5375 matches found
CVE-2026-25673 Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...
CVE-2026-25673
Django is affected in multiple supported branches: 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. The issue arises in URLField.to_python(), where urllib.parse.urlsplit() performs NFKC normalization on Windows, causing excessive processing time for certain Unicode characters and enabl...
CVE-2026-25673
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...
PT-2026-22741
Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.2 Django versions 5.2 through 5.2.11 Django versions 4.2 through 4.2.28 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier Description The URLField.to python...
Interpretation Conflict
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Interpretation Conflict via the platform or deviceFamily metadata fields. An attacker can expand node command availability beyond intended defaults by supplying Unicode-confusable values...
GHSA-392F-GGF5-FP3C OpenClaw: Unicode canonicalization drift in node metadata policy classification could broaden node allowlists
Summary A paired node could supply Unicode-confusable platform or deviceFamily metadata that passed metadata pinning but classified differently for command policy resolution, broadening default node command allowlists. Impact This is a policy-bypass issue within the paired-node trust boundary and...
OpenClaw: Unicode canonicalization drift in node metadata policy classification could broaden node allowlists
Summary A paired node could supply Unicode-confusable platform or deviceFamily metadata that passed metadata pinning but classified differently for command policy resolution, broadening default node command allowlists. Impact This is a policy-bypass issue within the paired-node trust boundary and...
GHSA-HW26-MMPG-FQFG lxml-html-clean has CSS @import Filter Bypass via Unicode Escapes
Summary The hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters, allowing external CSS loading or XSS in older browsers. Details The root cause is located in clean.py around...
Improper Encoding or Escaping of Output
Overview lxml-html-clean is a HTML cleaner from lxml project Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the hassneakyjavascript function. An attacker can cause external CSS to be loaded or execute scripts in certain browsers by injecting special...
lxml-html-clean has CSS @import Filter Bypass via Unicode Escapes
Summary The hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters, allowing external CSS loading or XSS in older browsers. Details The root cause is located in clean.py around...
CVE-2025-48567
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2025-48567
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2025-48567
CVE-2025-48567 involves a bypass of a file path filter intended to restrict access to sensitive directories, caused by incorrect Unicode normalization. This can enable local escalation of privilege; exploitation requires user interaction. The CVE is referenced across multiple sources (NVD, Red Ha...
CVE-2025-48567
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
EUVD-2025-208198
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2025-48567
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2025-48567
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
Google Android 安全漏洞
Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from incorrect Unicode normalization in multiple locations. These vulnerabilities may bypass the file path filters designed to prevent access...
ASB-A-377888957
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
...