CWE-176
12 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-176page 1 of 1
- CVE-2017-20190NONECVSS 0.0EG 0.02024-03-27
Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiple Unicode combining characters, aka a "Zalgo text" attack. NOTE: third parties dispute whether th…
- CVE-2020-8929MEDIUMCVSS 5.3EG 5.32020-10-19
A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the sam…
- CVE-2022-29812LOWCVSS 2.3EG 2.32022-04-28
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient
- CVE-2023-31169MEDIUMCVSS 4.8EG 4.82023-08-31
An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator…
- CVE-2023-39213CRITICALCVSS 9.6EG 9.62023-08-08
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.
- CVE-2023-41889MEDIUMCVSS 5.3EG 5.32023-09-15
SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The U…
- CVE-2023-52081MEDIUMCVSS 5.3EG 5.32023-12-28
ffcss is a CLI interface to apply and configure Firefox CSS themes. Prior to 0.2.0, the function `lookupPreprocess()` is meant to apply some transformations to a string by disabling characters in the regex `[-_ .]`. However, due to the use…
- CVE-2024-24691CRITICALCVSS 9.6EG 9.62024-02-14
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
- CVE-2024-43093HIGHCVSS 7.3EG 7.8⚠ KEV2024-11-13
In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of pri…
- CVE-2024-47611MEDIUMCVSS 6.3EG 0.02024-10-02
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows (MinGW-w64 or MSVC), the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerabili…
- CVE-2024-8067MEDIUMCVSS 5.8EG 9.42024-09-25
In versions of Helix Core prior to 2024.1 Patch 2 (2024.1/2655224) a Windows ANSI API Unicode "best fit" argument injection was identified.
- CVE-2026-44288MEDIUMCVSS 5.3EG 5.32026-05-13
protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted overlong UTF-8 byte sequences and decoded them to their canonical characters inste…
Map vulnerabilities like CWE-176 to your infrastructure
EchelonGraph correlates every CVE — across CWE-176 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →