Liferay Portal - Open Redirect

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' U+FFFD, which allows remote...

CVE-2026-35375

A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...

CVE-2026-35346

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

CVE-2026-35375

A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...

CVE-2026-35375

CVE-2026-35375 concerns the uutils coreutils split utility, where a logic error causes output filenames to be corrupted when given non-UTF-8 prefixes/suffixes. The code uses to_string_lossy() to build chunk filenames, which rewrites invalid bytes as the UTF-8 replacement character (U+FFFD). Unlik...

CVE-2026-35346 uutils coreutils comm Silent Data Corruption via Lossy UTF-8 Normalization

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

CVE-2026-35346 uutils coreutils comm Silent Data Corruption via Lossy UTF-8 Normalization

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

CVE-2026-35346

The CVE-2026-35346 entry concerns the uutils coreutils comm implementation; it is affected by a flaw where the program uses String::from_utf8_lossy() and, as a result, applies lossy UTF-8 conversion to all output lines. This causes data corruption when comparing binary files or files with non-UTF...

PT-2026-34482

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from utf8 lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm,...

EUVD-2023-35749

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2024-25608

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' U+FFFD, which allows...

CVE-2023-31441

In NATO Communications and Information Agency anet aka Advisor Network through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modifi...

CVE-2023-31441

In NATO Communications and Information Agency anet aka Advisor Network through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modifi...

SUSE CVE-2010-1210

intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting XSS attacks via crafte...

Mozilla Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish

intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting XSS attacks via crafte...