CVE-2026-25480 FileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD)

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization and ord substitution without separators, creating key collisions. When FileStore is used as response-cache backend, an unauthenticated remo...

PT-2026-3529

Name of the Vulnerable Software and Affected Versions node-tar versions up to and including 7.5.3 Description node-tar, a Tar for Node.js, contains a race condition due to incomplete handling of Unicode path collisions within the path-reservations system. This issue occurs on case-insensitive or...

CVE-2024-45412 Yeti affected by a Potential Denial of Service due to the One Milion Unicode characters attack

Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial o...

PT-2024-31615 · Yeti · Yeti

Name of the Vulnerable Software and Affected Versions: Yeti versions prior to 2.1.11 Description: The issue concerns a denial of service vulnerability. Remote user-controlled data tags can lead to Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in...

CVE-2024-32874

In Frigate, CVE-2024-32874, an application-level DoS can occur when uploading or handling filenames with very long Unicode names due to unbounded filename length and costly Unicode normalization (NFKD) inside secure_filename(). Affected: Frigate releases before 0.13.2. Impact: potential web-app h...

Python 2.7.x < 2.7.17, 3.5.x < 3.5.8, 3.6.x < 3.6.9, 3.7.x < 3.7.4 Information Disclosure Vulnerability (bpo-36742) - Windows

Python is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

Moderate: Red Hat Security Advisory: rh-python36-python security, bug fix, and enhancement update

An update for rh-python36-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

python27:2.7 bug fix update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Bug Fixes:...

python3 bug fix update

An update is available for python3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Bug Fixes: urlsplit doesn't accept a NFKD hostname with a port number BZ17147...