Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

curl - HackerOne Reports

View on HackerOne

247

Total Reports

13

Critical

47

High

82

Medium

64

Low

CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 bypass if string not 32 chars

Reported by: nyymi | Disclosed:

Medium

Weakness: Business Logic Errors

CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 comparison disaster

Reported by: nyymi | Disclosed:

Medium

Weakness: Cryptographic Issues - Generic

Denial of Service vulnerability in curl when parsing MQTT server response

Reported by: jenny | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

CVE-2022-27774: Credential leak on redirect

Reported by: nyymi | Disclosed:

High

Weakness: Insufficiently Protected Credentials

Incorrect Type Conversion in interpreting IPv4-mapped IPv6 addresses and below `curl` results in indeterminate SSRF vulnerabilities.

Reported by: z3r0yu | Disclosed:

Critical

Weakness: Type Confusion

CVEs: CVE-2024-22243 CVE-2023-24329

match

Reported by: maslahhunter | Disclosed:

High

Weakness: External Control of Critical State Data

CVE-2022-27781: CERTINFO never-ending busy-loop

Reported by: sybr | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

CVE-2023-27537: HSTS double-free

Reported by: kurohiro | Disclosed:

Low

Weakness: Double Free

Integer overflows in unescape_word()

Reported by: ddme | Disclosed:

Low

Weakness: Integer Overflow

CVEs: CVE-2019-5435

Memory leak from doh_write_cb

Reported by: catenacyber | Disclosed:

Weakness: Allocation of Resources Without Limits or Throttling

CVE-2024-8096: OCSP stapling bypass with GnuTLS

Reported by: kurohiro | Disclosed:

Medium

Weakness: Improper Certificate Validation

CVE-2023-28319: UAF in SSH sha256 fingerprint check

Reported by: wct | Disclosed:

Medium

Weakness: Use After Free

access notes without permission

Reported by: haydradz | Disclosed:

Weakness: Information Disclosure

Disclosure of email addresses

Reported by: haydradz | Disclosed:

Weakness: Information Disclosure

Use of Unsafe function || Strcpy

Reported by: shobhit2401200 | Disclosed:

High

Weakness: Classic Buffer Overflow

CVE-2023-28321: IDN wildcard match

Reported by: kurohiro | Disclosed:

Low

Weakness: Improper Certificate Validation

Stack use-after-scope in HTTP/3 POST request processing via CURLOPT_POSTFIELDS

Reported by: geeknik | Disclosed:

High

Weakness: Use After Free

CVE-2022-35260: .netrc parser out-of-bounds access

Reported by: kurohiro | Disclosed:

Low

Weakness: Out-of-bounds Read

curl mishandles `%0c%0b` sequences in HTTP responses leading to CRLF confusions, Headers and Cookies Injection

Reported by: mdakh404 | Disclosed:

Weakness: CRLF Injection

CVEs: CVE-2012-0036

CVE-2020-8177: curl overwrite local file with -J

Reported by: snsn | Disclosed:

Medium

Weakness: Improper Input Validation

Bounty: $700.00

Previous Page 8 of 13 Next