SAEL: Leveraging Large Language Models with Adaptive Mixture-Of-Experts for Smart Contract Vulnerability Detection

With the increasing security issues in blockchain, smart contract vulnerability detection has become a research focus. Existing vulnerability detection methods have their limitations: 1 Static analysis methods struggle with complex scenarios. 2 Methods based on specialized pre-trained models...

Exploit for CVE-2025-52488

DNN Unicode Path Normalization NTLM Hash Disclosure Exploit C...

DNN Unicode Path Normalization NTLM Hash Disclosure

This exploit targets a vulnerability in DNN formerly DotNetNuke versions 6.0.0 to before 10.0.1 that allows attackers to disclose NTLM hashes through Unicode path normalization attacks...

Efficient Private Inference Based on Helper-Assisted Malicious Security Dishonest Majority MPC

Private inference based on Secure Multi-Party Computation MPC addresses data privacy risks in Machine Learning as a Service MLaaS. However, existing MPC-based private inference frameworks focuses on semi-honest or honest majority models, whose threat models are overly idealistic, while malicious...

OSV-2025-466 Security exception in java.base/java.lang.AbstractStringBuilder.<init>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=424617284 Crash type: Security exception Crash state: java.base/java.lang.AbstractStringBuilder. java.base/java.lang.StringBuilder. com.ctc.wstx.util.StringUtil.normalizeSpaces...

Debian dla-4197 : python3-flask-cors - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4197 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4197-1 [email protected]...

CVE-2024-45412

Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial o...

CVE-2024-43093

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2023-41889

SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface...

CVE-2023-42183

lockss-daemon aka Classic LOCKSS Daemon before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick...

CVE-2021-31155

Failure to normalize the umask in please before 0.4 allows a local attacker to gain full root privileges if they are allowed to execute at least one command...

CVE-2021-29548

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

OESA-2025-1453 raptor2 security update

Raptor is Redland's RDF parser toolkit, which provides a set of independent RDF parsers to generate triples from RDF / XML or N-Triples. Security Fixes: In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in...

[SECURITY] Fedora 41 Update: rust-icu_normalizer-1.5.0-2.fc41

API for normalizing text into Unicode Normalization Forms...

[SECURITY] Fedora 40 Update: rust-icu_normalizer-1.5.0-2.fc40

API for normalizing text into Unicode Normalization Forms...

[SECURITY] Fedora 42 Update: rust-icu_normalizer-1.5.0-2.fc42

API for normalizing text into Unicode Normalization Forms...

Denial Of Service (DoS)

Django is vulnerable to Denial of Service DoS. The vulnerability is due to inefficient Unicode normalization due to slow NFKC normalization on Windows, which allows attackers to send specially crafted inputs with a large number of Unicode characters to exhaust server resources...

Cross-site Scripting (XSS)

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper handling ...

Cross-site Scripting (XSS)

Overview wikimedia/parsoid is a bidirectional parser between wikitext and HTML5. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper handling of Unicode normalization in the Action API. An attacker can manipulate script processing by injecting malicious...

CVE-2025-32699 Potential javascript injection attack enabled by Unicode normalization in Action API

Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2...