EUVD-2026-34299

Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One U+0661, or non-digits, which were ignored. This could allow network masks to accept larger networks. Leading zeros were also...

CVE-2026-49940

Net::CIDR::Set for Perl is affected up to version 0.20. The issue arises because non-ASCII IP addresses and netmasks are accepted, with Unicode digits (e.g., Arabic-Indic One U+0661) not parsed as numbers, potentially allowing larger networks than intended. Several connected sources cite upgradin...

EUVD-2026-34297

Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One U+0661 were accepted but not properly parsed as numbers. This could allow network masks to accept larger networks...

CVE-2026-49940

Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One U+0661 were accepted but not properly parsed as numbers. This could allow network masks to accept larger networks...

CVE-2026-49940 Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks

Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One U+0661 were accepted but not properly parsed as numbers. This could allow network masks to accept larger networks...

SQLite sqldiff remote code execution via argument injection

RISK EVALUATION An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being misinterpreted as command line options. 2. RECOMMENDED PRACTICES Fixed on 2025-12-26. 3. DESCRIPTION SQLite 'sqldiff.exe'...

SUSE CVE-2026-3276

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

UBUNTU-CVE-2026-3276

unicodedata.normalize can take excessive CPU time when processing sp...

PT-2026-46268

Name of the Vulnerable Software and Affected Versions Net::CIDR::Set versions prior to 0.21 Description Net::CIDR::Set for Perl fails to properly validate network masks. The mask portion may contain non-digits or Unicode digits, such as the Arabic-Indic One U+0661, which are ignored, potentially...

PT-2026-46313

Name of the Vulnerable Software and Affected Versions SQLite sqldiff.exe versions prior to 2025-12-26 Description The sqldiff.exe utility does not securely handle the conversion of Unicode characters to ANSI codepages by the Microsoft Windows C runtime. An attacker can exploit this by using the...

CVE-2026-3276

A flaw was found in the unicodedata.normalize function in Python. This vulnerability allows a remote attacker to cause excessive CPU consumption by providing specially crafted Unicode input. Successful exploitation can lead to a Denial of Service DoS on the affected system. Mitigation Mitigation...

CVE-2026-3276

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

PSF-2026-25

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

EUVD-2026-34103

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

Unchecked Input for Loop Condition

Overview Affected versions of this package are vulnerable to Unchecked Input for Loop Condition via the unicodedata.normalize function. An attacker can cause excessive CPU consumption by submitting specially crafted Unicode input, potentially leading to service disruption. Remediation A fix was...

CVE-2026-3276

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

CVE-2026-3276

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

CVE-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize()

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

PT-2026-46266

Name of the Vulnerable Software and Affected Versions Net::CIDR::Set versions prior to 0.21 Description The software accepts non-ASCII IP addresses and netmasks. Unicode digits, such as the Arabic-Indic One U+0661, are accepted but not properly parsed as numbers, which could allow network masks t...

Linux Distros Unpatched Vulnerability : CVE-2026-3276

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating...