Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

curl - HackerOne Reports

View on HackerOne

247

Total Reports

13

Critical

47

High

82

Medium

64

Low

curl still vulnerable to SMB access smuggling via FILE URL on Windows

Reported by: tsedlmeyer | Disclosed:

Weakness: Improper Input Validation

CVEs: CVE-2019-15601

When curl uses Schannel as TLS backend, it fails to enforce TLS 1.3 cipher suite selections correctly

Reported by: newfunction | Disclosed:

Medium

Weakness: Business Logic Errors

Incorrect IPv6 literal parsing leads to validated connection to unexpected https server.

Reported by: thomas_v | Disclosed:

Medium

Weakness: Improper Handling of URL Encoding (Hex Encoding)

information disclosure

Reported by: rono_07 | Disclosed:

CVE-2019-5436: Heap Buffer Overflow at lib/tftp.c

Reported by: l00p3r | Disclosed:

Low

Weakness: Heap Overflow

Bounty: $200.00

CVE-2022-43552: HTTP Proxy deny use-after-free

Reported by: bagder | Disclosed:

Low

Weakness: Use After Free

Credential leak on redirect

Reported by: iylz | Disclosed:

Medium

Weakness: Insufficiently Protected Credentials

CVEs: CVE-2022-27776

Credential leak on redirect due to improper state clearing when parsing macdef in netrc.c

Reported by: oxghostly | Disclosed:

Low

Weakness: Information Exposure Through Sent Data

CVEs: CVE-2024-11053

Sensitive information disclosure with malicious netrc file

Reported by: z2_ | Disclosed:

Medium

Weakness: LLM06: Sensitive Information Disclosure

Double free caused by mqtt_doing()

Reported by: tdp3kel9g | Disclosed:

Weakness: Double Free

Format string vulnerability, curl_msnprintf() function

Reported by: orcahack | Disclosed:

Medium

Weakness: Use of Externally-Controlled Format String

Failure to strip Proxy-Authorization header on change in origin

Reported by: grahamcampbell | Disclosed:

Medium

Weakness: Information Disclosure

Signed integer overflow in tool_progress_cb()

Reported by: geeknik | Disclosed:

Weakness: Integer Overflow

Stack Buffer Overflow in curl's OpenSSL Provider Handling

Reported by: oblivionsage | Disclosed:

Medium

Weakness: Stack Overflow

## Title Heap Use-After-Free Vulnerability in `curl` Leading to Potential Code Execution

Reported by: irene1hacker | Disclosed:

Medium

Weakness: Use After Free

CVE-2023-28322: more POST-after-PUT confusion

Reported by: kurohiro | Disclosed:

Low

Weakness: Expected Behavior Violation

CVEs: CVE-2022-32221

CVE-2022-32206: HTTP compression denial of service

Reported by: nyymi | Disclosed:

Medium

Weakness: Allocation of Resources Without Limits or Throttling

Arbitrary File Read via file:// Protocol in cURL

Reported by: mr_tufan | Disclosed:

Critical

Weakness: Path Traversal

Use-After-Free in OpenSSL Keylog Callback via SSL_get_ex_data() in libcurl

Reported by: brobagazzzx | Disclosed:

High

Weakness: Use After Free

curl proceeds with unsafe connections when -K file can't be read

Reported by: medianmedianstride | Disclosed:

High

Weakness: Improper Check or Handling of Exceptional Conditions

Previous Page 7 of 13 Next