Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,528
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,801 - 1,820 of 40,198 CVEs
CVE-2026-47898 CRITICAL - 9.8

Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net (Lucene.Net.Analysis.Common library). This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes...

Vendor: Apache Software Foundation
Product: Apache Lucene.Net
Published: Jul 03, 2026
Source: NVD
CVE-2026-47897 HIGH - 7.5

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.Net.Replicator library). This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8...

Vendor: Apache Software Foundation
Product: Apache Lucene.Net
Published: Jul 03, 2026
Source: NVD
CVE-2026-14544 CRITICAL - 9.8

A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling ...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Published: Jul 03, 2026
Source: NVD
CVE-2026-9547 HIGH - 7.4

When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded f...

Vendor: haxx
Product: curl
Published: Jul 03, 2026
Source: NVD
CVE-2026-9546 HIGH - 7.5

A vulnerability in libcurl caused the HTTP `Referer:` header to persist even when explicitly cleared. While the documentation states that passing NULL to `CURLOPT_REFERER` suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously r...

Vendor: haxx
Product: curl
Published: Jul 03, 2026
Source: NVD
CVE-2026-9545 HIGH - 7.5

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached ...

Vendor: haxx
Product: curl
Published: Jul 03, 2026
Source: NVD
CVE-2026-9080 HIGH - 7.3

Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION` callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed.

Vendor: haxx
Product: curl
Published: Jul 03, 2026
Source: NVD
CVE-2026-9079 CRITICAL - 9.8

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them.

Vendor: haxx
Product: curl
Published: Jul 03, 2026
Source: NVD
CVE-2026-8932 HIGH - 7.5

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS sett...

Vendor: haxx
Product: curl
Published: Jul 03, 2026
Source: NVD
CVE-2026-8927 CRITICAL - 9.1

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against `proxyA` using Digest auth, a subsequent transfer routed thro...

Vendor: haxx
Product: curl
Published: Jul 03, 2026
Source: NVD
CVE-2026-8926 CRITICAL - 9.1

When asking curl to use a `.netrc` file to find credentials and at the same time specifying a URL with a username(without a password), like `https://user@example.com/`, curl could wrongly get and use the password for *another* user set in the `.netrc` file for that host if such a one exists and ther...

Vendor: haxx
Product: curl
Published: Jul 03, 2026
Source: NVD
CVE-2026-8925 CRITICAL - 9.8

The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing the pointer in between, making it `free()` the same pointer twice.

Vendor: haxx
Product: curl
Published: Jul 03, 2026
Source: NVD
CVE-2026-8924 CRITICAL - 9.1

A flaw in curlโ€™s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains.

Vendor: haxx
Product: curl
Published: Jul 03, 2026
Source: NVD
CVE-2026-8458 MEDIUM - 6.5

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. ...

Vendor: haxx
Product: curl
Published: Jul 03, 2026
Source: NVD
CVE-2026-8286 HIGH - 8.1

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not.

Vendor: haxx
Product: curl
Published: Jul 03, 2026
Source: NVD
CVE-2026-4967 HIGH - 7.5

In IMS, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed.

Published: Jul 03, 2026
Source: NVD
CVE-2026-12064 HIGH - 7.5

When a user invokes curl using a schemeless URL combined with `--proto-default` sftp (or scp), a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like CURLOPT_SSH_HOS...

Vendor: curl
Product: curl
Published: Jul 03, 2026
Source: NVD
CVE-2026-11856 CRITICAL - 9.8

Successfully using libcurl to do a transfer to a specific HTTP origin (`hostA`) with **Digest** authentication and then changing the origin to a different one (`hostB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Authorization:` header field meant for `hostA`,...

Vendor: curl
Product: curl
Published: Jul 03, 2026
Source: NVD
CVE-2026-11586 HIGH - 7.5

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages.

Vendor: curl
Product: curl
Published: Jul 03, 2026
Source: NVD
CVE-2026-11564 CRITICAL - 9.1

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA mate...

Vendor: curl
Product: curl
Published: Jul 03, 2026
Source: NVD