Haxx Vulnerabilities
Comprehensive security vulnerability database for Haxx products
3
1
6
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2023-27533 | 8.8 | An attacker can exploit a vulnerability in curl to send malicious commands during TELNET communication, potentially allowing them to execute arbitrary code on the system. This can happen if an application using curl accepts user input without properly checking it, making it particularly risky for applications that rely on user-provided data. | haxxcurl | Exploit Available | almost 3 years agoMar 30, 2023 |
| CVE-2022-43551 | 7.5 | An attacker can trick curl into using an insecure HTTP connection instead of the intended secure HTTPS by manipulating the URL with special characters that confuse the software's security checks. This vulnerability occurs when the URL contains IDN characters that are converted to ASCII, allowing the attacker to bypass the HSTS protection that should enforce secure connections. | haxxcurl | Exploit Available | about 3 years agoDec 23, 2022 |
| CVE-2022-42916 | 7.5 | This vulnerability allows an attacker to trick curl into using an insecure HTTP connection instead of the intended secure HTTPS connection by manipulating the URL with special characters. This can happen when the URL includes international domain names that get converted to ASCII, making it possible for the attacker to bypass security checks designed to enforce HTTPS. | haxxcurl | Exploit Available | over 3 years agoOct 29, 2022 |
About Haxx Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Haxx products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.