151 matches found
`unic-normal` is unmaintained
All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icunormalizer - unicode-normalization...
RUSTSEC-2025-0082 `unic-normal` is unmaintained
All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icunormalizer - unicode-normalization...
`unic-ucd-hangul` is unmaintained
All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icunormalizer - unicode-normalization...
RUSTSEC-2025-0079 `unic-ucd-hangul` is unmaintained
All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icunormalizer - unicode-normalization...
EUVD-2024-41464
Malicious code in bioql PyPI...
EUVD-2023-3316
Malicious code in bioql PyPI...
EUVD-2024-1840
Malicious code in bioql PyPI...
EUVD-2024-40034
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-34078
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC...
Linux Distros Unpatched Vulnerability : CVE-2021-37712
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The npm package tar aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability...
Exploit for CVE-2025-52488
DNN Unicode Path Normalization NTLM Hash Disclosure Exploit C...
CVE-2024-45412
Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial o...
CVE-2024-43093
In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User...
CVE-2023-41889
SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface...
CVE-2023-42183
lockss-daemon aka Classic LOCKSS Daemon before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick...
[SECURITY] Fedora 41 Update: rust-icu_normalizer-1.5.0-2.fc41
API for normalizing text into Unicode Normalization Forms...
[SECURITY] Fedora 40 Update: rust-icu_normalizer-1.5.0-2.fc40
API for normalizing text into Unicode Normalization Forms...
Denial Of Service (DoS)
Django is vulnerable to Denial of Service DoS. The vulnerability is due to inefficient Unicode normalization due to slow NFKC normalization on Windows, which allows attackers to send specially crafted inputs with a large number of Unicode characters to exhaust server resources...
Cross-site Scripting (XSS)
Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper handling ...
Cross-site Scripting (XSS)
Overview wikimedia/parsoid is a bidirectional parser between wikitext and HTML5. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper handling of Unicode normalization in the Action API. An attacker can manipulate script processing by injecting malicious...