Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:generic/curl.se/curl@8.12.1
Typegeneric
Namespacecurl.se
Namecurl
Version8.12.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.19.0
Latest_non_vulnerable_version8.19.0
Affected_by_vulnerabilities
0
url VCID-176a-agbw-hqdy
vulnerability_id VCID-176a-agbw-hqdy
summary curl: libcurl: QUIC Certificate Pinning Bypass
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5025.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5025.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-5025
reference_id
reference_type
scores
0
value 0.0006
scoring_system epss
scoring_elements 0.18888
published_at 2026-04-13T12:55:00Z
1
value 0.0006
scoring_system epss
scoring_elements 0.19078
published_at 2026-04-02T12:55:00Z
2
value 0.0006
scoring_system epss
scoring_elements 0.19129
published_at 2026-04-04T12:55:00Z
3
value 0.0006
scoring_system epss
scoring_elements 0.18846
published_at 2026-04-07T12:55:00Z
4
value 0.0006
scoring_system epss
scoring_elements 0.18926
published_at 2026-04-08T12:55:00Z
5
value 0.0006
scoring_system epss
scoring_elements 0.18979
published_at 2026-04-09T12:55:00Z
6
value 0.0006
scoring_system epss
scoring_elements 0.18986
published_at 2026-04-11T12:55:00Z
7
value 0.0006
scoring_system epss
scoring_elements 0.18939
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-5025
2
reference_url https://curl.se/docs/CVE-2025-5025.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Medium
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T16:19:34Z/
url https://curl.se/docs/CVE-2025-5025.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://hackerone.com/reports/3153497
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T16:19:34Z/
url https://hackerone.com/reports/3153497
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2368888
reference_id 2368888
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2368888
6
reference_url https://security.archlinux.org/AVG-2887
reference_id AVG-2887
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2887
7
reference_url https://curl.se/docs/CVE-2025-5025.json
reference_id CVE-2025-5025.json
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T16:19:34Z/
url https://curl.se/docs/CVE-2025-5025.json
fixed_packages
0
url pkg:generic/curl.se/curl@8.14.0
purl pkg:generic/curl.se/curl@8.14.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cx5-1qnw-uufj
1
vulnerability VCID-5xp7-mcsa-uqd4
2
vulnerability VCID-8zks-th64-33b8
3
vulnerability VCID-amgy-dw6h-6ydf
4
vulnerability VCID-aua9-4frt-xugf
5
vulnerability VCID-etzn-uhck-h7b2
6
vulnerability VCID-ksap-zrmb-ebcu
7
vulnerability VCID-kt4b-7ffh-4bch
8
vulnerability VCID-m5fs-um7r-9qh2
9
vulnerability VCID-mkyr-w79c-qqfz
10
vulnerability VCID-nvzd-v3bs-6qek
11
vulnerability VCID-qpux-jh6k-8qhx
12
vulnerability VCID-vbbv-k1r7-kkas
13
vulnerability VCID-x57x-w8g8-7ybz
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.14.0
aliases CVE-2025-5025
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-176a-agbw-hqdy
1
url VCID-2cx5-1qnw-uufj
vulnerability_id VCID-2cx5-1qnw-uufj
summary curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1965.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1965.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1965
reference_id
reference_type
scores
0
value 0.00054
scoring_system epss
scoring_elements 0.16923
published_at 2026-04-11T12:55:00Z
1
value 0.00054
scoring_system epss
scoring_elements 0.17246
published_at 2026-04-04T12:55:00Z
2
value 0.00054
scoring_system epss
scoring_elements 0.16949
published_at 2026-04-09T12:55:00Z
3
value 0.00054
scoring_system epss
scoring_elements 0.16891
published_at 2026-04-08T12:55:00Z
4
value 0.00054
scoring_system epss
scoring_elements 0.16802
published_at 2026-04-07T12:55:00Z
5
value 0.00054
scoring_system epss
scoring_elements 0.17194
published_at 2026-04-02T12:55:00Z
6
value 0.00062
scoring_system epss
scoring_elements 0.19261
published_at 2026-04-13T12:55:00Z
7
value 0.00062
scoring_system epss
scoring_elements 0.19316
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1965
2
reference_url https://curl.se/docs/CVE-2026-1965.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Medium
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:31:56Z/
url https://curl.se/docs/CVE-2026-1965.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2446448
reference_id 2446448
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2446448
6
