haxx

CVE-2026-7168 MEDIUM

curl - Authentication Bypass via Proxy-Authorization Header Reuse

May 13, 2026

CVSS 5.3

EPSS 0.00

CVE-2026-7009 MEDIUM

curl 8.17.0-8.20.0 - Improper Certificate Validation via OCSP Stapling

May 13, 2026

CVSS 5.3

EPSS 0.00

CVE-2026-6429 MEDIUM

curl - Password Leak via .netrc File During HTTP Redirect

May 13, 2026

CVSS 5.3

EPSS 0.00

CVE-2026-6276 HIGH

curl 8.7.0-8.19.0 - Sensitive Cookie Leak via Stale Host Header

May 13, 2026

CVSS 7.5

EPSS 0.00

CVE-2026-6253 MEDIUM

curl - Credential Leakage via Proxy Redirect Handling

May 13, 2026

CVSS 5.9

EPSS 0.00

CVE-2026-5773 HIGH

curl 8.7.0-8.19.0 - Server-Side Request Forgery via SMB Connection Reuse

May 13, 2026

CVSS 7.5

EPSS 0.00

CVE-2026-5545 MEDIUM

curl 8.7.0-8.19.0 - Insufficient Session Expiration via Connection Reuse

May 13, 2026

CVSS 6.5

EPSS 0.00

CVE-2026-4873 MEDIUM

curl 8.7.0-8.19.0 - TLS Bypass via Connection Pool Reuse

May 13, 2026

CVSS 5.9

EPSS 0.00

CVE-2026-3805 HIGH

curl 8.13.0-8.18.9 - Use-After-Free in SMB Request Handling

Mar 11, 2026

CVSS 7.5

EPSS 0.00

CVE-2026-3784 MEDIUM

curl 7.7-8.18.0 - Authentication Bypass via HTTP Proxy Connection Reuse

Mar 11, 2026

CVSS 6.5

EPSS 0.00

CVE-2026-3783 MEDIUM

curl 7.33.0-8.19.0 - OAuth2 Bearer Token Leak via Redirect with .netrc Hostname Match

Mar 11, 2026

CVSS 5.3

EPSS 0.00

CVE-2026-1965 MEDIUM

curl 7.10.6-8.19.0 - Authentication Bypass via Negotiate Connection Reuse

Mar 11, 2026

CVSS 6.5

EPSS 0.00

CVE-2025-15224 LOW

curl 7.58.0-8.17.9 - Improper Authentication via SSH Agent

Jan 08, 2026

CVSS 3.1

EPSS 0.00

CVE-2025-15079 MEDIUM

curl 7.58.0-8.17.9 - Improper Certificate Validation with Host Mismatch in SSH Transfers

Jan 08, 2026

CVSS 5.3

EPSS 0.00

CVE-2025-14819 MEDIUM

curl 7.87.0-8.17.9 - Improper Certificate Validation via Cached CA Store Reuse

Jan 08, 2026

CVSS 5.3

EPSS 0.00

CVE-2025-14524 MEDIUM

curl Cross-Protocol Redirect - OAuth2 Bearer Token Disclosure

Jan 08, 2026

CVSS 5.3

EPSS 0.00

CVE-2025-14017 MEDIUM

curl 7.17.0-8.17.0 - Unauthenticated TLS Certificate Verification Bypass via Multi-threaded LDAPS Transfers

Jan 08, 2026

CVSS 6.3

EPSS 0.00

CVE-2025-13034 MEDIUM

curl 8.8.0-8.17.0 - Improper Certificate Validation via QUIC with GnuTLS

Jan 08, 2026

CVSS 5.9

EPSS 0.00

CVE-2025-10966 MEDIUM

curl 7.69.0-8.16.0 - Missing Host Verification in wolfSSH Backend

Nov 07, 2025

CVSS 4.3

EPSS 0.00

CVE-2025-9086 HIGH

curl Secure Cookie Path - Heap Buffer Overread

Sep 12, 2025

CVSS 7.5

EPSS 0.00

CVE-2025-10148 MEDIUM

curl WebSocket Mask Reuse - Proxy Cache Poisoning

Sep 12, 2025

CVSS 5.3

EPSS 0.00

CVE-2025-5399 HIGH

curl 8.13.0-8.14.1 - Denial of Service via WebSocket Packet Processing

Jun 07, 2025

CVSS 7.5

EPSS 0.00

CVE-2025-5025 MEDIUM

curl 8.5.0-8.13.9 - Improper Certificate Validation in QUIC HTTP/3 with wolfSSL

May 28, 2025

CVSS 4.8

EPSS 0.00

CVE-2025-4947 MEDIUM

curl 8.8.0-8.13.0 - Improper Certificate Validation for QUIC Connections via IP Address URL

May 28, 2025

CVSS 6.5

EPSS 0.00

CVE-2025-0725 HIGH

libcurl <1.2.0.3 - Buffer Overflow

Feb 05, 2025

CVSS 7.3

EPSS 0.01