CVE-2025-12414 Looker account compromise via punycode homograph attack

An attacker could take over a Looker account in a Looker instance configured with OIDC authentication, due to email address string normalization.Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted. Self-hosted instances must be upgrad...

Google Looker 安全漏洞

Google Looker is an intelligent business platform from Google USA. A security vulnerability exists in Google Looker that stems from improper normalization of email address strings, which could lead to account takeover...

PT-2025-47566

An attacker could take over a Looker account in a Looker instance configured with OIDC authentication, due to email address string normalization.Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted. Self-hosted instances must be upgrad...

TencentOS Server 3: raptor2 (TSSA-2025:0041)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0041 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Directory Traversal

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Directory Traversal via a mismatch in path normalization between routing and middleware validation. An attacker can access protected...

GHSA-GGXQ-HP9W-J794 Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values

A mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI to determine which route to render, while the middleware uses context.url.pathname without applying the...

CVE-2025-64765

Astro is a web framework. Prior to version 5.15.8, a mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI to determine which route to render, while the...

CVE-2025-64765 Astro middleware authentication checks based on url.pathname can be bypassed via url encoded values

Astro is a web framework. Prior to version 5.15.8, a mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI to determine which route to render, while the...

CVE-2025-64765 Astro middleware authentication checks based on url.pathname can be bypassed via url encoded values

Astro is a web framework. Prior to version 5.15.8, a mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI to determine which route to render, while the...

CVE-2025-64765 Astro middleware authentication checks based on url.pathname can be bypassed via url encoded values

Astro is a web framework. Prior to version 5.15.8, a mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI to determine which route to render, while the...

PT-2025-47489

Name of the Vulnerable Software and Affected Versions Astro versions prior to 5.15.8 Description Astro versions prior to 5.15.8 contain a path normalization discrepancy between how the framework routes requests and how middleware validates them. Astro uses decodeURI to determine the route, while...

Denial Of Service (DoS)

Django is vulnerable to a Denial Of Service DoS. The vulnerability is due to slow NFKC Unicode normalization on Windows in redirect-related functions, which allows an attacker to supply inputs with a very large number of Unicode characters to exhaust server resources and cause a denial of service...

OESA-2025-2680 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence,...

OESA-2025-2679 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence,...

OESA-2025-2677 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence,...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2019-9636)

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are:...

EUVD-2025-50825

OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation...

OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation

Impact All deployments of OAuth2 Proxy in front of applications that normalize underscores to dashes in HTTP headers e.g., WSGI-based frameworks such as Django, Flask, FastAPI, and PHP applications. Authenticated users can inject underscore variants of X-Forwarded- headers that bypass the proxy’s...

CVE-2025-64484

A header-smuggling vulnerability was found in OAuth2-Proxy’s handling of HTTP headers containing underscores such as XForwardedFor. The proxy failed to properly normalize these header names, which could allow crafted requests to bypass header validation or filtering. When OAuth2-Proxy is deployed...

BIT-OAUTH2-PROXY-2025-64484 OAuth2-Proxy vulnerable to header smuggling via underscore, leading to potential privilege escalation

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions prior to 7.13.0, all deployments of OAuth2 Proxy in front of applications that normalize underscores to dashe...