hackerone - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.7	H1:3680038	curl: Digest Auth State Leak on Cross-Origin Redirect via Netrc – Username and Password Hash Sent to Wrong Host_H1:3680038 ## Summary When curl follows an HTTP redirect from hostA to hostB using `--netrc --digest -L`, Digest authentication state (nonce, realm) from hos...	N/A	N/A	Apr 17, 2026	HACKERONE
HIGH 7.5	H1:3680680	curl: libcurl omits IPv6 zoneid from host identity and leaks credentials/cookies across scoped link-local realms_H1:3680680 ## Summary: libcurl omits the IPv6 zoneid component from multiple security-sensitive host identity decisions even though the connection layer still...	N/A	N/A	Apr 17, 2026	HACKERONE
NONE	H1:3680234	curl: libcurl reuses a learned RTSP Session header across different hosts on the same easy handle, enabling cross-host session leak and replay_H1:3680234 ## Summary: libcurl automatically learns RTSP `Session:` headers from server responses and stores them in `data->set.str[STRING_RTSP_SESSION_ID]` i...	N/A	N/A	Apr 17, 2026	HACKERONE
NONE	H1:3674275	curl: lib/http2.c: SSL connections accept non-HTTP push schemes (incomplete fix for 2e8c922a)_H1:3674275 ## Summary: `set_transfer_url()` in `lib/http2.c` validates the `:scheme` pseudo-header of PUSH_PROMISE frames only when `!via_ssl_conn` — a guard ...	N/A	N/A	Apr 15, 2026	HACKERONE
NONE	H1:3669305	curl: Argument Injection via curl Short-Flag Grouping_H1:3669305 This report details how the curl -os command facilitates an Argument Injection vulnerability in applications that wrap the curl command-line tool. ...	N/A	N/A	Apr 13, 2026	HACKERONE
NONE	H1:3658049	curl: libcurl: Integer truncation in curl_easy_ssls_import() causes TLS sessions to never expire_H1:3658049 ## Summary: `curl_easy_ssls_import()` deserializes a TLS session blob and stores it in the in-memory session cache. In `Curl_ssl_session_unpack()` ...	N/A	N/A	Apr 8, 2026	HACKERONE
LOW 3.3	H1:3665363	curl: Integer Overflow/Signedness Mismatch in Printf Precision for HTTP/2 Trailer Headers_H1:3665363 # BUG IN https://raw.githubusercontent.com/curl/curl/07a9b89fedaec60bdbc254f23f66149b31d2f8da/lib/http2.c ```c if(stream->bodystarted) { /* T...	N/A	N/A	Apr 11, 2026	HACKERONE
NONE	H1:3523953	curl: wcurl Argument Injection via Unquoted Variable_H1:3523953 when i was code auditing curl i stumbled uppon a vulnerablity that was on wcurl affected version:current step 1: open terminal step 2:run pocs be...	N/A	N/A	Jan 25, 2026	HACKERONE
NONE	H1:3523349	curl: Integer Underflow in src/var.c_H1:3523349 # Summary: A potential Integer Underflow vulnerability was identified in the `setvariable` function within `src/var.c`. the flaw occurs during th...	N/A	N/A	Jan 25, 2026	HACKERONE
NONE	H1:3516878	curl: Cross‑origin cookies leak and injection risk when using a custom Host header_H1:3516878 ## Summary When a custom hostname is specified, it is used for cookie matching if the cookie engine is also enabled for this transfer. This matchi...	N/A	N/A	Jan 19, 2026	HACKERONE