CVEs classified under CWE-176, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2025-71316 — CVSS 9.8 (critical): SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An…
CVE-2024-24691 — CVSS 9.6 (critical): Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an…
CVE-2026-23950 — CVSS 8.8 (high): node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling…
CVE-2026-4116 — CVSS 7.2 (high): Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass…
CVE-2026-20202 — CVSS 6.6 (medium): In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6…
CVE-2026-4114 — CVSS 6.6 (medium): Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP…
CVE-2026-48618 — CVSS 6.5 (medium): A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication…
CVE-2026-25480 — CVSS 6.5 (medium): Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, FileStore maps cache keys to filenames using…
CVE-2024-8067: In versions of Helix Core prior to 2024.1 Patch 2 (2024.1/2655224) a Windows ANSI API Unicode "best fit" argument injection was identified.
CVE-2025-55129 — CVSS 5.4 (medium): HackerOne community member Kassem S.(kassem_s94) has reported that username handling in Revive Adserver was still vulnerable to…
CVE-2026-44288 — CVSS 5.3 (medium): protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8…
CVE-2025-59547 — CVSS 5.3 (medium): DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the…
CVE-2020-8929 — CVSS 5.3 (medium): A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID…
CVE-2026-35375 — CVSS 3.3 (low): A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or…
CVE-2026-35373 — CVSS 3.3 (low): A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when…
CVE-2026-35346 — CVSS 3.3 (low): The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation…
CVE-2022-29812 — CVSS 2.3 (low): In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient
CVE-2017-20190: Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of…