Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:generic/curl.se/curl@8.17.0
Typegeneric
Namespacecurl.se
Namecurl
Version8.17.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.20.0
Latest_non_vulnerable_version8.20.0
Affected_by_vulnerabilities
0
url VCID-21ff-tazv-9ud3
vulnerability_id VCID-21ff-tazv-9ud3
summary When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14524.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14524.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14524
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08189
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14524
2
reference_url https://curl.se/docs/CVE-2025-14524.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Low
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:24:54Z/
url https://curl.se/docs/CVE-2025-14524.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3459417
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:24:54Z/
url https://hackerone.com/reports/3459417
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2426407
reference_id 2426407
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2426407
7
reference_url https://curl.se/docs/CVE-2025-14524.json
reference_id CVE-2025-14524.json
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:24:54Z/
url https://curl.se/docs/CVE-2025-14524.json
8
reference_url https://access.redhat.com/errata/RHSA-2026:6893
reference_id RHSA-2026:6893
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6893
9
reference_url https://usn.ubuntu.com/8062-1/
reference_id USN-8062-1
reference_type
scores
url https://usn.ubuntu.com/8062-1/
fixed_packages
0
url pkg:generic/curl.se/curl@8.18.0
purl pkg:generic/curl.se/curl@8.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39qh-jayw-g3dh
1
vulnerability VCID-5un8-xymy-37bt
2
vulnerability VCID-9vbs-w124-q3au
3
vulnerability VCID-bcuq-n4vb-k7f3
4
vulnerability VCID-f9nm-d5ax-qkcb
5
vulnerability VCID-fxgf-t3ue-6qhf
6
vulnerability VCID-g7ux-4vz2-ckfg
7
vulnerability VCID-hhms-2hg6-nke9
8
vulnerability VCID-secz-78pt-dben
9
vulnerability VCID-w8ff-vxga-8qcz
10
vulnerability VCID-wgur-psum-pbck
11
vulnerability VCID-y44u-23he-aya8
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0
aliases CVE-2025-14524
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-21ff-tazv-9ud3
1
url VCID-39qh-jayw-g3dh
vulnerability_id VCID-39qh-jayw-g3dh
summary curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1965.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1965.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1965
reference_id
reference_type
scores
0
value 0.00073
scoring_system epss
scoring_elements 0.22244
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1965
2
reference_url https://curl.se/docs/CVE-2026-1965.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Medium
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:31:56Z/
url https://curl.se/docs/CVE-2026-1965.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2446448
reference_id 2446448
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2446448
6
reference_url https://curl.se/docs/CVE-2026-1965.json
reference_id CVE-2026-1965.json
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:31:56Z/
url https://curl.se/docs/CVE-2026-1965.json
7
reference_url https://access.redhat.com/errata/RHSA-2026:6893
reference_id RHSA-2026:6893
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6893
8
reference_url https://usn.ubuntu.com/8084-1/
reference_id USN-8084-1
reference_type
scores
url https://usn.ubuntu.com/8084-1/
9
reference_url https://usn.ubuntu.com/8099-1/
reference_id USN-8099-1
reference_type
scores
url https://usn.ubuntu.com/8099-1/
fixed_packages
0
url pkg:generic/curl.se/curl@8.19.0
purl pkg:generic/curl.se/curl@8.19.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5un8-xymy-37bt
1
vulnerability VCID-9vbs-w124-q3au
2
vulnerability VCID-bcuq-n4vb-k7f3
3
vulnerability VCID-f9nm-d5ax-qkcb
4
vulnerability VCID-g7ux-4vz2-ckfg
5
vulnerability VCID-secz-78pt-dben
6
vulnerability VCID-w8ff-vxga-8qcz
7
vulnerability VCID-wgur-psum-pbck
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0
aliases CVE-2026-1965
risk_score 3.0
exploitability 0.5
weighted_severity 6.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-39qh-jayw-g3dh
2
url VCID-5un8-xymy-37bt
vulnerability_id VCID-5un8-xymy-37bt
summary curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5773.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5773.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-5773
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05317
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-5773
2
reference_url https://curl.se/docs/CVE-2026-5773.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Low
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:45:00Z/
url https://curl.se/docs/CVE-2026-5773.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5773
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3650689
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:45:00Z/
url https://hackerone.com/reports/3650689
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2461201
reference_id 2461201
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2461201
7
reference_url https://curl.se/docs/CVE-2026-5773.json
reference_id CVE-2026-5773.json
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:45:00Z/
url https://curl.se/docs/CVE-2026-5773.json
8
reference_url https://access.redhat.com/errata/RHSA-2026:12916
reference_id RHSA-2026:12916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:12916
9
reference_url https://usn.ubuntu.com/8227-1/
reference_id USN-8227-1
reference_type
scores
url https://usn.ubuntu.com/8227-1/
fixed_packages
0
url pkg:generic/curl.se/curl@8.20.0
purl pkg:generic/curl.se/curl@8.20.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0
aliases CVE-2026-5773
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5un8-xymy-37bt
3
url VCID-7wqd-99h2-e7hk
vulnerability_id VCID-7wqd-99h2-e7hk
summary When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14017.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14017.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14017
reference_id
reference_type
scores
0
value 3e-05
scoring_system epss
scoring_elements 0.00081
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14017
2
reference_url https://curl.se/docs/CVE-2025-14017.html
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Medium
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-16T15:39:09Z/
url https://curl.se/docs/CVE-2025-14017.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427870
reference_id 2427870
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427870
6
reference_url https://curl.se/docs/CVE-2025-14017.json
reference_id CVE-2025-14017.json
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-16T15:39:09Z/
url https://curl.se/docs/CVE-2025-14017.json
7
reference_url https://access.redhat.com/errata/RHSA-2026:6893
reference_id RHSA-2026:6893
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6893
8
reference_url https://usn.ubuntu.com/8062-1/
reference_id USN-8062-1
reference_type
scores
url https://usn.ubuntu.com/8062-1/
9
reference_url https://usn.ubuntu.com/8062-2/
reference_id USN-8062-2
reference_type
scores
url https://usn.ubuntu.com/8062-2/
fixed_packages
0
url pkg:generic/curl.se/curl@8.18.0
purl pkg:generic/curl.se/curl@8.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39qh-jayw-g3dh
1
vulnerability VCID-5un8-xymy-37bt
2
vulnerability VCID-9vbs-w124-q3au
3
vulnerability VCID-bcuq-n4vb-k7f3
4
vulnerability VCID-f9nm-d5ax-qkcb
5
vulnerability VCID-fxgf-t3ue-6qhf
6
vulnerability VCID-g7ux-4vz2-ckfg
7
vulnerability VCID-hhms-2hg6-nke9
8
vulnerability VCID-secz-78pt-dben
9
vulnerability VCID-w8ff-vxga-8qcz
10
vulnerability VCID-wgur-psum-pbck
11
vulnerability VCID-y44u-23he-aya8
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0
aliases CVE-2025-14017
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7wqd-99h2-e7hk
4
url VCID-9vbs-w124-q3au
vulnerability_id VCID-9vbs-w124-q3au
summary When curl is told to use the Certificate Status Request TLS extension, often referred to as *OCSP stapling*, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-7009
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.01997
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-7009
1
reference_url https://curl.se/docs/CVE-2026-7009.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Medium
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:20:11Z/
url https://curl.se/docs/CVE-2026-7009.html
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://hackerone.com/reports/3694390
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:20:11Z/
url https://hackerone.com/reports/3694390
4
reference_url https://curl.se/docs/CVE-2026-7009.json
reference_id CVE-2026-7009.json
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:20:11Z/
url https://curl.se/docs/CVE-2026-7009.json
fixed_packages
0
url pkg:generic/curl.se/curl@8.20.0
purl pkg:generic/curl.se/curl@8.20.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0
aliases CVE-2026-7009
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9vbs-w124-q3au
5
url VCID-bcuq-n4vb-k7f3
vulnerability_id VCID-bcuq-n4vb-k7f3
summary curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7168.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7168.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-7168
reference_id
reference_type
scores
0
value 0.00079
scoring_system epss
scoring_elements 0.23476
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-7168
2
reference_url https://curl.se/docs/CVE-2026-7168.html
reference_id
reference_type
scores
0
value Medium
scoring_system cvssv3.1
scoring_elements
url https://curl.se/docs/CVE-2026-7168.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7168
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7168
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3697719
reference_id
reference_type
scores
url https://hackerone.com/reports/3697719
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2476979
reference_id 2476979
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2476979
7
reference_url https://access.redhat.com/errata/RHSA-2026:19106
reference_id RHSA-2026:19106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:19106
8
reference_url https://usn.ubuntu.com/8227-1/
reference_id USN-8227-1
reference_type
scores
url https://usn.ubuntu.com/8227-1/
