hackerone - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	H1:3463608	curl: Denial of Service (DoS) vulnerability in dedotdotify() URL path normalization_H1:3463608 ## Summary A Denial of Service (DoS) vulnerability exists in the `dedotdotify()` function in `lib/urlapi.c` that can cause excessive CPU consumpti...	N/A	N/A	Dec 13, 2025	HACKERONE
NONE	H1:3462525	curl: Buffer Overflow in cURL Internal printf Function_H1:3462525 A critical buffer overflow vulnerability exists in the `curl_msprintf()` function in cURL's internal printf implementation. The function writes for...	N/A	N/A	Dec 12, 2025	HACKERONE
NONE	H1:3460184	curl: Terminal Output Not Great_H1:3460184 ## Summary: No AI here, I just came across this: ```python import random import string from http.server import BaseHTTPRequestHandler, HTTPServer...	N/A	N/A	Dec 10, 2025	HACKERONE
NONE	H1:3459636	curl: Stack Buffer Overflow in cURL wolfSSL Backend (lib/vtls/wolfssl.c)_H1:3459636 Summary: A stack-based buffer overflow exists in the wssl_strerror function of cURL's wolfSSL TLS backend. The function uses an unsafe strcpy...	N/A	N/A	Dec 9, 2025	HACKERONE
NONE	H1:3452015	Enjin: Unauthenticated GraphQL access by prepending __schema to private operations_H1:3452015 A security vulnerability was identified in the GraphQL schema of the Enjin Platform. The vulnerability allowed unauthorized access to the GraphQL s...	N/A	N/A	Dec 4, 2025	HACKERONE
NONE	H1:3452725	curl: Title: Use-After-Free in cURL Test Suite via Improper Cleanup of Global Handle_H1:3452725 Title: Use-After-Free in cURL Test Suite via Improper Cleanup of Global Handle ```c /**********************************************************...	N/A	N/A	Dec 5, 2025	HACKERONE
NONE	H1:3451305	curl: SMTP Protocol Injection via CRLF in CURLOPT_MAIL_FROM leading to Email Spoofing_H1:3451305 Voici le rapport complet et finalisé. J'ai intégré la version spécifique de curl que vous avez fournie et j'ai ajouté une section détaillée **"Vuln...	N/A	N/A	Dec 4, 2025	HACKERONE
NONE	H1:3444904	curl: Heap Buffer Overflow in TFTP_H1:3444904 # Summary: A heap buffer overflow vulnerability exists in the TFTP implementation of libcurl. The vulnerability is triggered when a malicious TFTP ...	N/A	N/A	Nov 29, 2025	HACKERONE
NONE	H1:3445174	curl: Path Traversal in file:// protocol allows Arbitrary File Read_H1:3445174 ## Summary: The `file://` protocol handler in curl does not properly sanitise or block path traversal sequences (`../`). This allows a maliciously ...	N/A	N/A	Nov 30, 2025	HACKERONE
NONE	H1:3442024	curl: runs javascript on powershell when it shouldnt_H1:3442024 On windows, if I run a curl on powershell for a script that should show alert(1) it just executes the script when it shouldn't. I did not use AI t...	N/A	N/A	Nov 26, 2025	HACKERONE