reference_url https://curl.se/docs/CVE-2026-1965.json
reference_id CVE-2026-1965.json
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:31:56Z/
url https://curl.se/docs/CVE-2026-1965.json
7
reference_url https://usn.ubuntu.com/8084-1/
reference_id USN-8084-1
reference_type
scores
url https://usn.ubuntu.com/8084-1/
8
reference_url https://usn.ubuntu.com/8099-1/
reference_id USN-8099-1
reference_type
scores
url https://usn.ubuntu.com/8099-1/
fixed_packages
0
url pkg:generic/curl.se/curl@8.19.0
purl pkg:generic/curl.se/curl@8.19.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0
aliases CVE-2026-1965
risk_score 3.0
exploitability 0.5
weighted_severity 6.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2cx5-1qnw-uufj
2
url VCID-5xp7-mcsa-uqd4
vulnerability_id VCID-5xp7-mcsa-uqd4
summary 
When doing TLS related transfers with reused easy or multi handles and
altering the  `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally
reuse a CA store cached in memory for which the partial chain option was
reversed. Contrary to the user's wishes and expectations. This could make
libcurl find and accept a trust chain that it otherwise would not.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14819.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14819.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14819
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.13995
published_at 2026-04-02T12:55:00Z
1
value 0.00045
scoring_system epss
scoring_elements 0.13863
published_at 2026-04-13T12:55:00Z
2
value 0.00045
scoring_system epss
scoring_elements 0.1405
published_at 2026-04-04T12:55:00Z
3
value 0.00045
scoring_system epss
scoring_elements 0.13854
published_at 2026-04-07T12:55:00Z
4
value 0.00045
scoring_system epss
scoring_elements 0.13938
published_at 2026-04-08T12:55:00Z
5
value 0.00045
scoring_system epss
scoring_elements 0.13991
published_at 2026-04-09T12:55:00Z
6
value 0.00045
scoring_system epss
scoring_elements 0.13948
published_at 2026-04-11T12:55:00Z
7
value 0.00045
scoring_system epss
scoring_elements 0.13911
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14819
2
reference_url https://curl.se/docs/CVE-2025-14819.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Low
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:00:02Z/
url https://curl.se/docs/CVE-2025-14819.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2426408
reference_id 2426408
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2426408
5
reference_url https://curl.se/docs/CVE-2025-14819.json
reference_id CVE-2025-14819.json
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:00:02Z/
url https://curl.se/docs/CVE-2025-14819.json
6
reference_url https://usn.ubuntu.com/8062-1/
reference_id USN-8062-1
reference_type
scores
url https://usn.ubuntu.com/8062-1/
fixed_packages
0
url pkg:generic/curl.se/curl@8.18.0
purl pkg:generic/curl.se/curl@8.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cx5-1qnw-uufj
1
vulnerability VCID-8zks-th64-33b8
2
vulnerability VCID-amgy-dw6h-6ydf
3
vulnerability VCID-etzn-uhck-h7b2
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0
aliases CVE-2025-14819
risk_score 3.0
exploitability 0.5
weighted_severity 6.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5xp7-mcsa-uqd4
3
url VCID-8zks-th64-33b8
vulnerability_id VCID-8zks-th64-33b8
summary curl: curl: Unauthorized access due to improper HTTP proxy connection reuse
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3784.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3784.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3784
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03044
published_at 2026-04-11T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03051
published_at 2026-04-04T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03081
published_at 2026-04-09T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03056
published_at 2026-04-08T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.03053
published_at 2026-04-07T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.03037
published_at 2026-04-02T12:55:00Z
6
value 0.00016
scoring_system epss
scoring_elements 0.03683
published_at 2026-04-13T12:55:00Z
7
value 0.00016
scoring_system epss
scoring_elements 0.03709
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3784
2
reference_url https://curl.se/docs/CVE-2026-3784.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Low
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:48:38Z/