fixed_packages
0
url pkg:generic/curl.se/curl@8.20.0
purl pkg:generic/curl.se/curl@8.20.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0
aliases CVE-2026-7168
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bcuq-n4vb-k7f3
6
url VCID-f9nm-d5ax-qkcb
vulnerability_id VCID-f9nm-d5ax-qkcb
summary curl: libcurl: Credential leak via reused proxy connection during HTTP redirects
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6429.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6429.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-6429
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.06052
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-6429
2
reference_url https://curl.se/docs/CVE-2026-6429.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Medium
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:03:52Z/
url https://curl.se/docs/CVE-2026-6429.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6429
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6429
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3677759
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:03:52Z/
url https://hackerone.com/reports/3677759
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2461205
reference_id 2461205
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2461205
7
reference_url https://curl.se/docs/CVE-2026-6429.json
reference_id CVE-2026-6429.json
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:03:52Z/
url https://curl.se/docs/CVE-2026-6429.json
8
reference_url https://access.redhat.com/errata/RHSA-2026:12916
reference_id RHSA-2026:12916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:12916
9
reference_url https://usn.ubuntu.com/8227-1/
reference_id USN-8227-1
reference_type
scores
url https://usn.ubuntu.com/8227-1/
fixed_packages
0
url pkg:generic/curl.se/curl@8.20.0
purl pkg:generic/curl.se/curl@8.20.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0
aliases CVE-2026-6429
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f9nm-d5ax-qkcb
7
url VCID-fcb7-8163-muf4
vulnerability_id VCID-fcb7-8163-muf4
summary When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15224.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15224.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-15224
reference_id
reference_type
scores
0
value 0.00067
scoring_system epss
scoring_elements 0.20921
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-15224
2
reference_url https://curl.se/docs/CVE-2025-15224.html
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Low
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:38:20Z/
url https://curl.se/docs/CVE-2025-15224.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3480925
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:38:20Z/
url https://hackerone.com/reports/3480925
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2426410
reference_id 2426410
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2426410
7
reference_url https://curl.se/docs/CVE-2025-15224.json
reference_id CVE-2025-15224.json
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:38:20Z/
url https://curl.se/docs/CVE-2025-15224.json
8
reference_url https://access.redhat.com/errata/RHSA-2026:6893
reference_id RHSA-2026:6893
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6893
9
reference_url https://usn.ubuntu.com/8062-1/
reference_id USN-8062-1
reference_type
scores
url https://usn.ubuntu.com/8062-1/
10
reference_url https://usn.ubuntu.com/8062-2/
reference_id USN-8062-2
reference_type
scores
url https://usn.ubuntu.com/8062-2/
fixed_packages
0
url pkg:generic/curl.se/curl@8.18.0
purl pkg:generic/curl.se/curl@8.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39qh-jayw-g3dh
1
vulnerability VCID-5un8-xymy-37bt
2
vulnerability VCID-9vbs-w124-q3au
3
vulnerability VCID-bcuq-n4vb-k7f3
4
vulnerability VCID-f9nm-d5ax-qkcb
5
vulnerability VCID-fxgf-t3ue-6qhf
6
vulnerability VCID-g7ux-4vz2-ckfg
7
vulnerability VCID-hhms-2hg6-nke9
8
vulnerability VCID-secz-78pt-dben
9
vulnerability VCID-w8ff-vxga-8qcz
10
vulnerability VCID-wgur-psum-pbck
11
vulnerability VCID-y44u-23he-aya8
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0
aliases CVE-2025-15224
risk_score 2.1
exploitability 0.5
weighted_severity 4.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fcb7-8163-muf4
8
url VCID-fxgf-t3ue-6qhf
vulnerability_id VCID-fxgf-t3ue-6qhf
summary curl: curl: Arbitrary code execution or Denial of Service via use-after-free in SMB request handling
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3805.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3805.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3805
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09035
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3805
2
reference_url https://curl.se/docs/CVE-2026-3805.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Medium
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:45:10Z/
url https://curl.se/docs/CVE-2026-3805.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://hackerone.com/reports/3591944
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:45:10Z/
url https://hackerone.com/reports/3591944
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2446451
