CWE-176
22 CVEs classified under CWE-176. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-71316 | Critical | 9.8 | 2026-06-04 | SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the… |
CVE-2024-24691 | Critical | 9.6 | 2024-02-14 | Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user t… |
CVE-2023-39213 | Critical | 9.6 | 2023-08-08 | Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an… |
CVE-2026-23950 | High | 8.8 | 2026-01-20 | node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path col… |
CVE-2026-7040 | High | 7.5 | 2026-04-27 | Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandl… |
CVE-2026-4116 | High | 7.2 | 2026-04-09 | Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP… |
CVE-2026-20202 | Medium | 6.6 | 2026-04-15 | In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2… |
CVE-2026-4114 | Medium | 6.6 | 2026-04-09 | Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication. |
CVE-2026-25480 | Medium | 6.5 | 2026-02-09 | Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization… |
CVE-2026-44288 | Medium | 5.3 | 2026-05-13 | protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted ov… |
CVE-2025-59547 | Medium | 5.3 | 2025-09-23 | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the CKEditor file upload… |
CVE-2023-52081 | Medium | 5.3 | 2023-12-28 | ffcss is a CLI interface to apply and configure Firefox CSS themes. Prior to 0.2.0, the function `lookupPreprocess()` is meant to apply some transformations to… |
CVE-2023-41889 | Medium | 5.3 | 2023-09-15 | SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical v… |
CVE-2020-8929 | Medium | 5.3 | 2020-10-19 | A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext… |
CVE-2023-31169 | Medium | 4.8 | 2023-08-31 | An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attack… |
CVE-2026-35375 | Low | 3.3 | 2026-04-22 | A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The impl… |
CVE-2026-35373 | Low | 3.3 | 2026-04-22 | A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory f… |
CVE-2026-35346 | Low | 3.3 | 2026-04-22 | The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from_utf8… |
CVE-2022-29812 | Low | 2.3 | 2022-04-28 | In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient |
CVE-2006-10002 | | 2026-03-19 | XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes. A :ut… |