hackerone - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	H1:3516974	curl: SSL options ISSUERCERT, EC_CURVES and CRLFILE silently ignored by non-OpenSSL backends_H1:3516974 ## Summary: The SSL options ISSUERCERT, EC_CURVES and CRLFILE are silently ignored for e.g. the mbedTLS backend, which allows MITM attacks for the ...	N/A	N/A	Jan 19, 2026	HACKERONE
NONE	H1:3516186	curl: Cookie Max-Age Integer Overflow Vulnerability_H1:3516186 ## Summary: The cookie parsing code in `lib/cookie.c` contains an integer overflow vulnerability when processing the `Max-Age` attribute of HTTP co...	N/A	N/A	Jan 19, 2026	HACKERONE
NONE	H1:3516202	curl: Cookie Replacement Use-After-Free Vulnerability_H1:3516202 ## Summary: The cookie replacement logic in `lib/cookie.c` contains a use-after-free vulnerability in the `replace_existing()` function. The functi...	N/A	N/A	Jan 19, 2026	HACKERONE
MEDIUM 5.7	H1:3514263	curl: libcurl: Improper Authentication State Management on Cross-Protocol Redirects_H1:3514263 Following the recent advisory for CVE-2025-14524, I conducted an investigation into how libcurl manages OAuth2 credentials during complex redir...	N/A	N/A	Jan 17, 2026	HACKERONE
NONE	H1:3509396	curl: IMAP Protocol Desynchronization and Response Smuggling via Naive Literal Parsing_H1:3509396 `libcurl` incorrectly parses IMAP literals (`{size}`) even when they are embedded within quoted strings (e.g., email subjects or headers). This beh...	N/A	N/A	Jan 13, 2026	HACKERONE
NONE	H1:3508785	curl: Gopher Protocol Command Injection (SSRF Smuggling)_H1:3508785 ## Summary The `curl` Gopher protocol handler is vulnerable to command injection through URL-encoded CRLF sequences in the path. This allows an att...	N/A	N/A	Jan 13, 2026	HACKERONE
NONE	H1:3508799	curl: Digest Authentication Header Injection_H1:3508799 ## Summary The Digest authentication implementation in `libcurl` fails to properly escape the `uri` parameter in the `Authorization` header. While ...	N/A	N/A	Jan 13, 2026	HACKERONE
NONE	H1:3509437	curl: Directory listing vulnerability is disclosing names and emails, widespread (thousands of records, publicly accessible without auth)_H1:3509437 ## Summary: [directory listing vulnerability is disclosing names and emails and so many other sensitive information, that significantly increases t...	N/A	N/A	Jan 13, 2026	HACKERONE
NONE	H1:3508701	curl: Use-After-Free in curl_easy_nextheader when reusing header handle across requests_H1:3508701 ). The API returns struct curl_header objects that internally reference libcurl-owned linked list nodes. When a new request is performed on the sam...	N/A	N/A	Jan 13, 2026	HACKERONE
NONE	H1:3508854	curl: MQTT: unsigned integer underflow bypasses MAX_MQTT_MESSAGE_SIZE check_H1:3508854 ## Summary An unsigned integer underflow exists in libcurl's MQTT publish path. Due to incorrect arithmetic ordering in the size validation logic, ...	N/A	N/A	Jan 13, 2026	HACKERONE