reference_id 2446451
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2446451
6
reference_url https://curl.se/docs/CVE-2026-3805.json
reference_id CVE-2026-3805.json
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:45:10Z/
url https://curl.se/docs/CVE-2026-3805.json
7
reference_url https://access.redhat.com/errata/RHSA-2026:6893
reference_id RHSA-2026:6893
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6893
8
reference_url https://usn.ubuntu.com/8084-1/
reference_id USN-8084-1
reference_type
scores
url https://usn.ubuntu.com/8084-1/
fixed_packages
0
url pkg:generic/curl.se/curl@8.19.0
purl pkg:generic/curl.se/curl@8.19.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5un8-xymy-37bt
1
vulnerability VCID-9vbs-w124-q3au
2
vulnerability VCID-bcuq-n4vb-k7f3
3
vulnerability VCID-f9nm-d5ax-qkcb
4
vulnerability VCID-g7ux-4vz2-ckfg
5
vulnerability VCID-secz-78pt-dben
6
vulnerability VCID-w8ff-vxga-8qcz
7
vulnerability VCID-wgur-psum-pbck
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0
aliases CVE-2026-3805
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fxgf-t3ue-6qhf
9
url VCID-g7ux-4vz2-ckfg
vulnerability_id VCID-g7ux-4vz2-ckfg
summary curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5545.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5545.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-5545
reference_id
reference_type
scores
0
value 0.00037
scoring_system epss
scoring_elements 0.11302
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-5545
2
reference_url https://curl.se/docs/CVE-2026-5545.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value Medium
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:46:36Z/
url https://curl.se/docs/CVE-2026-5545.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5545
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5545
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3642555
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:46:36Z/
url https://hackerone.com/reports/3642555
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2461204
reference_id 2461204
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2461204
7
reference_url https://curl.se/docs/CVE-2026-5545.json
reference_id CVE-2026-5545.json
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:46:36Z/
url https://curl.se/docs/CVE-2026-5545.json
8
reference_url https://access.redhat.com/errata/RHSA-2026:12916
reference_id RHSA-2026:12916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:12916
9
reference_url https://usn.ubuntu.com/8227-1/
reference_id USN-8227-1
reference_type
scores
url https://usn.ubuntu.com/8227-1/
fixed_packages
0
url pkg:generic/curl.se/curl@8.20.0
purl pkg:generic/curl.se/curl@8.20.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0
aliases CVE-2026-5545
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g7ux-4vz2-ckfg
10
url VCID-gux4-dncg-h7a6
vulnerability_id VCID-gux4-dncg-h7a6
summary When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14819.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14819.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14819
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09188
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14819
2
reference_url https://curl.se/docs/CVE-2025-14819.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Low
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:00:02Z/
url https://curl.se/docs/CVE-2025-14819.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2426408
reference_id 2426408
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2426408
5
reference_url https://curl.se/docs/CVE-2025-14819.json
reference_id CVE-2025-14819.json
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:00:02Z/
url https://curl.se/docs/CVE-2025-14819.json
6
reference_url https://access.redhat.com/errata/RHSA-2026:6893
reference_id RHSA-2026:6893
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6893
7
reference_url https://usn.ubuntu.com/8062-1/
reference_id USN-8062-1
reference_type
scores
url https://usn.ubuntu.com/8062-1/
fixed_packages
0
url pkg:generic/curl.se/curl@8.18.0
purl pkg:generic/curl.se/curl@8.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39qh-jayw-g3dh
1
vulnerability VCID-5un8-xymy-37bt
2
vulnerability VCID-9vbs-w124-q3au
3
vulnerability VCID-bcuq-n4vb-k7f3
4
vulnerability VCID-f9nm-d5ax-qkcb
5
vulnerability VCID-fxgf-t3ue-6qhf
6
vulnerability VCID-g7ux-4vz2-ckfg
7
vulnerability VCID-hhms-2hg6-nke9
8
vulnerability VCID-secz-78pt-dben
9
vulnerability VCID-w8ff-vxga-8qcz
10
vulnerability VCID-wgur-psum-pbck
11
vulnerability VCID-y44u-23he-aya8
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0
aliases CVE-2025-14819
risk_score 3.0
exploitability 0.5
weighted_severity 6.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gux4-dncg-h7a6
11
url VCID-hhms-2hg6-nke9
vulnerability_id VCID-hhms-2hg6-nke9
summary curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3783.json
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3783.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3783
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.08557
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3783
2