url https://curl.se/docs/CVE-2026-3784.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3584903
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:48:38Z/
url https://hackerone.com/reports/3584903
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2446449
reference_id 2446449
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2446449
7
reference_url https://curl.se/docs/CVE-2026-3784.json
reference_id CVE-2026-3784.json
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:48:38Z/
url https://curl.se/docs/CVE-2026-3784.json
8
reference_url https://usn.ubuntu.com/8084-1/
reference_id USN-8084-1
reference_type
scores
url https://usn.ubuntu.com/8084-1/
9
reference_url https://usn.ubuntu.com/8099-1/
reference_id USN-8099-1
reference_type
scores
url https://usn.ubuntu.com/8099-1/
fixed_packages
0
url pkg:generic/curl.se/curl@8.19.0
purl pkg:generic/curl.se/curl@8.19.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0
aliases CVE-2026-3784
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8zks-th64-33b8
4
url VCID-9mjz-apkm-g7h1
vulnerability_id VCID-9mjz-apkm-g7h1
summary libcurl: curl: QUIC certificate check skip with wolfSSL
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4947.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4947.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-4947
reference_id
reference_type
scores
0
value 0.00075
scoring_system epss
scoring_elements 0.22613
published_at 2026-04-13T12:55:00Z
1
value 0.00075
scoring_system epss
scoring_elements 0.22731
published_at 2026-04-02T12:55:00Z
2
value 0.00075
scoring_system epss
scoring_elements 0.22775
published_at 2026-04-04T12:55:00Z
3
value 0.00075
scoring_system epss
scoring_elements 0.22565
published_at 2026-04-07T12:55:00Z
4
value 0.00075
scoring_system epss
scoring_elements 0.22641
published_at 2026-04-08T12:55:00Z
5
value 0.00075
scoring_system epss
scoring_elements 0.22692
published_at 2026-04-09T12:55:00Z
6
value 0.00075
scoring_system epss
scoring_elements 0.2271
published_at 2026-04-11T12:55:00Z
7
value 0.00075
scoring_system epss
scoring_elements 0.22671
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-4947
2
reference_url https://curl.se/docs/CVE-2025-4947.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Medium
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:57:59Z/
url https://curl.se/docs/CVE-2025-4947.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://hackerone.com/reports/3150884
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:57:59Z/
url https://hackerone.com/reports/3150884
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2368887
reference_id 2368887
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2368887
6
reference_url https://security.archlinux.org/AVG-2887
reference_id AVG-2887
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2887
7
reference_url https://curl.se/docs/CVE-2025-4947.json
reference_id CVE-2025-4947.json
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:57:59Z/
url https://curl.se/docs/CVE-2025-4947.json
fixed_packages
0
url pkg:generic/curl.se/curl@8.14.0
purl pkg:generic/curl.se/curl@8.14.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cx5-1qnw-uufj
1
vulnerability VCID-5xp7-mcsa-uqd4
2
vulnerability VCID-8zks-th64-33b8
3
vulnerability VCID-amgy-dw6h-6ydf
4
vulnerability VCID-aua9-4frt-xugf
5
vulnerability VCID-etzn-uhck-h7b2
6
vulnerability VCID-ksap-zrmb-ebcu
7
vulnerability VCID-kt4b-7ffh-4bch
8
vulnerability VCID-m5fs-um7r-9qh2
9
vulnerability VCID-mkyr-w79c-qqfz
10
vulnerability VCID-nvzd-v3bs-6qek
11
vulnerability VCID-qpux-jh6k-8qhx
12
vulnerability VCID-vbbv-k1r7-kkas
13
vulnerability VCID-x57x-w8g8-7ybz
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.14.0
aliases CVE-2025-4947
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mjz-apkm-g7h1
5
url VCID-etzn-uhck-h7b2
vulnerability_id VCID-etzn-uhck-h7b2
summary curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3783.json
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3783.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3783
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.035
published_at 2026-04-11T12:55:00Z
1
value 0.00016
scoring_system epss
scoring_elements 0.03509
published_at 2026-04-04T12:55:00Z
2
value 0.00016
scoring_system epss
scoring_elements 0.03544
published_at 2026-04-09T12:55:00Z
3
value 0.00016
scoring_system epss
scoring_elements 0.03521
published_at 2026-04-08T12:55:00Z
4
value 0.00016
scoring_system epss
scoring_elements 0.0352
