Haxx

Curl

160 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.51%
  • Veröffentlicht 03.07.2026 06:18:44
  • Zuletzt bearbeitet 07.07.2026 14:52:29

When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does ...

Exploit
  • EPSS 0.65%
  • Veröffentlicht 03.07.2026 06:18:14
  • Zuletzt bearbeitet 07.07.2026 14:53:26

A vulnerability in libcurl caused the HTTP `Referer:` header to persist even when explicitly cleared. While the documentation states that passing NULL to `CURLOPT_REFERER` suppresses the header, the option failed to clear the internal state. As a res...

Exploit
  • EPSS 0.41%
  • Veröffentlicht 03.07.2026 06:17:55
  • Zuletzt bearbeitet 07.07.2026 15:03:56

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns t...

Exploit
  • EPSS 0.49%
  • Veröffentlicht 03.07.2026 06:17:34
  • Zuletzt bearbeitet 07.07.2026 15:05:26

Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION` callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been fre...

Exploit
  • EPSS 1.06%
  • Veröffentlicht 03.07.2026 06:16:51
  • Zuletzt bearbeitet 07.07.2026 15:05:55

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them.

Exploit
  • EPSS 0.37%
  • Veröffentlicht 03.07.2026 06:16:30
  • Zuletzt bearbeitet 07.07.2026 23:18:32

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one...

Exploit
  • EPSS 0.75%
  • Veröffentlicht 03.07.2026 06:16:06
  • Zuletzt bearbeitet 07.07.2026 23:21:03

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against `proxyA` us...

Exploit
  • EPSS 0.61%
  • Veröffentlicht 03.07.2026 06:15:45
  • Zuletzt bearbeitet 07.07.2026 23:02:54

When asking curl to use a `.netrc` file to find credentials and at the same time specifying a URL with a username(without a password), like `https://user@example.com/`, curl could wrongly get and use the password for *another* user set in the `.netrc...

Exploit
  • EPSS 1.08%
  • Veröffentlicht 03.07.2026 06:15:25
  • Zuletzt bearbeitet 07.07.2026 23:04:29

The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing the pointer in between, making it `free()` the same pointer twice.

Exploit
  • EPSS 0.65%
  • Veröffentlicht 03.07.2026 06:15:04
  • Zuletzt bearbeitet 07.07.2026 23:06:00

A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelate...