Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CURL — Vulnerabilities & Security Advisories 39

Browse all 39 CVE security advisories affecting CURL. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by CURL:curl
CVE IDTitleCVSSSeverityPublished
CVE-2026-3805 use after free in SMB connection reuse — curl 9.1 -2026-03-11
CVE-2026-3784 wrong proxy connection reuse with credentials — curl 7.5 -2026-03-11
CVE-2026-3783 token leak with redirect and netrc — curl 6.5 -2026-03-11
CVE-2026-1965 bad reuse of HTTP Negotiate connection — curl 7.7 -2026-03-11
CVE-2025-11563 wcurl path traversal with percent-encoded slashes — curl 9.1AICriticalAI2026-02-25
CVE-2025-15224 libssh key passphrase bypass without agent set — curl 9.8 -2026-01-08
CVE-2025-15079 libssh global known_hosts override — curl 7.5 -2026-01-08
CVE-2025-14819 OpenSSL partial chain store policy bypass — curl 8.2 -2026-01-08
CVE-2025-14524 bearer token leak on cross-protocol redirect — curl 4.3 -2026-01-08
CVE-2025-14017 broken TLS options for threaded LDAPS — curl 4.3 -2026-01-08
CVE-2025-13034 No QUIC certificate pinning with GnuTLS — curl 7.5 -2026-01-08
CVE-2025-10966 missing SFTP host verification with wolfSSH — curl 7.4 -2025-11-07
CVE-2025-10148 predictable WebSocket mask — curl 7.1 -2025-09-12
CVE-2025-9086 Out of bounds read for cookie path — curl 8.1 -2025-09-12
CVE-2025-5399 WebSocket endless loop — curl 7.5AIHighAI2025-06-07
CVE-2025-5025 No QUIC certificate pinning with wolfSSL — curl 6.5AIMediumAI2025-05-28
CVE-2025-4947 QUIC certificate check skip with wolfSSL — curl 7.4AIHighAI2025-05-28
CVE-2025-0725 gzip integer overflow — curl 8.8 -2025-02-05
CVE-2025-0665 eventfd double close — curl 7.1 -2025-02-05
CVE-2025-0167 netrc and default credential leak — curl 5.9 -2025-02-05
CVE-2024-11053 netrc and redirect credential leak — curl 6.5 -2024-12-11
CVE-2024-9681 HSTS subdomain overwrites parent cache entry — curl 5.9AIMediumAI2024-11-06
CVE-2024-8096 OCSP stapling bypass with GnuTLS — curl 7.5AIHighAI2024-09-11
CVE-2024-7264 ASN.1 date parser overread — curl 9.1AICriticalAI2024-07-31
CVE-2024-6874 macidn punycode buffer overread — curl 9.1AICriticalAI2024-07-24
CVE-2024-6197 freeing stack buffer in utf8asn1str — curl 9.1AICriticalAI2024-07-24
CVE-2024-2466 TLS certificate check bypass with mbedTLS — curl 5.9 -2024-03-27
CVE-2024-2379 QUIC certificate check bypass with wolfSSL — curl 7.5 -2024-03-27
CVE-2024-2398 HTTP/2 push headers memory-leak — curl--2024-03-27
CVE-2024-2004 Usage of disabled protocol — curl 7.5 -2024-03-27

This page lists every published CVE security advisory associated with CURL. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.