Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

curl - HackerOne Reports

View on HackerOne

247

Total Reports

13

Critical

47

High

82

Medium

64

Low

Heap Buffer Overflow in libcurl curl_slist_append via Unterminated String

Reported by: geeknik | Disclosed:

High

Weakness: Heap Overflow

TLS Cipher Misconfiguration in HTTP/3/QUIC Support

Reported by: zzq1015 | Disclosed:

CVE-2023-38545: socks5 heap buffer overflow

Reported by: raysatiro | Disclosed:

High

Weakness: Heap Overflow

Hackers Attack Curl Vulnerability Accessing Sensitive Information

Reported by: scottarterbury | Disclosed:

Medium

Weakness: Information Disclosure

("possible") UAF

Reported by: 7mkrooal | Disclosed:

Weakness: Memory Corruption - Generic

CVE-2022-27775: Bad local IPv6 connection reuse

Reported by: nyymi | Disclosed:

Low

Weakness: Business Logic Errors

Heap‑based buffer overflow in curl -K <config_file> allows arbitrary write .

Reported by: bsr13 | Disclosed:

High

Weakness: Heap Overflow

Use After Free (that leads to arbitrary Write for some versions)

Reported by: letshack9707 | Disclosed:

Weakness: Use After Free

Credential leak when use two url

Reported by: liang1 | Disclosed:

Medium

Weakness: Insufficiently Protected Credentials

CVE-2022-32205: Set-Cookie denial of service

Reported by: nyymi | Disclosed:

Low

Weakness: Allocation of Resources Without Limits or Throttling

curl file writing susceptible to symlink attacks

Reported by: nyymi | Disclosed:

Low

Weakness: Business Logic Errors

Integer overlow in "header_append" function

Reported by: invictus1306 | Disclosed:

Weakness: Integer Overflow

Integer overflow at line 1603 in the src/operator.c file

Reported by: cjun | Disclosed:

Low

Weakness: Integer Overflow

curl allows SSH connection even if host is not in known_hosts

Reported by: nyymi | Disclosed:

High

Weakness: Improper Certificate Validation

Unicode-to-ASCII conversion on Windows can lead to argument injection and more

Reported by: splitline | Disclosed:

High

Weakness: Encoding Error

CVE-2023-27536: GSS delegation too eager connection re-use

Reported by: nyymi | Disclosed:

Low

Weakness: Authentication Bypass by Primary Weakness

CVE-2025-0665: eventfd double close

Reported by: ankomcoper | Disclosed:

Low

Weakness: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

curl successfully matches IP address literal in URL against IP address literal in certificate Common Name

Reported by: lersek | Disclosed:

Weakness: Improper Certificate Validation

CVEs: CVE-2019-14553

use after free in cookie.c

Reported by: pauldreik | Disclosed:

Low

Weakness: Use After Free

Vulnerability Report: Public Exposure of Security Audit File

Reported by: cyph3r_nitro | Disclosed:

Medium

Weakness: Information Disclosure

Previous Page 5 of 13 Next