jul 03, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-9545 HIGH
curl - Exposing HTTP/3 Early Data
Jul 03, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-9080 HIGH
curl - UAF After Pause in Socket Callback
Jul 03, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-9079 CRITICAL
curl - Stale Proxy Password Leak
Jul 03, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-8932 HIGH
curl - Incomplete mTLS Config Matching in Conn Reuse
Jul 03, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-8927 CRITICAL
curl - Env-Set Cross-Proxy Digest Auth State Leak
Jul 03, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-8926 CRITICAL
curl - Password Leak with Netrc and User in URL
Jul 03, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-8925 CRITICAL
curl - SASL Double-Free
Jul 03, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-8924 CRITICAL
curl - Trailing Dot Domain Super Cookie
Jul 03, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-8458 MEDIUM
curl - Wrong Reuse for Different Services
Jul 03, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-8286 HIGH
curl - Wrong STARTTLS Connection Reuse
Jul 03, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-12064 HIGH
curl - Proto-Default Skips SSH Verification
Jul 03, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-11856 CRITICAL
curl - Cross-Origin Digest Auth State Leak
Jul 03, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-11586 HIGH
curl - WS Auto-PONG Memory Exhaustion
Jul 03, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-11564 CRITICAL
curl - Native CA Trust Persist
Jul 03, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-11352 HIGH
curl - QUIC Zero-Length UDP Datagrams Busy-Loop
Jul 03, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-10536 CRITICAL
curl - HTTP/2 Stream-Dependency Tree UAF
Jul 03, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-7168 MEDIUM
curl - Authentication Bypass via Proxy-Authorization Header Reuse
May 13, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-7009 MEDIUM
curl 8.17.0-8.20.0 - Improper Certificate Validation via OCSP Stapling
May 13, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-6429 MEDIUM
curl - Password Leak via .netrc File During HTTP Redirect
May 13, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-6276 HIGH
curl 8.7.0-8.19.0 - Sensitive Cookie Leak via Stale Host Header
May 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-6253 MEDIUM
curl - Credential Leakage via Proxy Redirect Handling
May 13, 2026
CVSS 5.9
EPSS 0.01
CVE-2026-5773 HIGH
curl 8.7.0-8.19.0 - Server-Side Request Forgery via SMB Connection Reuse
May 13, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-5545 MEDIUM
curl 8.7.0-8.19.0 - Insufficient Session Expiration via Connection Reuse
May 13, 2026
CVSS 6.5
EPSS 0.00