Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-958x-aqdm-27br
Vulnerability ID VCID-958x-aqdm-27br
Aliases CVE-2016-0754
Summary cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
System Score Found at
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2016-0754
cvssv3.1 High https://curl.se/docs/CVE-2016-0754.html
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2016-0754
https://curl.se/docs/CVE-2016-0754.html
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.57741
EPSS Score 0.00351
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T16:52:10.494750+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0