CVE-2025-12758

Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F, \uFE0E appearing in a sequence which lead to improper string length...

CVE-2025-12758

Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F, \uFE0E appearing in a sequence which lead to improper string length...

Validator.js 安全漏洞

Validator.js is a string validator open source by validatorjs A security vulnerability exists in Validator.js versions prior to 13.15.22, which stems from the isLength function not taking into account the Unicode variant selector, which could lead to improper string length calculation...

PT-2025-48236

Name of the Vulnerable Software and Affected Versions validator versions prior to 13.15.22 Description The package validator, in versions prior to 13.15.22, contains an issue related to incomplete filtering of special elements within the isLength function. Specifically, the function does not...

Malicious code in @ensdomains/unicode-confusables (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f25465205590fbceb2bb8ae1db02fd1e80f8d085af135427cd757a3b08a1da6 The package @ensdomains/unicode-confusables was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198797

Malicious code in @ensdomains/unicode-confusables npm...

MAL-2025-190740 Malicious code in @ensdomains/unicode-confusables (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f25465205590fbceb2bb8ae1db02fd1e80f8d085af135427cd757a3b08a1da6 The package @ensdomains/unicode-confusables was found to contain malicious code. Source: ghsa-malware...

Huawei EulerOS: Security Advisory for icu (EulerOS-SA-2025-2435)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (DoS)

Django is vulnerable to a Denial Of Service DoS. The vulnerability is due to slow NFKC Unicode normalization on Windows in redirect-related functions, which allows an attacker to supply inputs with a very large number of Unicode characters to exhaust server resources and cause a denial of service...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-50089)

unicode: problematic ignorable code points. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504642; scriptversion"1.2";...

OESA-2025-2678 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence,...

OESA-2025-2676 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence,...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2019-9636)

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are:...

Siemens SIMATIC S7-1500 Improper Encoding or Escaping of Output (CVE-2022-25235)

xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2019-12290)

GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2020-10531)

An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend function in common/unistr.cpp. This plugin only works with Tenable.ot. Please visit...

Huawei EulerOS: Security Advisory for icu (EulerOS-SA-2025-2360)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for icu (EulerOS-SA-2025-2388)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

BIT-DJANGO-2025-64458 Potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, django.http.HttpResponseRedirect, django.http.HttpResponsePermanentRedirect, and the shortcut django.shortcuts.redirect were subject to a...

GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs

Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code VS Code ecosystem. The extensions in question, which are still available for download, are listed...