683 matches found
EUVD-2026-25022
ln: rejects non-UTF-8 source filenames in target-directory mode...
EUVD-2026-24978
comm: lossy UTF-8 conversion silently corrupts non-UTF-8 output...
CVE-2026-14650
A flaw was found in Grass. A local attacker could exploit a vulnerability in the UTF-8 Character Handler, specifically within the grasscompiler::rawtoparseerror function, by executing a manipulation. This could lead to a denial of service, making the system or application unavailable to legitimat...
CVE-2026-14650 connorskees grass UTF-8 Character raw_to_parse_error denial of service
A flaw has been found in connorskees grass up to 0.13.4. The affected element is the function grasscompiler::rawtoparseerror of the component UTF-8 Character Handler. Executing a manipulation can lead to denial of service. The attack is restricted to local execution. The exploit has been publishe...
CVE-2026-14650
Technical details about CVE-2026-14650 are not publicly available in the provided documents. Monitor for updates.
EUVD-2026-41694
A flaw has been found in connorskees grass up to 0.13.4. The affected element is the function grasscompiler::rawtoparseerror of the component UTF-8 Character Handler. Executing a manipulation can lead to denial of service. The attack is restricted to local execution. The exploit has been publishe...
PT-2026-55729
Name of the Vulnerable Software and Affected Versions connorskees grass versions prior to 0.13.5 Description A flaw in the UTF-8 Character Handler component allows local execution of a manipulation that can lead to a denial of service. The issue resides in the grass compiler::raw to parse error...
CVE-2026-57455
A memory corruption flaw in Vim allows an attacker to cause a Denial of Service DoS. When a SOFO-based spell language is active, providing an excessively long word to the spell checker triggers a stack out-of-bounds write in the spellsoundfoldsofo function, causing the editor to crash. Mitigation...
EUVD-2026-40314
A flaw was found in GLib. A buffer over-read can occur in the gregexreplace function when used with the GREGEXRAW compile flag and case-change replacement escapes because the stringappend function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the stri...
EUVD-2026-38891
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: terminate the cached volume label after UTF-8 conversion ntfsfillsuper loads the on-disk volume label with utf16stoutf8s and stores the result in sbi-volume.label. The converted label is later exposed through...
CVE-2026-53023
CVE-2026-53023 affects Linux kernel ntfs3: ntfs_fill_super() converts the on-disk volume label from UTF-16 to UTF-8 and stores it in sbi->volume.label, but utf16s_to_utf8s() does not append a NUL terminator. If the converted label fills the fixed buffer, ntfs3_label_show() could read past the ...
PT-2026-51917
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the NTFS3 file system where the ntfs fill super function loads the on-disk volume label using utf16s to utf8s and stores it in sbi-volume.label. Because utf16s to utf8...
UBUNTU-CVE-2026-54911
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different...
CVE-2026-54911 UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different...
FreeBSD : nginx -- multiple vulnerabilities (46b654f8-6b28-11f1-b8e5-3497f65b111b)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 46b654f8-6b28-11f1-b8e5-3497f65b111b advisory. The nginx developers report: A heap memory buffer overflow vulnerability when using the...
SUSE SLES12 Security Update : perl-XML-LibXML (SUSE-SU-2026:2402-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2402-1 advisory. This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing...
FreeBSD : nginx -- multiple vulnerabilities (08b0c0f6-6a85-11f1-b8e5-3497f65b111b)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 08b0c0f6-6a85-11f1-b8e5-3497f65b111b advisory. The nginx developers report: A use-after-free vulnerability when using HTTP/3 and processing a...
GHSA-3J69-69WJ-XQX2 UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()
Summary ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different Unicode characters instead of rejecting them. This leads to input validation bypass and data integrity...
Astra Linux – Vulnerability in musl
Musl libc versions 0.9.13 through 1.2.5 before 1.2.6 have a out-of-bounds write vulnerability, which means that an attacker can trigger the iconv conversion of untrusted EUC-KR text to UTF-8...
Astra Linux – Vulnerability in libsoup2.4
GNOME libsoup before version 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in the soupheaderparseparamliststrict function. There is a plausible way to exploit this vulnerability remotely through the soupmessageheadersgetcontenttype function for example, an...