5376 matches found
PT-2026-4919
Name of the Vulnerable Software and Affected Versions GLib affected versions not specified Description A flaw exists in GLib related to its Unicode case conversion implementation. An integer overflow can lead to memory corruption when processing specially crafted, large Unicode strings. This...
PT-2026-21775
Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.1 FrankenPHP versions prior to 1.11.2 Description Caddy and FrankenPHP are vulnerable to a path confusion issue due to incorrect handling of Unicode characters during case conversion in the FastCGI path splitting...
CVE-2025-11964
On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf16letoutf8truncated can write data beyond the end of the provided buffer...
PT-2025-54266
Name of the Vulnerable Software and Affected Versions libpcap affected versions not specified Description On Windows operating systems, a buffer overflow can occur when libpcap converts a Windows error message to UTF-8 if the message contains characters requiring 4 bytes in UTF-8 representation...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993111)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993111 advisory. In the Linux kernel, the following vulnerability has been resolved: tty: vt: initialize unicode screen buffer syzbot reports kernel infoleak at vcsread 1, for buffe...
EulerOS Virtualization 2.13.0 : python3 (EulerOS-SA-2025-2614)
According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the...
EulerOS Virtualization 2.13.1 : python3 (EulerOS-SA-2025-2628)
According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the...
GO-2025-4255 Mattermost fails to check Websocket request for proper UTF-8 format potentially crashing Calls plug-in in github.com/mattermost/mattermost-plugin-calls
Mattermost fails to check Websocket request for proper UTF-8 format potentially crashing Calls plug-in in github.com/mattermost/mattermost-plugin-calls...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992369)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992369 advisory. In the Linux kernel, the following vulnerability has been resolved: tty: vt: initialize unicode screen buffer syzbot reports kernel infoleak at vcsread 1, for buffe...
CMSimple Cross-Site Scripting Vulnerability
CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the application not effectively filtering or neutralizing HTML Unicode encoding when processing user input. An attacker could use this vulnerability to execute arbitrary...
CVE-2021-47733
CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like '-alert1// and execute arbitrary JavaScript when victims interact with delete buttons...
CVE-2021-47733
CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like '-alert1// and execute arbitrary JavaScript when victims interact with delete buttons...
CVE-2021-47733 CMSimple 5.4 Cross-Site Scripting via HTML Unicode Encoding
CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like '-alert1// and execute arbitrary JavaScript when victims interact with delete buttons...
CVE-2021-47733 CMSimple 5.4 Cross-Site Scripting via HTML Unicode Encoding
CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like '-alert1// and execute arbitrary JavaScript when victims interact with delete buttons...
CVE-2021-47733
CMSimple 5.4 is affected by a cross-site scripting vulnerability that bypasses input filtering by HTML Unicode encoding. The vulnerability arises because the application does not effectively neutralize HTML Unicode encoding when processing user input, enabling an attacker to inject arbitrary Java...
PT-2025-52833
Name of the Vulnerable Software and Affected Versions CMSimple version 5.4 Description The software contains a cross-site scripting issue that allows attackers to bypass input filtering. This is achieved by using HTML to Unicode encoding, enabling the injection of malicious scripts. Attackers can...
CMSimple 跨站脚本漏洞
CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the application not effectively filtering or neutralizing HTML Unicode encoding when processing user input. An attacker could use this vulnerability to execute arbitrary...
[SECURITY] Fedora 42 Update: python-unicodedata2-17.0.0-1.fc42
This module provides access to the Unicode Character Database UCD which defines character properties for all Unicode characters. The data contained in this database is compiled from the UCD version 13.0.0. The versions of this package match Unicode versions, so unicodedata2=3D=3D13. 0.0 is data...
[SECURITY] Fedora 43 Update: uriparser-1.0.0-1.fc43
Uriparser is a strictly RFC 3986 compliant URI parsing library written in C. uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license...
CVE-2025-14744
Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in Firefox for iOS 144.0...