The two #curl CVEs we publish today are both rated medium and affect QUIC connections when curl is built to use wolfSSL
Hiroki Kurosawa reported both and he is rewarded 2540 USD for each from the curl bug-bounty.
With these two, the total bug-bounty payout from #curl now exceeds 90,000 USD over the last few years.
https://curl.se/docs/bugbounty.html
(thanks to IBB for sponsoring our bug-bounty program!)