published_at 2026-04-07T12:55:00Z
5
value 0.00016
scoring_system epss
scoring_elements 0.03496
published_at 2026-04-02T12:55:00Z
6
value 0.00017
scoring_system epss
scoring_elements 0.04175
published_at 2026-04-13T12:55:00Z
7
value 0.00017
scoring_system epss
scoring_elements 0.042
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3783
2
reference_url https://curl.se/docs/CVE-2026-3783.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Medium
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:25:28Z/
url https://curl.se/docs/CVE-2026-3783.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3583983
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:25:28Z/
url https://hackerone.com/reports/3583983
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2446450
reference_id 2446450
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2446450
7
reference_url https://curl.se/docs/CVE-2026-3783.json
reference_id CVE-2026-3783.json
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:25:28Z/
url https://curl.se/docs/CVE-2026-3783.json
8
reference_url https://usn.ubuntu.com/8084-1/
reference_id USN-8084-1
reference_type
scores
url https://usn.ubuntu.com/8084-1/
9
reference_url https://usn.ubuntu.com/8099-1/
reference_id USN-8099-1
reference_type
scores
url https://usn.ubuntu.com/8099-1/
fixed_packages
0
url pkg:generic/curl.se/curl@8.19.0
purl pkg:generic/curl.se/curl@8.19.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0
aliases CVE-2026-3783
risk_score 2.5
exploitability 0.5
weighted_severity 5.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-etzn-uhck-h7b2
6
url VCID-ksap-zrmb-ebcu
vulnerability_id VCID-ksap-zrmb-ebcu
summary curl: predictable WebSocket mask
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10148.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10148.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-10148
reference_id
reference_type
scores
0
value 0.00102
scoring_system epss
scoring_elements 0.28205
published_at 2026-04-04T12:55:00Z
1
value 0.00102
scoring_system epss
scoring_elements 0.28161
published_at 2026-04-02T12:55:00Z
2
value 0.00102
scoring_system epss
scoring_elements 0.28
published_at 2026-04-07T12:55:00Z
3
value 0.00118
scoring_system epss
scoring_elements 0.30659
published_at 2026-04-13T12:55:00Z
4
value 0.00118
scoring_system epss
scoring_elements 0.30714
published_at 2026-04-08T12:55:00Z
5
value 0.00118
scoring_system epss
scoring_elements 0.30746
published_at 2026-04-09T12:55:00Z
6
value 0.00118
scoring_system epss
scoring_elements 0.30749
published_at 2026-04-11T12:55:00Z
7
value 0.00118
scoring_system epss
scoring_elements 0.30704
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-10148
2
reference_url https://curl.se/docs/CVE-2025-10148.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Low
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-12T17:16:46Z/
url https://curl.se/docs/CVE-2025-10148.html
3
reference_url https://hackerone.com/reports/3330839
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-12T17:16:46Z/
url https://hackerone.com/reports/3330839
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2394749
reference_id 2394749
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2394749
5
reference_url https://curl.se/docs/CVE-2025-10148.json
reference_id CVE-2025-10148.json
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-12T17:16:46Z/
url https://curl.se/docs/CVE-2025-10148.json
6
reference_url https://usn.ubuntu.com/8062-1/
reference_id USN-8062-1
reference_type
scores
url https://usn.ubuntu.com/8062-1/
fixed_packages
0
url pkg:generic/curl.se/curl@8.16.0
purl pkg:generic/curl.se/curl@8.16.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cx5-1qnw-uufj
1
vulnerability VCID-5xp7-mcsa-uqd4
2
vulnerability VCID-8zks-th64-33b8
3
vulnerability VCID-amgy-dw6h-6ydf
4
vulnerability VCID-etzn-uhck-h7b2
5
vulnerability VCID-kt4b-7ffh-4bch
6
vulnerability VCID-mkyr-w79c-qqfz
7
vulnerability VCID-nvzd-v3bs-6qek
8
vulnerability VCID-qpux-jh6k-8qhx
9
vulnerability VCID-vbbv-k1r7-kkas
10
vulnerability VCID-x57x-w8g8-7ybz
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.16.0
aliases CVE-2025-10148
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ksap-zrmb-ebcu
7
url VCID-kt4b-7ffh-4bch
vulnerability_id VCID-kt4b-7ffh-4bch
summary 
When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey`
with the curl tool,curl should check the public key of the server certificate
to verify the peer.

