haxx

181 tracked vulnerabilities.

CVE-2025-0665 HIGH
curl - Eventfd File Descriptor Double Close in Connection Channel Teardown
Feb 05, 2025
CVSS 7.0
EPSS 0.05
CVE-2025-0167 LOW
curl 7.76.0-8.11.0 - Credential Leak via .netrc Default Entry
Feb 05, 2025
CVSS 3.4
EPSS 0.00
CVE-2024-11053 LOW
curl 7.76.0-8.11.1 - Credential Leak via .netrc File and HTTP Redirect
Dec 11, 2024
CVSS 3.4
EPSS 0.01
CVE-2024-9681 MEDIUM
curl 7.74.0-8.10.0 - HSTS Cache Expiry Overwrite via Subdomain Strict-Transport-Security Header
Nov 06, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-8096 MEDIUM
curl 7.41.0-8.10.0 - Improper Certificate Validation via OCSP Stapling
Sep 11, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-32928 MEDIUM
Google Nest Mini Firmware - Improper Certificate Validation in libcurl
Aug 19, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-7264 MEDIUM
libcurl 7.32.0-8.9.1 - Out-of-bounds Read in ASN1 Generalized Time Parser
Jul 31, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-6874 MEDIUM
libcurl - Out-of-bounds Read in curl_url_get() via Punycode Conversion
Jul 24, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-6197 HIGH
libcurl 8.6.0-8.8.9 - Use-After-Free in ASN1 UTF-8 String Parser
Jul 24, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-2466 MEDIUM
libcurl - SSL/TLS Certificate Check Bypass
Mar 27, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-2398 HIGH
curl 7.44.0-8.6.0 - Memory Leak via HTTP/2 Server Push Header Limit Abort
Mar 27, 2024
CVSS 8.6
EPSS 0.02
CVE-2024-2379 MEDIUM
curl - Improper Certificate Validation in wolfSSL QUIC Connection
Mar 27, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-2004 LOW
curl 7.85.0-8.6.0 - Protocol Filter Bypass via Empty Protocol Set
Mar 27, 2024
CVSS 3.5
EPSS 0.01
CVE-2024-0853 MEDIUM
curl - Improper Certificate Validation via OCSP Stapling Bypass
Feb 03, 2024
CVSS 5.3
EPSS 0.00
CVE-2023-46219 MEDIUM
curl 7.84.0-8.4.0 - Missing Encryption of Sensitive Data via HSTS File Handling
Dec 12, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-46218 MEDIUM
curl 7.46.0-8.4.0 - Super Cookie Injection via Public Suffix Case Bypass
Dec 07, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-38546 LOW
libcurl 7.9.1-8.4.0 - Cookie Injection via Easy Handle Duplication
Oct 18, 2023
CVSS 3.7
EPSS 0.00
CVE-2023-38545 CRITICAL
libcurl 7.69.0-8.4.0 - Heap-Based Buffer Overflow in SOCKS5 Proxy Handshake
Oct 18, 2023
CVSS 9.8
EPSS 0.26
CVE-2023-38039 HIGH
curl 7.84.0-8.2.0 - Denial of Service via Unbounded HTTP Response Header Storage
Sep 15, 2023
CVSS 7.5
EPSS 0.14
CVE-2023-28322 LOW
curl < 8.1.0 - Information Disclosure via Reused Handle PUT-to-POST Transition
May 26, 2023
CVSS 3.7
EPSS 0.01
CVE-2023-28321 MEDIUM
curl < 8.1.0 - Improper Certificate Validation via Wildcard Pattern Matching
May 26, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-28320 MEDIUM
curl < 8.1.0 - Denial of Service via Synchronous Resolver Race Condition
May 26, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-28319 HIGH
curl < 8.1.0 - Use-After-Free in SSH Server Public Key Verification
May 26, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-27538 MEDIUM
libcurl < 8.0.0 - Authentication Bypass via SSH Connection Reuse
Mar 30, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-27537 MEDIUM
libcurl < 8.0.0 - Double Free via HSTS Data Sharing
Mar 30, 2023
CVSS 5.9
EPSS 0.00
Products
curl 142 libcurl 61
Quick Filters
Critical CVEs With Exploits In CISA KEV