67 matches found
CVE-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize()
unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...
Astra Linux - уязвимость в python-django
A issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, as well as the AdminURLFieldWidget widget, are susceptible to a potential denial-of-service attack due to certain inputs containing a very large number of Unicode characters...
CVE-2026-32732
Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...
lean4monaco (>=1.1.0 <=1.1.7) potentially affected by CVE-2026-32732 via @leanprover/unicode-input-component (=0.1.9)
@leanprover/unicode-input-component NPM version =0.1.9 is affected by a known vulnerability. The following packages have a transitive dependency on @leanprover/unicode-input-component and may be impacted: - lean4monaco =1.1.0, =1.1.7 Source cves: CVE-2026-32732 Source advisory:...
EUVD-2026-12181
XSS in @leanprover/unicode-input-component...
XSS in @leanprover/unicode-input-component
Impact Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as unescaped HTML. Patches The issue has been resolved in 0.2.0. Workarounds Replace the...
CVE-2026-32732
Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...
Lean 4 VS Code Extension 安全漏洞
Lean 4 VS Code Extension is an open-source extension for VS Code. Versions of Lean 4 VS Code Extension 0.1.9 and earlier contain security vulnerabilities. These vulnerabilities stem from the @leanprover/unicode-input-component component reinserting text from input elements as unescaped HTML, whic...
CVE-2026-32732 XSS in @leanprover/unicode-input-component
Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...
CVE-2026-32732 XSS in @leanprover/unicode-input-component
Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...
CVE-2026-32732
Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...
CVE-2026-32732
CVE-2026-32732 describes an XSS issue in Lean 4 VS Code Extension caused by the @leanprover/unicode-input-component. The component re-inserted text into the input element as unescaped HTML, making versions 0.1.9 and earlier vulnerable. The issue affects projects using the affected component and c...
PT-2026-25402
Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...
CVE-2020-37126
Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler SEH registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and...
CVE-2020-37126 Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)
Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler SEH registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and...
CVE-2020-37126 Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)
Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler SEH registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and...
EUVD-2020-31022
Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler SEH registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and...
CVE-2020-37126
Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler SEH registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and...
PT-2026-6570
Name of the Vulnerable Software and Affected Versions Free Desktop Clock version 3.0 Description Free Desktop Clock 3.0 contains a stack overflow issue in the Time Zones display name input. This allows attackers to overwrite Structured Exception Handler SEH registers. Exploitation involves crafti...
USN-7972-1: OpenCC vulnerability
It was discovered that OpenCC incorrectly handled truncated UTF-8 input. An attacker could possibly use this issue to cause OpenCC to crash, resulting in a denial of service...