reference_url https://curl.se/docs/CVE-2026-3783.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Medium
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:25:28Z/
url https://curl.se/docs/CVE-2026-3783.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3583983
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:25:28Z/
url https://hackerone.com/reports/3583983
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2446450
reference_id 2446450
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2446450
7
reference_url https://curl.se/docs/CVE-2026-3783.json
reference_id CVE-2026-3783.json
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:25:28Z/
url https://curl.se/docs/CVE-2026-3783.json
8
reference_url https://access.redhat.com/errata/RHSA-2026:6893
reference_id RHSA-2026:6893
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6893
9
reference_url https://usn.ubuntu.com/8084-1/
reference_id USN-8084-1
reference_type
scores
url https://usn.ubuntu.com/8084-1/
10
reference_url https://usn.ubuntu.com/8099-1/
reference_id USN-8099-1
reference_type
scores
url https://usn.ubuntu.com/8099-1/
fixed_packages
0
url pkg:generic/curl.se/curl@8.19.0
purl pkg:generic/curl.se/curl@8.19.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5un8-xymy-37bt
1
vulnerability VCID-9vbs-w124-q3au
2
vulnerability VCID-bcuq-n4vb-k7f3
3
vulnerability VCID-f9nm-d5ax-qkcb
4
vulnerability VCID-g7ux-4vz2-ckfg
5
vulnerability VCID-secz-78pt-dben
6
vulnerability VCID-w8ff-vxga-8qcz
7
vulnerability VCID-wgur-psum-pbck
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0
aliases CVE-2026-3783
risk_score 2.5
exploitability 0.5
weighted_severity 5.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hhms-2hg6-nke9
12
url VCID-secz-78pt-dben
vulnerability_id VCID-secz-78pt-dben
summary curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6253.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6253.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-6253
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.08936
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-6253
2
reference_url https://curl.se/docs/CVE-2026-6253.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Medium
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:42:30Z/
url https://curl.se/docs/CVE-2026-6253.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6253
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6253
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3669637
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:42:30Z/
url https://hackerone.com/reports/3669637
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2461202
reference_id 2461202
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2461202
7
reference_url https://curl.se/docs/CVE-2026-6253.json
reference_id CVE-2026-6253.json
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:42:30Z/
url https://curl.se/docs/CVE-2026-6253.json
8
reference_url https://access.redhat.com/errata/RHSA-2026:12916
reference_id RHSA-2026:12916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:12916
9
reference_url https://usn.ubuntu.com/8227-1/
reference_id USN-8227-1
reference_type
scores
url https://usn.ubuntu.com/8227-1/
fixed_packages
0
url pkg:generic/curl.se/curl@8.20.0
purl pkg:generic/curl.se/curl@8.20.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0
aliases CVE-2026-6253
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-secz-78pt-dben
13
url VCID-t45k-skv6-cfg2
vulnerability_id VCID-t45k-skv6-cfg2
summary When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper check, thus not noticing a possible impostor. To skip this check, the connection had to be done with QUIC with ngtcp2 built to use GnuTLS and the user had to explicitly disable the standard certificate verification.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13034.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13034.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13034
reference_id
reference_type
scores
0
value 7e-05
scoring_system epss
scoring_elements 0.00685
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13034
2
reference_url https://curl.se/docs/CVE-2025-13034.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Medium
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:56:11Z/
url https://curl.se/docs/CVE-2025-13034.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2426406
reference_id 2426406
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2426406
5
reference_url https://curl.se/docs/CVE-2025-13034.json
reference_id CVE-2025-13034.json
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:56:11Z/
url https://curl.se/docs/CVE-2025-13034.json
6
reference_url https://access.redhat.com/errata/RHSA-2026:6893
reference_id RHSA-2026:6893
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6893
7
reference_url https://usn.ubuntu.com/8062-1/
reference_id USN-8062-1
reference_type
scores
url https://usn.ubuntu.com/8062-1/
fixed_packages
0
url pkg:generic/curl.se/curl@8.18.0
purl pkg:generic/curl.se/curl@8.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39qh-jayw-g3dh
1
vulnerability VCID-5un8-xymy-37bt
2
vulnerability VCID-9vbs-w124-q3au
3
vulnerability VCID-bcuq-n4vb-k7f3
4
vulnerability VCID-f9nm-d5ax-qkcb
5