This check was skipped in a certain condition that would then make curl allow
the connection without performing the proper check, thus not noticing a
possible impostor. To skip this check, the connection had to be done with QUIC
with ngtcp2 built to use GnuTLS and the user had to explicitly disable the
standard certificate verification.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13034.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13034.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13034
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01204
published_at 2026-04-02T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01209
published_at 2026-04-13T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01211
published_at 2026-04-04T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.0122
published_at 2026-04-07T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01226
published_at 2026-04-08T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.0123
published_at 2026-04-09T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.01213
published_at 2026-04-11T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.01207
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13034
2
reference_url https://curl.se/docs/CVE-2025-13034.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Medium
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:56:11Z/
url https://curl.se/docs/CVE-2025-13034.html
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2426406
reference_id 2426406
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2426406
5
reference_url https://curl.se/docs/CVE-2025-13034.json
reference_id CVE-2025-13034.json
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:56:11Z/
url https://curl.se/docs/CVE-2025-13034.json
6
reference_url https://usn.ubuntu.com/8062-1/
reference_id USN-8062-1
reference_type
scores
url https://usn.ubuntu.com/8062-1/
fixed_packages
0
url pkg:generic/curl.se/curl@8.18.0
purl pkg:generic/curl.se/curl@8.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cx5-1qnw-uufj
1
vulnerability VCID-8zks-th64-33b8
2
vulnerability VCID-amgy-dw6h-6ydf
3
vulnerability VCID-etzn-uhck-h7b2
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0
aliases CVE-2025-13034
risk_score 3.0
exploitability 0.5
weighted_severity 6.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kt4b-7ffh-4bch
8
url VCID-mkyr-w79c-qqfz
vulnerability_id VCID-mkyr-w79c-qqfz
summary curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14017.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14017.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14017
reference_id
reference_type
scores
0
value 7e-05
scoring_system epss
scoring_elements 0.00583
published_at 2026-04-13T12:55:00Z
1
value 7e-05
scoring_system epss
scoring_elements 0.006
published_at 2026-04-02T12:55:00Z
2
value 7e-05
scoring_system epss
scoring_elements 0.00593
published_at 2026-04-08T12:55:00Z
3
value 7e-05
scoring_system epss
scoring_elements 0.00595
published_at 2026-04-07T12:55:00Z
4
value 7e-05
scoring_system epss
scoring_elements 0.00587
published_at 2026-04-09T12:55:00Z
5
value 7e-05
scoring_system epss
scoring_elements 0.00586
published_at 2026-04-11T12:55:00Z
6
value 7e-05
scoring_system epss
scoring_elements 0.00582
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14017
2
reference_url https://curl.se/docs/CVE-2025-14017.html
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Medium
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-16T15:39:09Z/
url https://curl.se/docs/CVE-2025-14017.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427870
reference_id 2427870
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2427870
6
reference_url https://curl.se/docs/CVE-2025-14017.json
reference_id CVE-2025-14017.json
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-16T15:39:09Z/
url https://curl.se/docs/CVE-2025-14017.json
7
reference_url https://usn.ubuntu.com/8062-1/
reference_id USN-8062-1
reference_type
scores
url https://usn.ubuntu.com/8062-1/
8
reference_url https://usn.ubuntu.com/8062-2/
reference_id USN-8062-2
reference_type
scores
url https://usn.ubuntu.com/8062-2/
fixed_packages
0
url pkg:generic/curl.se/curl@8.18.0
purl pkg:generic/curl.se/curl@8.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cx5-1qnw-uufj
1
vulnerability VCID-8zks-th64-33b8
2
vulnerability VCID-amgy-dw6h-6ydf
3
vulnerability VCID-etzn-uhck-h7b2
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0
aliases CVE-2025-14017
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkyr-w79c-qqfz
9
url VCID-nvzd-v3bs-6qek
vulnerability_id VCID-nvzd-v3bs-6qek
summary When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15079.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15079.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-15079
