CVE-2025-32699 Potential javascript injection attack enabled by Unicode normalization in Action API

Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2...

CVE-2025-32699 Potential javascript injection attack enabled by Unicode normalization in Action API

Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2...

CVE-2025-32699

CVE-2025-32699 affects Wikimedia Foundation MediaWiki and Parsoid. Affected: MediaWiki before 1.39.12, 1.42.6, 1.43.1; Parsoid before 0.16.5, 0.19.2, 0.20.2. Root cause: Unicode normalization enabling a potential JavaScript injection via Action API (i.e., abuse of the API to inject JS). Impacts: ...

PYSEC-2025-14

An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.setlanguage are subject to a potential denial-of-service attack v...

ASB-A-341680936

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2024-43093

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2024-43093

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2024-43093

CVE-2024-43093 affects the Android Framework component ExternalStorageProvider.java, where a bypass of a file-path filter can occur due to incorrect Unicode normalization. The root issue can allow local escalation of privilege without extra execution privileges, with exploitation requiring user i...

CVE-2024-43093

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2024-43093

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from the American company Google. Google Android suffers from a security vulnerability that stems from incorrect Unicode normalization. An attacker can exploit the vulnerability to elevate privileges...

CVE-2024-45412

Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial o...

CVE-2024-45412

Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial o...

CVE-2024-45412 Yeti affected by a Potential Denial of Service due to the One Milion Unicode characters attack

Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial o...

Yeti Platform 安全漏洞

Yeti Platform is a daily threat intelligence platform open-sourced by Yeti Platform. A security vulnerability exists in Yeti Platform versions prior to 2.1.11, which stems from a denial-of-service attack in which remote user-controlled data tags can be Unicode normalized via the compatibility for...

PT-2024-31615 · Yeti · Yeti

Name of the Vulnerable Software and Affected Versions: Yeti versions prior to 2.1.11 Description: The issue concerns a denial of service vulnerability. Remote user-controlled data tags can lead to Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in...

Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service

Important: Exploiting this vulnerability requires the attacker to have access to your Frigate instance, which means they could also just delete all of your recordings or perform any other action. If you have configured authentication in front of Frigate via a reverse proxy, then this vulnerabilit...

PT-2024-24930 · Frigate · Frigate

Name of the Vulnerable Software and Affected Versions: Frigate versions prior to 0.13.2 Description: The issue arises from the lack of limitation on the length of filenames and the costly use of Unicode normalization with the form NFKD under the hood of the secure filename function. This can lead...

CVE-2024-34078

html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...

UBUNTU-CVE-2024-34078

html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...