151 matches found
BIT-PYTHON-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize()
unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...
BIT-LIBPYTHON-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize()
unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...
CVE-2026-3276
A flaw was found in the unicodedata.normalize function in Python. This vulnerability allows a remote attacker to cause excessive CPU consumption by providing specially crafted Unicode input. Successful exploitation can lead to a Denial of Service DoS on the affected system. Mitigation Mitigation...
CVE-2026-3276
unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...
UBUNTU-CVE-2026-3276
unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...
Unchecked Input for Loop Condition
Overview Affected versions of this package are vulnerable to Unchecked Input for Loop Condition via the unicodedata.normalize function. An attacker can cause excessive CPU consumption by submitting specially crafted Unicode input, potentially leading to service disruption. Remediation A fix was...
CVE-2026-3276
unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...
PSF-2026-25
unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...
CVE-2026-3276
unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...
EUVD-2026-34103
unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...
PT-2026-45951
Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The unicodedata.normalize function can consume excessive CPU time when processing specially crafted Unicode input. This occurs when the input contains long sequences of combining characters wi...
Exploit for Improper Authentication in Microsoft
CVE-2026-26128 !Examplehttps://github.com/jarnovandenbrink/...
Atlassian Jira Service Management 5.15.2 < 10.3.18 / 10.4.0 < 11.3.3 (JSDSERVER-16530)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16530 advisory. - node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3...
CVE-2026-35583
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the configuration API endpoint /api/configuration/name validated configuration names using a blacklist approach that checked for , /, .., and trailing .. This could potentially be bypassed using URL-encoded variants,...
Emissary has a Path Traversal via Blacklist Bypass in Configuration API
Summary The configuration API endpoint /api/configuration/name validated configuration names using a blacklist approach that checked for , /, .., and trailing .. This could potentially be bypassed using URL-encoded variants, double-encoding, or Unicode normalization to achieve path traversal and...
CVE-2026-35583
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the configuration API endpoint /api/configuration/name validated configuration names using a blacklist approach that checked for , /, .., and trailing .. This could potentially be bypassed using URL-encoded variants,...
CVE-2026-35583 Emissary has a Path Traversal via Blacklist Bypass in Configuration API
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the configuration API endpoint /api/configuration/name validated configuration names using a blacklist approach that checked for , /, .., and trailing .. This could potentially be bypassed using URL-encoded variants,...
CVE-2026-35583
Emissary (configuration API) vulnerability: A path traversal could be achieved in /api/configuration/{name} due to a blacklist-based validation that blocked , /, .., and trailing ... The check can be bypassed via URL-encoded variants, double-encoding, or Unicode normalization, allowing access to ...
Emissary 路径遍历漏洞
Emissary is a distributed P2P data-driven workflow framework developed by the National Security Agency. Versions of Emissary prior to 8.39.0 contained a path traversal vulnerability. This vulnerability stemmed from the use of a blacklist method to validate configuration names in the configuration...
BIT-DJANGO-2026-25673 Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...