Lucene search
K

5471 matches found

CVE
CVE
added yesterday21 views

CVE-2026-48760

Symfony HtmlSanitizer/UrlSanitizer::parse() had an underinclusive denial for BiDi formatting characters and Unicode whitespace, allowing percent-encoded BiDi marks to bypass the check. The issue affects UrlSanitizer::parse() behavior from Symfony 6.1.0 up to 6.4.41, 7.4.13, and 8.0.13, where raw ...

5.3CVSS6.1AI score0.00025EPSS
Exploits0References5
OSV
OSV
added yesterday4 views

BIT-SETUPTOOLS-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS6.1AI score0.0029EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 4 days ago8 views

CVE-2026-52761

A flaw was found in ModSecurity, an open-source web application firewall WAF. The t:utf8toUnicode transformation function, responsible for converting UTF-8 encoded characters to Unicode, generates incorrect output on i386 architectures. This vulnerability allows an attacker to bypass WAF rules,...

5.8CVSS6AI score0.00438EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 4 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-52761

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 through 3.0.15, the t:utf8toUnicode...

5.8CVSS5.9AI score0.00438EPSS
Exploits0References4
OSV
OSV
added 6 days ago1 views

ALPINE-CVE-2025-58146

There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try generating the notification using the unsanitised input. This causes the database's event thread to terminate and cease further processing. 2. XAPI's UTF-8 encoder implements v3.0 of the Unicode spec, but...

9.4CVSS6.1AI score0.00137EPSS
Exploits0References1
NVD
NVD
added 6 days ago9 views

CVE-2025-58146

There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try generating the notification using the unsanitised input. This causes the database's event thread to terminate and cease further processing. 2. XAPI's UTF-8 encoder implements v3.0 of the Unicode spec, but...

9.4CVSS0.00137EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago6 views

EUVD-2025-210446

There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try generating the notification using the unsanitised input. This causes the database's event thread to terminate and cease further processing. 2. XAPI's UTF-8 encoder implements v3.0 of the Unicode spec, but...

9.4CVSS5.9AI score0.00137EPSS
Exploits0References1
CVE
CVE
added 6 days ago36 views

CVE-2025-58146

CVE-2025-58146 affects Xen/XAPI: three issues in UTF-8 handling and input sanitisation of XAPI database. (1) Unsanitised input used for notifications can terminate the database event thread and stop processing. (2) UTF-8 encoder aligns with Unicode v3.0 while libraries use v3.1, allowing strings ...

9.4CVSS5.9AI score0.00137EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago33 views

CVE-2025-58146 XAPI UTF-8 string handling

There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try generating the notification using the unsanitised input. This causes the database's event thread to terminate and cease further processing. 2. XAPI's UTF-8 encoder implements v3.0 of the Unicode spec, but...

9.4CVSS0.00137EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 6 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-59890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in...

6.1CVSS6.1AI score0.0029EPSS
Exploits1References2
Snyk
Snyk
added last week5 views

Improper Handling of Unicode Encoding

Overview Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the process that applies exclusion directives from MANIFEST.in due to improper Unicode normalization handling on macOS APFS or HFS+ filesystems. An attacker can cause unintended files to be...

6.9CVSS6.1AI score0.0029EPSS
Exploits1References2
NVD
NVD
added last week9 views

CVE-2026-59890

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS0.0029EPSS
Exploits1References3
CVE
CVE
added last week17 views

CVE-2026-59890

Setuptools vulnerability CVE-2026-59890 affects the setuptools sdist packaging logic. Prior to 83.0.0, FileList exclusions (MANIFEST.in exclude, global-exclude, recursive-exclude, prune) were matched against on-disk file names without Unicode normalization, so an NFD filename on macOS APFS/HFS+ c...

6.1CVSS6AI score0.0029EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added last week35 views

CVE-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS0.0029EPSS
Exploits1References3
OSV
OSV
added last week4 views

CVE-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS6.1AI score0.0029EPSS
Exploits1References5
OSV
OSV
added last week2 views

CVE-2026-59887 linkify-it: Quadratic-complexity DoS via the `mailto:` validator scan-loop on attacker text

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test and .match can be invoked at every mailto: occurrence and scan the remaining input through srcemailname in lib/re.mjs, causing On^2 CPU consumption on crafted user text...

7.5CVSS6.1AI score0.00346EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added last week4 views

golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.6AI score0.00478EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.7 views

PT-2026-56503

Name of the Vulnerable Software and Affected Versions setuptools versions prior to 83.0.0 Description setuptools is a package used to download, build, install, upgrade, and uninstall Python packages. The FileList component fails to perform Unicode normalization when matching compiled glob pattern...

6.1CVSS6.1AI score0.0029EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.7 views

PT-2026-56502

Name of the Vulnerable Software and Affected Versions linkify-it versions prior to 5.0.2 Description The mailto: schema validator used by the .test and .match functions can be triggered at every occurrence of mailto: and scan the remaining input via src email name in lib/re.mjs. This behavior lea...

7.5CVSS5.9AI score0.00346EPSS
Exploits0References9
NVD
NVD
added 2026/07/07 9:17 p.m.7 views

CVE-2026-53751

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the H2 database JDBC URL validation logic can be bypassed with special Unicode characters whose case-conversion behavior differs between DataEase validation and H2 parsing, allowing attackers to smuggle dangerous...

8.7CVSS0.00375EPSS
Exploits0References3
Rows per page
Query Builder