hackerone - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	H1:3773293	curl: curl/libcurl 8.20.0 NOPROXY bypass via uppercase-hex IPv4 aliases leaks off-proxy Basic credentials to the configured proxy_H1:3773293 ## Summary: curl/libcurl 8.20.0 fails to enforce `CURLOPT_NOPROXY`, `--noproxy`, and `NO_PROXY` consistently for uppercase-hex IPv4 aliases such as...	N/A	N/A	May 31, 2026	HACKERONE
MEDIUM 4.3	H1:3775183	PortSwigger Web Security: Incomplete fix for CVE-2022-35406: meta-redirect content-type check bypassable via parameter injection_H1:3775183 The fix for CVE-2022-35406 (#1541301) stops Burp from following a redirect when the response Content-Type/Content-Disposition would prevent HTML r...	N/A	N/A	Jun 1, 2026	HACKERONE
NONE	H1:3769293	curl: Low priority HSTS bypass in curl_easy_duphandle()_H1:3769293 ## Summary: curl_easy_duphandle() creates a fresh HSTS store for the cloned handle and populates it from the configured files and callbacks, but n...	N/A	N/A	May 29, 2026	HACKERONE
NONE	H1:3747959	curl: curl –skip-existing has a TOCTOU race that lets a post-check symlink redirect the later download write_H1:3747959 ## Summary: The curl CLI's `--skip-existing` option performs a separate existence check before the download body is written. In the verified path, ...	N/A	N/A	May 19, 2026	HACKERONE
NONE	H1:3723002	Liberapay: another liberapay member team twitter account broken Link Hijacking via Expired Twitter Account Link_H1:3723002 Hello again i discovered that there is another Liberapay profile of Liberapay team member at liberapay.com/mdvhimself contains a link to an expir...	N/A	N/A	May 9, 2026	HACKERONE
NONE	H1:3721519	Liberapay: Liberapay member team twitter account broken Link Hijacking via Expired Twitter Account Link_H1:3721519 The profile of a Liberapay team member contained a link to an expired Twitter account, creating a broken link hijacking vulnerability. The expired ...	N/A	N/A	May 8, 2026	HACKERONE
NONE	H1:3710209	curl: Potential Resource Leak in tool_parsecfg.c at line 279 during fileerror_H1:3710209 Summary: A resource leak was identified in src/tool_parsecfg.c using the Clang Static Analyzer. When a file error occurs (fileerror is true) during...	N/A	N/A	May 3, 2026	HACKERONE
NONE	H1:3712343	curl: MQTT CONNACK Packet Type Bypass leads to RCE via Malicious Broker_H1:3712343 ## Summary: `mqtt_verify_connack()` in `lib/mqtt.c` never checks that the received packet type is actually a CONNACK (`0x20`). The constant `MQTT_...	N/A	N/A	May 4, 2026	HACKERONE
NONE	H1:3702718	curl: MQTT state machine confusion: PINGRESP/DISCONNECT with non-zero remaining_length dispatches to stale nextstate_H1:3702718 ## Summary: In `lib/mqtt.c`, the state machine in `mqtt_doing` (lines 894-911 in curl 8.20.0) does not validate that PINGRESP (0xD0) and DISCONNEC...	N/A	N/A	Apr 29, 2026	HACKERONE
NONE	H1:3697719	curl: CVE-2026-7168: cross-proxy Digest auth state leak_H1:3697719 ## Summary: On libcurl 8.19.0, Proxy Digest state learned from proxyA survives an independent transfer boundary on a reused easy handle and is emit...	N/A	N/A	Apr 27, 2026	HACKERONE