Latest CVE Feed
-
8.6
HIGHCVE-2024-2398
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the ... Read more
Affected Products : fedora curl active_iq_unified_manager ontap_select_deploy_administration_utility macos h300s_firmware h500s_firmware h700s_firmware h410s_firmware bootstrap_os +12 more products- Published: Mar. 27, 2024
- Modified: Jul. 30, 2025
-
6.5
MEDIUMCVE-2024-2466
libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, ther... Read more
Affected Products : curl macos h300s_firmware h500s_firmware h700s_firmware h410s_firmware bootstrap_os hci_compute_node h300s h410s +2 more products- Published: Mar. 27, 2024
- Modified: Jul. 30, 2025
-
6.5
MEDIUMCVE-2024-8096
When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If th... Read more
Affected Products : debian_linux curl active_iq_unified_manager ontap_select_deploy_administration_utility h300s_firmware h500s_firmware h700s_firmware h410s_firmware bootstrap_os hci_compute_node +5 more products- Published: Sep. 11, 2024
- Modified: Jul. 30, 2025
-
3.5
LOWCVE-2024-2004
When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.s... Read more
Affected Products : fedora curl ontap_select_deploy_administration_utility macos h300s_firmware h500s_firmware h700s_firmware h410s_firmware bootstrap_os hci_compute_node +5 more products- Published: Mar. 27, 2024
- Modified: Jul. 30, 2025
-
6.3
MEDIUMCVE-2024-2379
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certi... Read more
Affected Products : curl active_iq_unified_manager ontap_select_deploy_administration_utility macos h300s_firmware h500s_firmware h700s_firmware h410s_firmware bootstrap_os h615c_firmware +10 more products- Published: Mar. 27, 2024
- Modified: Jul. 30, 2025
-
3.4
LOWCVE-2025-0167
When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default... Read more
- Published: Feb. 05, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Information Disclosure
-
4.8
MEDIUMCVE-2025-5025
libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, f... Read more
Affected Products : curl- Published: May. 28, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-5399
Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the ... Read more
Affected Products : curl- Published: Jun. 07, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-0665
libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.... Read more
Affected Products : curl h410c_firmware h300s_firmware h500s_firmware h700s_firmware h410s_firmware bootstrap_os hci_compute_node h300s h410s +3 more products- Published: Feb. 05, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Memory Corruption
-
6.2
MEDIUMCVE-2025-31181
A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash.... Read more
- Published: Mar. 27, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Memory Corruption
-
6.2
MEDIUMCVE-2025-31180
A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash.... Read more
- Published: Mar. 27, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Denial of Service
-
6.2
MEDIUMCVE-2025-31179
A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.... Read more
- Published: Mar. 27, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Memory Corruption
-
6.2
MEDIUMCVE-2025-31178
A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash.... Read more
- Published: Mar. 27, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Memory Corruption
-
6.2
MEDIUMCVE-2025-31176
A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash.... Read more
- Published: Mar. 27, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2024-9858
There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" com... Read more
Affected Products : migrate_to_containers- Published: Oct. 16, 2024
- Modified: Jul. 30, 2025
-
7.2
HIGHCVE-2023-0669
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.... Read more
Affected Products : goanywhere_managed_file_transfer- Actively Exploited
- Published: Feb. 06, 2023
- Modified: Jul. 30, 2025
-
3.3
LOWCVE-2023-26083
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Dri... Read more
- Actively Exploited
- Published: Apr. 06, 2023
- Modified: Jul. 30, 2025
-
8.8
HIGHCVE-2023-35674
In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ... Read more
Affected Products : android- Actively Exploited
- Published: Sep. 11, 2023
- Modified: Jul. 30, 2025
-
8.6
HIGHCVE-2024-20353
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, result... Read more
- Actively Exploited
- Published: Apr. 24, 2024
- Modified: Jul. 30, 2025
-
6.0
MEDIUMCVE-2024-20359
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticat... Read more
- Actively Exploited
- Published: Apr. 24, 2024
- Modified: Jul. 30, 2025