Hello. I have seen an issue where you can exploit any Unicode character except for spaces into your username. I have created a test account to showcase this.
Furthermore, if you share the same forum, the profile becomes unclickable. link to profile
The unicode usernames site setting is off by default and we recommend configuring the allowed unicode username characters site setting in order to prevent issues like these, so this isn’t a huge issue (see Unicode usernames and group names).
Still, I’ve created a fix which will always prevent the usage of invisible characters in usernames even for those who haven’t configured the allowlist.