haxx
199 tracked vulnerabilities.
CVE-2026-4873
MEDIUM
curl 8.7.0-8.19.0 - TLS Bypass via Connection Pool Reuse
May 13, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-3805
HIGH
curl 8.13.0-8.18.9 - Use-After-Free in SMB Request Handling
Mar 11, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-3784
MEDIUM
curl 7.7-8.18.0 - Authentication Bypass via HTTP Proxy Connection Reuse
Mar 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-3783
MEDIUM
curl 7.33.0-8.19.0 - OAuth2 Bearer Token Leak via Redirect with .netrc Hostname Match
Mar 11, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-1965
MEDIUM
curl 7.10.6-8.19.0 - Authentication Bypass via Negotiate Connection Reuse
Mar 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-15224
LOW
curl 7.58.0-8.17.9 - Improper Authentication via SSH Agent
Jan 08, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-15079
MEDIUM
curl 7.58.0-8.17.9 - Improper Certificate Validation with Host Mismatch in SSH Transfers
Jan 08, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-14819
MEDIUM
curl 7.87.0-8.17.9 - Improper Certificate Validation via Cached CA Store Reuse
Jan 08, 2026
CVSS 5.3
EPSS 0.01
CVE-2025-14524
MEDIUM
curl Cross-Protocol Redirect - OAuth2 Bearer Token Disclosure
Jan 08, 2026
CVSS 5.3
EPSS 0.01
CVE-2025-14017
MEDIUM
curl 7.17.0-8.17.0 - Unauthenticated TLS Certificate Verification Bypass via Multi-threaded LDAPS Transfers
Jan 08, 2026
CVSS 6.3
EPSS 0.00
CVE-2025-13034
MEDIUM
curl 8.8.0-8.17.0 - Improper Certificate Validation via QUIC with GnuTLS
Jan 08, 2026
CVSS 5.9
EPSS 0.00
CVE-2025-10966
MEDIUM
curl 7.69.0-8.16.0 - Missing Host Verification in wolfSSH Backend
Nov 07, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-9086
HIGH
curl Secure Cookie Path - Heap Buffer Overread
Sep 12, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-10148
MEDIUM
curl WebSocket Mask Reuse - Proxy Cache Poisoning
Sep 12, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-5399
HIGH
curl 8.13.0-8.14.1 - Denial of Service via WebSocket Packet Processing
Jun 07, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-5025
MEDIUM
curl 8.5.0-8.13.9 - Improper Certificate Validation in QUIC HTTP/3 with wolfSSL
May 28, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-4947
MEDIUM
curl 8.8.0-8.13.0 - Improper Certificate Validation for QUIC Connections via IP Address URL
May 28, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-0725
HIGH
libcurl <1.2.0.3 - Buffer Overflow
Feb 05, 2025
CVSS 7.3
EPSS 0.01
CVE-2025-0665
HIGH
curl - Eventfd File Descriptor Double Close in Connection Channel Teardown
Feb 05, 2025
CVSS 7.0
EPSS 0.01
CVE-2025-0167
LOW
curl 7.76.0-8.11.0 - Credential Leak via .netrc Default Entry
Feb 05, 2025
CVSS 3.4
EPSS 0.01
CVE-2024-11053
LOW
curl 7.76.0-8.11.1 - Credential Leak via .netrc File and HTTP Redirect
Dec 11, 2024
CVSS 3.4
EPSS 0.01
CVE-2024-9681
MEDIUM
curl 7.74.0-8.10.0 - HSTS Cache Expiry Overwrite via Subdomain Strict-Transport-Security Header
Nov 06, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-8096
MEDIUM
curl 7.41.0-8.10.0 - Improper Certificate Validation via OCSP Stapling
Sep 11, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-32928
MEDIUM
Google Nest Mini Firmware - Improper Certificate Validation in libcurl
Aug 19, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-7264
MEDIUM
libcurl 7.32.0-8.9.1 - Out-of-bounds Read in ASN1 Generalized Time Parser
Jul 31, 2024
CVSS 6.5
EPSS 0.17
Products
Quick Filters