Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

curl - HackerOne Reports

View on HackerOne

247

Total Reports

13

Critical

47

High

82

Medium

64

Low

CVE-2020-8286: Inferior OCSP verification

Reported by: ospoco | Disclosed:

Medium

Weakness: Improper Certificate Validation

Use of a Broken or Risky Cryptographic Algorithm (CWE-327) in libcurl

Reported by: tannicarcher | Disclosed:

Weakness: Use of a Broken or Risky Cryptographic Algorithm

Incorrect Encoding Conversion in hostname results in indeterminate SSRF vulnerabilities

Reported by: z3r0yu | Disclosed:

Low

Weakness: Type Confusion

CVEs: CVE-2024-4577 CVE-2012-1823

CVE-2025-0167: netrc and default credential leak

Reported by: sherlock2010 | Disclosed:

Low

Weakness: LLM06: Sensitive Information Disclosure

CVEs: CVE-2024-11053

HTTP Request Smuggling Vulnerability Analysis - cURL Security Report

Reported by: youssef111 | Disclosed:

Medium

Weakness: HTTP Request Smuggling

CVEs: CVE-2020-11946 CVE-2019-16276

Path Traversal Vulnerability in curl via Unsanitized IPFS_PATH Environment Variable

Reported by: ziad616 | Disclosed:

High

Weakness: Path Traversal

KRB-FTP: Security level downgrade

Reported by: nyymi | Disclosed:

Weakness: Business Logic Errors

Proxy-Authorization header carried to a new host on a redirect

Reported by: dftrace | Disclosed:

Medium

Weakness: Cleartext Transmission of Sensitive Information

CVEs: CVE-2018-1000007

Vulnerability Report: Local File Disclosure via file:// Protocol in cURL

Reported by: ahmedqc1 | Disclosed:

Medium

Weakness: Path Traversal

Path Traversal in SFTP QUOTE command leads to Arbitrary File Write and potential RCE

Reported by: z1andr4g0n | Disclosed:

Critical

Weakness: Relative Path Traversal

Title: Remote Code Execution (RCE) via Arbitrary Library Loading in `--engine` option

Reported by: z1andr4g0n | Disclosed:

Critical

Weakness: Code Injection

CVE-2024-9681: HSTS subdomain overwrites parent cache entry

Reported by: newfunction | Disclosed:

Low

Weakness: Business Logic Errors

SSRF via maliciously crafted URL due to host confusion

Reported by: jlleitschuh | Disclosed:

Critical

Weakness: Server-Side Request Forgery (SSRF)

CVEs: CVE-2018-3774

HTTP/2 PUSH_PROMISE DoS

Reported by: w0x42 | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

CVE-2024-2398: HTTP/2 push headers memory-leak

Reported by: w0x42 | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Heap Buffer Overflow in Curl_memdup0() via CURLOPT_COPYPOSTFIELDS/CURLOPT_POSTFIELDSIZE Mismatch

Reported by: geeknik | Disclosed:

High

Weakness: Buffer Over-read

Authorization Header Leak via --location-trusted in Curl

Reported by: voggerloops | Disclosed:

High

Weakness: Information Exposure Through Sent Data

Occasional use-after-free in multi_done() libcurl-7.81.0

Reported by: luminixaaron | Disclosed:

Low

Weakness: Use After Free

Invalid write (or double free) triggers curl command line tool crash

Reported by: geeknik | Disclosed:

High

Weakness: Double Free

Vulnerability Report: Public Exposure of Security Audit File

Reported by: cyph3r_nitro | Disclosed:

Medium

Weakness: Information Disclosure

Previous Page 4 of 13 Next