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.10366
published_at 2026-04-13T12:55:00Z
1
value 0.00035
scoring_system epss
scoring_elements 0.10292
published_at 2026-04-02T12:55:00Z
2
value 0.00035
scoring_system epss
scoring_elements 0.10388
published_at 2026-04-12T12:55:00Z
3
value 0.00035
scoring_system epss
scoring_elements 0.10428
published_at 2026-04-11T12:55:00Z
4
value 0.00035
scoring_system epss
scoring_elements 0.10399
published_at 2026-04-09T12:55:00Z
5
value 0.00035
scoring_system epss
scoring_elements 0.10333
published_at 2026-04-08T12:55:00Z
6
value 0.00035
scoring_system epss
scoring_elements 0.1026
published_at 2026-04-07T12:55:00Z
7
value 0.00035
scoring_system epss
scoring_elements 0.10359
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-15079
2
reference_url https://curl.se/docs/CVE-2025-15079.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Low
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:45:34Z/
url https://curl.se/docs/CVE-2025-15079.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3477116
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:45:34Z/
url https://hackerone.com/reports/3477116
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2426409
reference_id 2426409
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2426409
7
reference_url https://curl.se/docs/CVE-2025-15079.json
reference_id CVE-2025-15079.json
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:45:34Z/
url https://curl.se/docs/CVE-2025-15079.json
8
reference_url https://usn.ubuntu.com/8062-1/
reference_id USN-8062-1
reference_type
scores
url https://usn.ubuntu.com/8062-1/
9
reference_url https://usn.ubuntu.com/8062-2/
reference_id USN-8062-2
reference_type
scores
url https://usn.ubuntu.com/8062-2/
fixed_packages
0
url pkg:generic/curl.se/curl@8.18.0
purl pkg:generic/curl.se/curl@8.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cx5-1qnw-uufj
1
vulnerability VCID-8zks-th64-33b8
2
vulnerability VCID-amgy-dw6h-6ydf
3
vulnerability VCID-etzn-uhck-h7b2
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0
aliases CVE-2025-15079
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nvzd-v3bs-6qek
10
url VCID-qpux-jh6k-8qhx
vulnerability_id VCID-qpux-jh6k-8qhx
summary curl: Curl missing SFTP host verification with wolfSSH backend
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10966.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10966.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-10966
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04624
published_at 2026-04-02T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05246
published_at 2026-04-13T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05467
published_at 2026-04-04T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05252
published_at 2026-04-07T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05288
published_at 2026-04-08T12:55:00Z
5
value 0.0002
scoring_system epss
scoring_elements 0.05309
published_at 2026-04-09T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.05274
published_at 2026-04-11T12:55:00Z
7
value 0.0002
scoring_system epss
scoring_elements 0.0526
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-10966
2
reference_url https://curl.se/docs/CVE-2025-10966.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Low
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-10T20:26:03Z/
url https://curl.se/docs/CVE-2025-10966.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3355218
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-10T20:26:03Z/
url https://hackerone.com/reports/3355218
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2413308
reference_id 2413308
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2413308
7
reference_url https://curl.se/docs/CVE-2025-10966.json
reference_id CVE-2025-10966.json
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-10T20:26:03Z/
url https://curl.se/docs/CVE-2025-10966.json
fixed_packages
0
url pkg:generic/curl.se/curl@8.17.0
purl pkg:generic/curl.se/curl@8.17.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cx5-1qnw-uufj
1
vulnerability VCID-5xp7-mcsa-uqd4
2
vulnerability VCID-8zks-th64-33b8
3
vulnerability VCID-amgy-dw6h-6ydf
4
vulnerability VCID-etzn-uhck-h7b2
5
vulnerability VCID-kt4b-7ffh-4bch
6
vulnerability VCID-mkyr-w79c-qqfz
7
vulnerability VCID-nvzd-v3bs-6qek
8
vulnerability VCID-vbbv-k1r7-kkas
9
vulnerability VCID-x57x-w8g8-7ybz
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.17.0
aliases CVE-2025-10966
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qpux-jh6k-8qhx
11
url VCID-vbbv-k1r7-kkas
vulnerability_id VCID-vbbv-k1r7-kkas