vulnerability VCID-fxgf-t3ue-6qhf
6
vulnerability VCID-g7ux-4vz2-ckfg
7
vulnerability VCID-hhms-2hg6-nke9
8
vulnerability VCID-secz-78pt-dben
9
vulnerability VCID-w8ff-vxga-8qcz
10
vulnerability VCID-wgur-psum-pbck
11
vulnerability VCID-y44u-23he-aya8
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0
aliases CVE-2025-13034
risk_score 3.0
exploitability 0.5
weighted_severity 6.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t45k-skv6-cfg2
14
url VCID-v82t-s9e1-2fbw
vulnerability_id VCID-v82t-s9e1-2fbw
summary When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15079.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15079.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-15079
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.09398
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-15079
2
reference_url https://curl.se/docs/CVE-2025-15079.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Low
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:45:34Z/
url https://curl.se/docs/CVE-2025-15079.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3477116
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:45:34Z/
url https://hackerone.com/reports/3477116
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2426409
reference_id 2426409
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2426409
7
reference_url https://curl.se/docs/CVE-2025-15079.json
reference_id CVE-2025-15079.json
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:45:34Z/
url https://curl.se/docs/CVE-2025-15079.json
8
reference_url https://access.redhat.com/errata/RHSA-2026:6893
reference_id RHSA-2026:6893
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6893
9
reference_url https://usn.ubuntu.com/8062-1/
reference_id USN-8062-1
reference_type
scores
url https://usn.ubuntu.com/8062-1/
10
reference_url https://usn.ubuntu.com/8062-2/
reference_id USN-8062-2
reference_type
scores
url https://usn.ubuntu.com/8062-2/
fixed_packages
0
url pkg:generic/curl.se/curl@8.18.0
purl pkg:generic/curl.se/curl@8.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39qh-jayw-g3dh
1
vulnerability VCID-5un8-xymy-37bt
2
vulnerability VCID-9vbs-w124-q3au
3
vulnerability VCID-bcuq-n4vb-k7f3
4
vulnerability VCID-f9nm-d5ax-qkcb
5
vulnerability VCID-fxgf-t3ue-6qhf
6
vulnerability VCID-g7ux-4vz2-ckfg
7
vulnerability VCID-hhms-2hg6-nke9
8
vulnerability VCID-secz-78pt-dben
9
vulnerability VCID-w8ff-vxga-8qcz
10
vulnerability VCID-wgur-psum-pbck
11
vulnerability VCID-y44u-23he-aya8
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0
aliases CVE-2025-15079
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v82t-s9e1-2fbw
15
url VCID-w8ff-vxga-8qcz
vulnerability_id VCID-w8ff-vxga-8qcz
summary curl: curl: Information disclosure due to incorrect TLS connection reuse
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4873.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4873.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4873
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02591
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4873
2
reference_url https://curl.se/docs/CVE-2026-4873.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Low
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T19:29:14Z/
url https://curl.se/docs/CVE-2026-4873.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4873
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3621851
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T19:29:14Z/
url https://hackerone.com/reports/3621851
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2461200
reference_id 2461200
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2461200
7
reference_url https://curl.se/docs/CVE-2026-4873.json
reference_id CVE-2026-4873.json
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T19:29:14Z/
url https://curl.se/docs/CVE-2026-4873.json
8
reference_url https://access.redhat.com/errata/RHSA-2026:12916
reference_id RHSA-2026:12916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:12916
9
reference_url https://usn.ubuntu.com/8227-1/
reference_id USN-8227-1
reference_type
scores
url https://usn.ubuntu.com/8227-1/
fixed_packages
0
url pkg:generic/curl.se/curl@8.20.0
purl pkg:generic/curl.se/curl@8.20.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0
aliases CVE-2026-4873
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w8ff-vxga-8qcz
16
url VCID-wgur-psum-pbck
vulnerability_id VCID-wgur-psum-pbck
summary curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6276.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6276.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-6276
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02088
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-6276
2
reference_url https://curl.se/docs/CVE-2026-6276.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Low
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:24:29Z/
url https://curl.se/docs/CVE-2026-6276.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6276
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6276
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3671818
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:24:29Z/
url https://hackerone.com/reports/3671818
