Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
curl project curl - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-45288
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exce...
2 Github repositories
1 Article
8.2
CVSSv3
CVE-2023-35934
yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent ...
Yt-dlp Project Yt-dlp
Youtube-dlc Project Youtube-dlc
Yt-dl Youtube-dl
Fedoraproject Fedora 37
Fedoraproject Fedora 38
6.1
CVSSv3
CVE-2021-30134
php-mod/curl (a wrapper of the PHP cURL extension) prior to 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.
Php Curl Class Project Php Curl Class
Ht Slider Range For Amazon Affiliates Project Ht Slider Range For Amazon Affiliates
Qiwi Woo-qiwi-payment-gateway
Teamleade Teamleader Crm Forms
Ptwooplugins Invoicing With Invoicexpress For Woocommerce
Shopello Api Project Shopello Api
9.8
CVSSv3
CVE-2021-28940
Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific ...
Magpierss Project Magpierss 0.72
5.3
CVSSv3
CVE-2021-28941
Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's possible to request any internal page if you use a https request.
Magpierss Project Magpierss 0.72
8.8
CVSSv3
CVE-2020-26222
Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. In Dependabot-Core from version 0.119.0.beta1 before version 0.125.1, there is a remote code execution vulnerability in dependabot-common a...
Dependabot Project Dependabot 0.119.0
Dependabot Project Dependabot
6.5
CVSSv3
CVE-2019-20503
usrsctp prior to 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
Usrsctp Project Usrsctp
1 Article
9.8
CVSSv3
CVE-2002-2444
Snoopy prior to 2.0.0 has a security hole in exec cURL
Snoopy Project Snoopy 2.0.0-1
9.8
CVSSv3
CVE-2018-3744
The html-pages node module contains a path traversal vulnerabilities that allows an malicious user to read any file from the server with cURL.
Html-pages Project Html-pages 2.0.7
7.8
CVSSv3
CVE-2014-4997
lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
Point-cli Project Point-cli 0.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »