69 matches found
CVE-2025-6051 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the normalizenumbers method of the EnglishNormalizer class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises fro...
PT-2025-37422
Name of the Vulnerable Software and Affected Versions: Hugging Face Transformers versions up to 4.52.4 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the normalize numbers method of the EnglishNormalizer class. This issue arises from the method's handling of...
Regular expression Denial of Service - ReDoS
Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's CLVP number normalizer. The vulnerability exists in the normalizenumbers method of the EnglishNormalizer class, which converts numeric strings to their English wor...
python3.12-charset-normalizer bug fix and enhancement update
An update is available for python3.12-charset-normalizer. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, se...
python3.12-charset-normalizer bug fix and enhancement update
An update is available for python3.12-charset-normalizer. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, se...
[SECURITY] Fedora 41 Update: rust-icu_normalizer-1.5.0-2.fc41
API for normalizing text into Unicode Normalization Forms...
[SECURITY] Fedora 42 Update: rust-icu_normalizer-1.5.0-2.fc42
API for normalizing text into Unicode Normalization Forms...
GraphQL grant on a property might be cached with different objects
Original message: I found an issue with security grants on on properties in the GraphQL ItemNormalizer: If you use something like ApiPropertysecurity: 'isgranted"PROPERTYREAD", object, property' on a member of an entity, the grant gets cached and is only evaluated once, even if the object in...
OSV-2025-253 Security exception in org.apache.lucene.analysis.ckb.SoraniNormalizer.normalize
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=407477665 Crash type: Security exception Crash state: org.apache.lucene.analysis.ckb.SoraniNormalizer.normalize org.apache.lucene.analysis.ckb.SoraniNormalizationFilter.incrementToken...
CVE-2024-56084
An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject payloads while creating Universal Normalizer. These are executed, leading to Remote Code Execution...
Logpoint Universal Normalizer 安全漏洞
Logpoint Universal Normalizer is a universal normalizer from the Danish company Logpoint. A security vulnerability exists in Logpoint Universal Normalizer versions prior to 5.7.0. An attacker could exploit the vulnerability to remotely execute code...
CVE-2024-56084
CVE-2024-56084 affects Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject payloads during creation of Universal Normalizer; these payloads are executed, leading to Remote Code Execution (RCE). The issue is documented with CVSS 3.1 vector and a base score of 7.1 (HIGH). No e...
Malicious code in attribute-normalizer-extras (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-6719 Malicious code in attribute-normalizer-extras (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in arabic-normalizer (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-6669 Malicious code in arabic-normalizer (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Tenable Nessus Agent Metadata Normalizer
Binary data agentnormalizemetadata.nbin...
MAL-2023-8294 Malicious code in f0-normalizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59555a81498457e7dd566cb779db13702f1f1672fc7755c89cbb11a6c2d898b4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in f0-normalizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59555a81498457e7dd566cb779db13702f1f1672fc7755c89cbb11a6c2d898b4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
uint128 changeAmount might overflow
Lines of code Vulnerability details Impact This issue is an edge case, that uint128 changeAmount could overflow, making the protocol fail for certain amount of swap. Proof of Concept Let's break down the changeAmount: 1. amountOut/amountIn 2. BASE27 3. normalizer File:...