Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

curl - HackerOne Reports

View on HackerOne

247

Total Reports

13

Critical

47

High

82

Medium

64

Low

HTTP/3 Stream Dependency Cycle Exploit

Reported by: evilginx | Disclosed:

High

Weakness: Improper Input Validation

cookie is sent on redirect

Reported by: iylz | Disclosed:

Medium

Weakness: Insufficiently Protected Credentials

Certificate authentication re-use on redirect

Reported by: nyymi | Disclosed:

Medium

Weakness: Business Logic Errors

CVE-2023-38546: cookie injection with none file

Reported by: w0x42 | Disclosed:

Low

Weakness: External Control of File Name or Path

Exposure of Private RSA Private Key in curl GitHub Repository

Reported by: yousesf | Disclosed:

Weakness: Insecure Storage of Sensitive Information

Integer overflow in the source code tool_cb_prg.c

Reported by: sfpskywood | Disclosed:

Weakness: Integer Overflow

CVE-2025-4947: QUIC certificate check skip with wolfSSL

Reported by: kurohiro | Disclosed:

Medium

Weakness: Improper Validation of Certificate with Host Mismatch

HTTP/2 CONTINUATION Flood Vulnerability

Reported by: evilginx1 | Disclosed:

High

Weakness: Allocation of Resources Without Limits or Throttling

CVEs: CVE-2023-44487

CVE-2024-2004: Usage of disabled protocol

Reported by: dfandrich | Disclosed:

Low

Weakness: Misinterpretation of Input

Arbitrary File Read via Unsanitized curl Usage Results in Sensitive File Exposure

Reported by: ednaq | Disclosed:

Weakness: External Control of File Name or Path

curl doesn't hide credentials in /proc/XXX/cmdline provided via CLI arguments

Reported by: stogusho | Disclosed:

Medium

Weakness: Cleartext Transmission of Sensitive Information

Heap-buffer-overflow (Out-of-Bounds Read) in DoH hostname encoding

Reported by: reporascal_1 | Disclosed:

Weakness: Out-of-bounds Read

libcurl: Host-Only Cookies Leak to Alternate IPv4 Forms

Reported by: g3nj1z | Disclosed:

Elevation of Privileges (EoP) vulnerabilities related to the some easy_options on Windows

Reported by: justlikebono_official | Disclosed:

High

Weakness: Privilege Escalation

CVE-2019-5443: Windows Privilege Escalation: Malicious OpenSSL Engine

Reported by: mirchr | Disclosed:

High

Weakness: Code Injection

Bounty: $200.00

arbitrary file read via `file://` path traversal with `--path-as-is`

Reported by: demsese | Disclosed:

Medium

Weakness: Path Traversal

CVE-2019-5482: Heap buffer overflow in TFTP when using small blksize

Reported by: thomas_v | Disclosed:

Medium

Weakness: Heap Overflow

CVEs: CVE-2019-5436

curl -OJ allows creating custom .curlrc file which allows exfiltrating private data, among other things

Reported by: wolfsage | Disclosed:

CVE-2020-8284: trusting FTP PASV responses

Reported by: vepe | Disclosed:

Low

Weakness: Information Disclosure

Vulnerability Report: Public Exposure of Security Audit File

Reported by: cyph3r_nitro | Disclosed:

Medium

Weakness: Information Disclosure

Page 1 of 13 Next