## Summary: A logic error involving an integer overflow (specifically, an unsigned integer underflow) exists in the lib/mqtt.c file within the mqtt...
Summary A heap-based out-of-bounds read vulnerability exists in libcurl's HTTP/2 implementation. The on_header callback in lib/http2.c incorrectly ...
curl allows carriage return `(\r)` and line feed `(\n)` characters inside HTTP header **values**. When attacker-controlled data is used in a header...
Vulnerability: State Isolation Failure in Multiplexed Connections (Shared Auth Context) Product: libcurl Affected Versions: v7.43.0 - Current (v8.x...
### Summary A stack-based buffer overflow exists in `mprintf.c` within the `out_double()` function. This vulnerability affects builds where `HAVE_S...
curl's `file://` protocol handler inconsistently applies path sanitization. in reject `file://../` as Bad File:// URL" but allows the same travers...
Curl's MQTT implementation accepts any valid Remaining Length advertised by the server without an explicit upper bound (beyond the MQTT spec maximu...
## Summary I found a bug where curl's Alt-Svc implementation fails to strip sensitive authentication headers (Authorization and Cookies) when remap...
## Summary During my manual review of the file path handling logic in curl's source code, I noticed the absence of proper validation for directory ...
## Summary A structural logic flaw in the `libcurl` `Alt-Svc` header parser allows attack attributes (specifically `persist` and `max-age`) to "lea...
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.
