Lucene search
K

160 matches found

Snyk
Snyk
added 5 days ago5 views

Improper Handling of Unicode Encoding

Overview Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the process that applies exclusion directives from MANIFEST.in due to improper Unicode normalization handling on macOS APFS or HFS+ filesystems. An attacker can cause unintended files to be...

6.9CVSS6.1AI score0.00269EPSS
Exploits1References2
NVD
NVD
added 5 days ago9 views

CVE-2026-59890

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS0.00269EPSS
Exploits1References3
CVE
CVE
added 5 days ago9 views

CVE-2026-59890

Setuptools vulnerability CVE-2026-59890 affects the setuptools sdist packaging logic. Prior to 83.0.0, FileList exclusions (MANIFEST.in exclude, global-exclude, recursive-exclude, prune) were matched against on-disk file names without Unicode normalization, so an NFD filename on macOS APFS/HFS+ c...

6.1CVSS6AI score0.00269EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS0.00269EPSS
Exploits1References3
OSV
OSV
added 2026/06/29 11:50 a.m.4 views

PYSEC-2026-342 Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service

Important: Exploiting this vulnerability requires the attacker to have access to your Frigate instance, which means they could also just delete all of your recordings or perform any other action. If you have configured authentication in front of Frigate via a reverse proxy, then this vulnerabilit...

9.3CVSS5.8AI score0.00767EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/23 5:22 p.m.41 views

CVE-2026-49401 Deno Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done...

7.3CVSS0.00144EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 5:22 p.m.14 views

CVE-2026-49401

CVE-2026-49401 describes a permission bypass in Deno on macOS APFS prior to v2.7.14. The denial checks for --deny-read/--deny-write/--deny-run/--deny-ffi were performed at the raw-byte level, but APFS considers different Unicode spellings of the same name as the same file. This allowed a process ...

8.4CVSS6AI score0.00144EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/16 7:11 p.m.6 views

GHSA-8XPQ-CJCF-3WH9 Deno: Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)

Summary Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done at the raw-byte level while the APFS filesystem treats different...

5.2CVSS5.8AI score0.00144EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/16 7:11 p.m.9 views

Deno: Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)

Summary Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done at the raw-byte level while the APFS filesystem treats different...

8.4CVSS5.8AI score0.00144EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/05 1:4 p.m.8 views

BIT-PYTHON-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize()

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

6.3CVSS5.4AI score0.00492EPSS
Exploits0References10
OSV
OSV
added 2026/06/05 12:56 p.m.9 views

BIT-LIBPYTHON-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize()

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

6.3CVSS5.4AI score0.00492EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/03 9:23 p.m.13 views

CVE-2026-3276

A flaw was found in the unicodedata.normalize function in Python. This vulnerability allows a remote attacker to cause excessive CPU consumption by providing specially crafted Unicode input. Successful exploitation can lead to a Denial of Service DoS on the affected system. Mitigation Mitigation...

6.3CVSS5.7AI score0.00492EPSS
Exploits0References6
NVD
NVD
added 2026/06/03 4:16 p.m.21 views

CVE-2026-3276

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

6.3CVSS0.00492EPSS
Exploits0References9
OSV
OSV
added 2026/06/03 4:16 p.m.11 views

UBUNTU-CVE-2026-3276

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

6.3CVSS5.2AI score0.00492EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/03 2:29 p.m.8 views

CVE-2026-3276

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

6.3CVSS5.8AI score0.00492EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/03 2:29 p.m.11 views

EUVD-2026-34103

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

6.3CVSS5.8AI score0.00492EPSS
Exploits0References3
OSV
OSV
added 2026/06/03 2:29 p.m.14 views

PSF-2026-25

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

6.3CVSS5.8AI score0.00492EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/03 2:29 p.m.9 views

Unchecked Input for Loop Condition

Overview Affected versions of this package are vulnerable to Unchecked Input for Loop Condition via the unicodedata.normalize function. An attacker can cause excessive CPU consumption by submitting specially crafted Unicode input, potentially leading to service disruption. Remediation A fix was...

6.9CVSS5.5AI score0.00492EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/03 2:29 p.m.9 views

CVE-2026-3276

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

6.3CVSS5.8AI score0.00492EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.18 views

PT-2026-45951

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The unicodedata.normalize function can consume excessive CPU time when processing specially crafted Unicode input. This occurs when the input contains long sequences of combining characters wi...

9.1CVSS5.4AI score0.02602EPSS
Exploits1References57
Rows per page
Query Builder