diff --git a/docs/CVE-2024-9681.md b/docs/CVE-2024-9681.md
index c47d71aecc..551646423a 100644
--- a/docs/CVE-2024-9681.md
+++ b/docs/CVE-2024-9681.md
@@ -42,7 +42,7 @@ was otherwise intended to *possibly* be protected.
 But:
 
 `example.com` as per above is deliberately setup for HSTS, and servers should
-probably expect that clients will try upgrading to HTTPS for a while outside
+probably expect that clients might try upgrading to HTTPS for a while outside
 of the time range set in its headers.
 
 The access that fails in this scenario tries to use plain HTTP to the domain.
@@ -56,8 +56,8 @@ ends up in now and then completely without involving curl issues and therefore
 needs to have logic for. An application can for example work around the
 situation by simply toggling off HSTS.
 
-This bug is **not** considered a *C mistake* (ie not likely to have been
-avoided had we not been using C).
+This bug is **not** considered a *C mistake* (not likely to have been avoided
+had we not been using C).
 
 This flaw also affects the curl command line tool.