summary When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15224.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15224.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-15224
reference_id
reference_type
scores
0
value 0.00084
scoring_system epss
scoring_elements 0.2447
published_at 2026-04-13T12:55:00Z
1
value 0.00084
scoring_system epss
scoring_elements 0.24629
published_at 2026-04-02T12:55:00Z
2
value 0.00084
scoring_system epss
scoring_elements 0.24526
published_at 2026-04-12T12:55:00Z
3
value 0.00084
scoring_system epss
scoring_elements 0.2457
published_at 2026-04-11T12:55:00Z
4
value 0.00084
scoring_system epss
scoring_elements 0.24554
published_at 2026-04-09T12:55:00Z
5
value 0.00084
scoring_system epss
scoring_elements 0.2451
published_at 2026-04-08T12:55:00Z
6
value 0.00084
scoring_system epss
scoring_elements 0.24442
published_at 2026-04-07T12:55:00Z
7
value 0.00084
scoring_system epss
scoring_elements 0.24667
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-15224
2
reference_url https://curl.se/docs/CVE-2025-15224.html
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Low
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:38:20Z/
url https://curl.se/docs/CVE-2025-15224.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3480925
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:38:20Z/
url https://hackerone.com/reports/3480925
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2426410
reference_id 2426410
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2426410
7
reference_url https://curl.se/docs/CVE-2025-15224.json
reference_id CVE-2025-15224.json
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:38:20Z/
url https://curl.se/docs/CVE-2025-15224.json
8
reference_url https://usn.ubuntu.com/8062-1/
reference_id USN-8062-1
reference_type
scores
url https://usn.ubuntu.com/8062-1/
9
reference_url https://usn.ubuntu.com/8062-2/
reference_id USN-8062-2
reference_type
scores
url https://usn.ubuntu.com/8062-2/
fixed_packages
0
url pkg:generic/curl.se/curl@8.18.0
purl pkg:generic/curl.se/curl@8.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cx5-1qnw-uufj
1
vulnerability VCID-8zks-th64-33b8
2
vulnerability VCID-amgy-dw6h-6ydf
3
vulnerability VCID-etzn-uhck-h7b2
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0
aliases CVE-2025-15224
risk_score 2.1
exploitability 0.5
weighted_severity 4.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vbbv-k1r7-kkas
12
url VCID-x57x-w8g8-7ybz
vulnerability_id VCID-x57x-w8g8-7ybz
summary When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14524.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14524.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14524
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07212
published_at 2026-04-13T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07128
published_at 2026-04-02T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07222
published_at 2026-04-12T12:55:00Z
3
value 0.00026
scoring_system epss
scoring_elements 0.07234
published_at 2026-04-11T12:55:00Z
4
value 0.00026
scoring_system epss
scoring_elements 0.07237
published_at 2026-04-09T12:55:00Z
5
value 0.00026
scoring_system epss
scoring_elements 0.07206
published_at 2026-04-08T12:55:00Z
6
value 0.00026
scoring_system epss
scoring_elements 0.07151
published_at 2026-04-07T12:55:00Z
7
value 0.00026
scoring_system epss
scoring_elements 0.07177
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14524
2
reference_url https://curl.se/docs/CVE-2025-14524.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Low
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:24:54Z/
url https://curl.se/docs/CVE-2025-14524.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://hackerone.com/reports/3459417
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:24:54Z/
url https://hackerone.com/reports/3459417
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2426407
reference_id 2426407
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2426407
7
reference_url https://curl.se/docs/CVE-2025-14524.json
reference_id CVE-2025-14524.json
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:24:54Z/
url https://curl.se/docs/CVE-2025-14524.json
8
reference_url https://usn.ubuntu.com/8062-1/
reference_id USN-8062-1
reference_type
scores
url https://usn.ubuntu.com/8062-1/
fixed_packages
0
url pkg:generic/curl.se/curl@8.18.0
purl pkg:generic/curl.se/curl@8.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cx5-1qnw-uufj
1
vulnerability VCID-8zks-th64-33b8
2
vulnerability VCID-amgy-dw6h-6ydf
3
vulnerability VCID-etzn-uhck-h7b2
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0
aliases CVE-2025-14524
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x57x-w8g8-7ybz
Fixing_vulnerabilities
Risk_score3.6
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.12.1