EUVD-2025-208613

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

MiracleLinux 4 : python-2.6.6-68.0.1.AXS4 (AXSA:2019-3919:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3919:02 advisory. python: Information Disclosure due to urlsplit improper NFKC normalization CVE-2019-9636 Tenable has extracted the preceding description block directly from...

MiracleLinux 7 : httpd-2.4.6-90.0.1.el7.AXS7 (AXSA:2019-4324:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4324:03 advisory. httpd: modauthdigest: access control bypass due to race condition CVE-2019-0217 httpd: URL normalization inconsistency CVE-2019-0220 Tenable has...

EUVD-2020-0333

Malware in sbrugna...

EUVD-2021-1573

Malware in sbrugna...

Authentication Bypass

github.com/openbao/openbao is vulnerable to Authentication bypass. The vulnerability is due to improper normalization in the underlying TOTP library, which allows an attacker to bypass rate limiting by inserting whitespace and reuse existing MFA codes...

CVE-2024-43093

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

PT-2025-13822 · Zitadel · Zitadel

Name of the Vulnerable Software and Affected Versions: Zitadel versions prior to 2.71.6 Zitadel versions prior to 2.70.8 Zitadel versions prior to 2.69.9 Zitadel versions prior to 2.68.9 Zitadel versions prior to 2.67.13 Zitadel versions prior to 2.66.16 Zitadel versions prior to 2.65.7 Zitadel...

CVE-2025-30540

CVE-2025-30540 affects AvaiBook vacation rental booking engine (AvaiBook <= 1.2). It is described as a Stored XSS (Improper Neutralization of Input During Web Page Generation) in AvaiBook. The connected Wordfence report lists AvaiBook

UBUNTU-CVE-2023-45805

pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project f...

GHSA-JQH6-9574-5X22 MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`

Impact MITM can enable Zip-Slip. Vulnerability Vulnerability 1: Scanner.java There is no validation that the zip file being unpacked has entries that are not maliciously writing outside of the intended destination directory...

undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...

python: Information Disclosure due to urlsplit improper NFKC normalization

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...

SUSE-SU-2019:0878-1 Security update for apache2

This update for apache2 fixes the following issues: CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies...

Oracle Linux 7 : tomcat (ELSA-2017-2247)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2247 advisory. - Resolves: rhbz1459747 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism - Resolves: rhbz1441481 CVE-2017-5647 tomcat: Incorre...

tomcat security, bug fix, and enhancement update

0:7.0.69-10 - Related: rhbz1368122 0:7.0.69-9 - Resolves: rhbz1362213 Tomcat: CGI sets environmental variable based on user supplied Proxy request header - Resolves: rhbz1368122 0:7.0.69-7 - Resolves: rhbz1362545 0:7.0.69-6 - Related: rhbz1201409 Added /etc/sysconfig/tomcat to the systemd unit fo...