CVE-2025-27556

MEDIUM Year: 2025
CVSS v3 Score
5.8
Medium
Weakness Type
CWE-770
View all →

Vulnerability Description

An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

Related Vulnerabilities

CVE-2024-56374

MEDIUM
CVSS:5.8(Medium)

An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a po...

CWE-7702024

CVE-2024-23826

MEDIUM
CVSS:5.7(Medium)

spbu_se_site is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a...

CWE-7702024

CVE-2017-12132

MEDIUM
CVSS:5.9(Medium)

The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path ...

CWE-7702017

CVE-2018-10237

MEDIUM
CVSS:5.9(Medium)

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize att...

CWE-7702018

CVE-2019-12940

MEDIUM
CVSS:5.9(Medium)

LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter.

CWE-7702019

CVE-2022-38153

MEDIUM
CVSS:5.9(Medium)

An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 ...

CWE-7702022