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2461203
reference_id 2461203
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2461203
7
reference_url https://curl.se/docs/CVE-2026-6276.json
reference_id CVE-2026-6276.json
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:24:29Z/
url https://curl.se/docs/CVE-2026-6276.json
8
reference_url https://access.redhat.com/errata/RHSA-2026:12916
reference_id RHSA-2026:12916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:12916
9
reference_url https://usn.ubuntu.com/8227-1/
reference_id USN-8227-1
reference_type
scores
url https://usn.ubuntu.com/8227-1/
fixed_packages
0
url pkg:generic/curl.se/curl@8.20.0
purl pkg:generic/curl.se/curl@8.20.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0
aliases CVE-2026-6276
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wgur-psum-pbck
17
url VCID-y44u-23he-aya8
vulnerability_id VCID-y44u-23he-aya8
summary curl: curl: Unauthorized access due to improper HTTP proxy connection reuse
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3784.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3784.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3784
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07339
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3784
2
reference_url https://curl.se/docs/CVE-2026-3784.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Low
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:48:38Z/
url https://curl.se/docs/CVE-2026-3784.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3584903
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:48:38Z/
url https://hackerone.com/reports/3584903
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2446449
reference_id 2446449
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2446449
7
reference_url https://curl.se/docs/CVE-2026-3784.json
reference_id CVE-2026-3784.json
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:48:38Z/
url https://curl.se/docs/CVE-2026-3784.json
8
reference_url https://access.redhat.com/errata/RHSA-2026:6893
reference_id RHSA-2026:6893
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6893
9
reference_url https://usn.ubuntu.com/8084-1/
reference_id USN-8084-1
reference_type
scores
url https://usn.ubuntu.com/8084-1/
10
reference_url https://usn.ubuntu.com/8099-1/
reference_id USN-8099-1
reference_type
scores
url https://usn.ubuntu.com/8099-1/
fixed_packages
0
url pkg:generic/curl.se/curl@8.19.0
purl pkg:generic/curl.se/curl@8.19.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5un8-xymy-37bt
1
vulnerability VCID-9vbs-w124-q3au
2
vulnerability VCID-bcuq-n4vb-k7f3
3
vulnerability VCID-f9nm-d5ax-qkcb
4
vulnerability VCID-g7ux-4vz2-ckfg
5
vulnerability VCID-secz-78pt-dben
6
vulnerability VCID-w8ff-vxga-8qcz
7
vulnerability VCID-wgur-psum-pbck
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0
aliases CVE-2026-3784
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y44u-23he-aya8
Fixing_vulnerabilities
0
url VCID-p155-gbtu-abg1
vulnerability_id VCID-p155-gbtu-abg1
summary curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10966.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10966.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-10966
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10057
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-10966
2
reference_url https://curl.se/docs/CVE-2025-10966.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Low
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-10T20:26:03Z/
url https://curl.se/docs/CVE-2025-10966.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3355218
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-10T20:26:03Z/
url https://hackerone.com/reports/3355218
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2413308
reference_id 2413308
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2413308
7
reference_url https://curl.se/docs/CVE-2025-10966.json
reference_id CVE-2025-10966.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-10T20:26:03Z/
url https://curl.se/docs/CVE-2025-10966.json
8
reference_url https://access.redhat.com/errata/RHSA-2026:6893
reference_id RHSA-2026:6893
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6893
fixed_packages
0
url pkg:generic/curl.se/curl@8.17.0
purl pkg:generic/curl.se/curl@8.17.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21ff-tazv-9ud3
1
vulnerability VCID-39qh-jayw-g3dh
2
vulnerability VCID-5un8-xymy-37bt
3
vulnerability VCID-7wqd-99h2-e7hk
4
vulnerability VCID-9vbs-w124-q3au
5
vulnerability VCID-bcuq-n4vb-k7f3
6
vulnerability VCID-f9nm-d5ax-qkcb
7
vulnerability VCID-fcb7-8163-muf4
8
vulnerability VCID-fxgf-t3ue-6qhf
9
vulnerability VCID-g7ux-4vz2-ckfg
10
vulnerability VCID-gux4-dncg-h7a6
11
vulnerability VCID-hhms-2hg6-nke9
12
vulnerability VCID-secz-78pt-dben
13
vulnerability VCID-t45k-skv6-cfg2
14
vulnerability VCID-v82t-s9e1-2fbw
15
vulnerability VCID-w8ff-vxga-8qcz
16
vulnerability VCID-wgur-psum-pbck
17
vulnerability VCID-y44u-23he-aya8
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.17.0
aliases CVE-2025-10966
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p155-gbtu-abg1
Risk_score3.6
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.17.0