Universal forwarder

This hub aggregates every CVE we track for Universal forwarder, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Universal forwarder.

• CVE-2025-20298Incorrect permission assignment on Universal Forwarder for Windows during new installation or upgrade8.0Jun 2, 2025
• CVE-2023-32712Unauthenticated Log Injection in Splunk Enterprise8.6Jun 1, 2023
• CVE-2023-27533A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during ser...8.8Mar 30, 2023
• CVE-2023-27538An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have ...5.5Mar 30, 2023
• CVE-2023-27536An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to c...5.9Mar 30, 2023
• CVE-2023-27534A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its in...8.8Mar 30, 2023
• CVE-2023-27535An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created c...5.9Mar 30, 2023
• CVE-2023-27537A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate thread...5.9Mar 30, 2023
• CVE-2023-23916An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed mu...6.5Feb 23, 2023
• CVE-2023-23915A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using...6.5Feb 23, 2023
• CVE-2023-23914A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, c...9.1Feb 23, 2023
• CVE-2022-43552A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel oper...5.9Feb 9, 2023
• CVE-2022-43551A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure cle...7.5Dec 23, 2022
• CVE-2022-32221When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same h...9.8Dec 5, 2022
• CVE-2022-35260curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-ba...6.5Dec 5, 2022