151 matches found
CVE-2026-25673
A flaw was found in Django. A remote attacker can exploit a vulnerability in the URLField.topython function, specifically when Django is running on the Windows platform. This function, which utilizes urllib.parse.urlsplit, performs a disproportionately slow normalization process for certain Unico...
CVE-2025-48567
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
SUSE CVE-2026-25673
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...
CVE-2026-25673
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...
CVE-2026-25673 Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...
CVE-2026-25673
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...
CVE-2026-25673
Django is affected in multiple supported branches: 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. The issue arises in URLField.to_python(), where urllib.parse.urlsplit() performs NFKC normalization on Windows, causing excessive processing time for certain Unicode characters and enabl...
CVE-2026-25673 Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...
CVE-2026-25673
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...
CVE-2025-48567
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2025-48567
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2025-48567
CVE-2025-48567 involves a bypass of a file path filter intended to restrict access to sensitive directories, caused by incorrect Unicode normalization. This can enable local escalation of privilege; exploitation requires user interaction. The CVE is referenced across multiple sources (NVD, Red Ha...
CVE-2025-48567
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2025-48567
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2025-48567
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
Google Android 安全漏洞
Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from incorrect Unicode normalization in multiple locations. These vulnerabilities may bypass the file path filters designed to prevent access...
ASB-A-377888957
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2026-25480
Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization and ord substitution without separators, creating key collisions. When FileStore is used as response-cache backend, an unauthenticated remo...
CVE-2026-25480 FileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD)
Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization and ord substitution without separators, creating key collisions. When FileStore is used as response-cache backend, an unauthenticated remo...
CVE-2026-25480 FileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD)
Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization and ord substitution without separators, creating key collisions. When FileStore is used as response-cache backend, an unauthenticated remo...