REPORTS
PROGRAMS
PUBLISHERS
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'curl'
disclosed a bug submitted by
b'p4p3r_hak'
b'wcurl treats some URL operands after -- as curl options'
06 May 2026
b'PortSwigger Web Security'
disclosed a bug submitted by
b'bereza4321'
b'Out of scope: Improper Input Validation Order on /api-internal/login via password field leads to unnecessary resource consumption'
05 May 2026
b'curl'
disclosed a bug submitted by
b'ravindrasl2026'
b'Potential Resource Leak in tool_parsecfg.c at line 279 during fileerror'
05 May 2026
b'curl'
disclosed a bug submitted by
b'codexxxx'
b'libcurl 8.20.0 incomplete fix for CVE-2026-7168: changing only CURLOPT_PROXYPORT leaks stale Proxy Digest auth to a different proxy'
05 May 2026
b'curl'
disclosed a bug submitted by
b'orelbn7'
b'MQTT CONNACK Packet Type Bypass leads to RCE via Malicious Broker'
05 May 2026
b'Nextcloud'
disclosed a bug submitted by
b'khoof'
b'Improper input validation On Exported deep-link handler crashes `FileDisplayActivity` on crafted external URL Denial-of-Service'
01 May 2026
b'PlayStation'
disclosed a bug submitted by
b'slidybat'
b'Double fdrop on a socket through sys_netcontrol'
01 May 2026
b'curl'
disclosed a bug submitted by
b'fxv_ray_st'
b'MQTT state machine confusion: PINGRESP/DISCONNECT with non-zero remaining_length dispatches to stale nextstate'
29 Apr 2026
b'curl'
disclosed a bug submitted by
b'nadsec42'
b'Use-After-Free in SMB connection reuse (req->path dangling pointer after needle destruction)'
29 Apr 2026
b'curl'
disclosed a bug submitted by
b'anonymous_237'
b'Negotiate connection reuse with wrong credentials when using CURLAUTH_ANY '
29 Apr 2026
b'curl'
disclosed a bug submitted by
b'sdainard'
b'Negotiate Authentication Premature on Connection Reuse'
29 Apr 2026
b'curl'
disclosed a bug submitted by
b'xkilua'
b'CVE-2026-7168: cross-proxy Digest auth state leak'
29 Apr 2026
b'curl'
disclosed a bug submitted by
b'3lcarry'
b'CVE-2026-7009: OCSP stapling bypass with Apple SecTrust'
29 Apr 2026
b'curl'
disclosed a bug submitted by
b'joesephdiver'
b'CVE-2026-6253: proxy credentials leak over redirect-to proxy'
29 Apr 2026
b'curl'
disclosed a bug submitted by
b'quaccws'
b'CVE-2026-5545: wrong reuse of HTTP Negotiate connection'
29 Apr 2026
b'curl'
disclosed a bug submitted by
b'arkss'
b'CVE-2026-6276: stale custom cookie host causes cookie leak'
29 Apr 2026
b'curl'
disclosed a bug submitted by
b'nobcoderr'
b'CVE-2026-6429: netrc credential leak with reused proxy connection'
29 Apr 2026
b'curl'
disclosed a bug submitted by
b'bonaire'
b'CVE-2026-4873: connection reuse ignores TLS requirement'
29 Apr 2026
b'curl'
disclosed a bug submitted by
b'osama-hamad'
b'CVE-2026-5773: wrong reuse of SMB connection'
29 Apr 2026
b'curl'
disclosed a bug submitted by
b'm1llie'
b'Use-after-free in `curl_easy_ssls_export()` during callback re-entrancy'
29 Apr 2026
1
...
8
9
10
11
12
...
769
BY DENIS WERNER - @NOBBD -
IMPRESSUM