Known Vulnerabilities for products from Haxx
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Haxx".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-7168 json | Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and then cha... | Not Provided | 2026-05-13 | 2026-05-14 |
| CVE-2026-7009 json | When curl is told to use the Certificate Status Request TLS extension, often referred to as *OCSP stapling*, to verify that t... | Not Provided | 2026-05-13 | 2026-05-14 |
| CVE-2026-6429 json | When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for... | Not Provided | 2026-05-13 | 2026-05-14 |
| CVE-2026-6276 json | Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using ... | Not Provided | 2026-05-13 | 2026-05-14 |
| CVE-2026-6253 json | curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following condition... | Not Provided | 2026-05-13 | 2026-05-14 |
| CVE-2026-5773 json | libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent conne... | Not Provided | 2026-05-13 | 2026-05-13 |
| CVE-2026-5545 json | libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Nego... | Not Provided | 2026-05-13 | 2026-05-13 |
| CVE-2023-46219 json | When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests u... | Not Provided | 2023-12-12 | 2026-05-12 |
| CVE-2023-46218 json | This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what i... | Not Provided | 2023-12-07 | 2026-05-12 |
| CVE-2023-42915 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.8 - HIGH | 2024-01-23 | 2024-01-29 |
| CVE-2023-38546 json | This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of condit... | Not Provided | 2023-10-18 | 2026-05-12 |
| CVE-2023-38545 json | This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host n... | Not Provided | 2023-10-18 | 2026-05-12 |
| CVE-2023-38039 json | When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl heade... | 7.5 - HIGH | 2023-09-15 | 2024-04-01 |
| CVE-2023-32001 json | ** REJECT ** We issued this CVE pre-maturely, as we have subsequently realized that this issue points out a problem that ther... | Not Provided | 2023-07-26 | 2023-11-07 |
| CVE-2023-28322 json | An information disclosure vulnerability exists in curl | 3.7 - LOW
|
2023-05-26
|
2023-12-22
|
|
| CVE-2023-28321 json | An improper certificate validation vulnerability exists in curl | 5.9 - MEDIUM
|
2023-05-26
|
2023-11-07
|
|
| CVE-2023-28320 json | A denial of service vulnerability exists in curl | 5.9 - MEDIUM
|
2023-05-26
|
2023-10-20
|
|
| CVE-2023-28319 json | A use after free vulnerability exists in curl | 7.5 - HIGH
|
2023-05-26
|
2023-10-20
|
|
| CVE-2023-27538 json | An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connect... | 5.5 - MEDIUM | 2023-03-30 | 2024-03-27 |
| CVE-2023-27537 json | A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was intr... | 5.9 - MEDIUM | 2023-03-30 | 2024-03-27 |