CWE-134

High likelihood

Use of Externally-Controlled Format String

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

387 vulnerabilities with CWE-134
CVE-2025-52429 MEDIUM
QNAP QTS and QuTS hero - Use of Externally-Controlled Format String
CVSS 6.5
CVE-2025-48730 MEDIUM
QNAP QTS and QuTS hero - Use of Externally-Controlled Format String
CVSS 6.5
CVE-2025-36202 HIGH
IBM webMethods Integration 10.15 and 11.1 - Authenticated Command Execution via Format String Vulnerability
CVSS 7.5
CVE-2025-55298 HIGH
ImageMagick <6.9.13-28 & <7.1.2 - RCE
CVSS 7.5
CVE-2025-40600 CRITICAL
SonicOS 7.1.1-7040 to <7.3.0-7012 - Unauthenticated Denial of Service via Format String
CVSS 9.8
CVE-2025-46123 HIGH
Ruckus Unleashed <200.15.6.212.14 & ZoneDirector <10.5.1.0.279 - Authenticated RCE via Format String
CVSS 7.2
CVE-2025-46121 CRITICAL
Ruckus Unleashed < 200.15.6.212.14 and 200.17.7.0.139 - Unauthenticated Format String Injection via DHCP Hostname
CVSS 9.8
CVE-2025-22482 HIGH
Qsync Central 4.5.0.3-4.5.0.5 - Authenticated Use of Externally-Controlled Format String
CVSS 8.1
CVE-2025-48388 MEDIUM
FreeScout <1.8.178 - Code Injection
CVSS 6.5
CVE-2025-24359 HIGH
asteval < 1.0.6 - Remote Code Execution via FormattedValue AST Node Handling
CVSS 8.4
CVE-2024-45324 HIGH
FortiOS <6.4.15 - Memory Corruption
CVSS 7.2
CVE-2024-55156 MEDIUM
Java SDK for CloudEvents <4.0.1 - XSS
CVSS 5.5
CVE-2024-12805 HIGH
SonicOS < 6.5.4.15-117n, < 7.0.1-5161, < 7.1.2-7019, < 8.0.0-8035 - Authenticated Format String Vulnerability
CVSS 7.2
CVE-2024-50403 HIGH
QNAP QTS and QuTS hero - Use of Externally-Controlled Format String
CVSS 7.2
CVE-2024-50402 HIGH
QNAP QTS and QuTS hero - Use of Externally-Controlled Format String
CVSS 7.2
CVE-2024-42330 CRITICAL
Zabbix 5.0.0-5.4.6 - Use of Externally-Controlled Format String in HttpRequest
CVSS 9.1
CVE-2024-50401 HIGH
QNAP QTS and QuTS hero - Use of Externally-Controlled Format String
CVSS 7.2
CVE-2024-50400 HIGH
QNAP QTS and QuTS hero - Use of Externally-Controlled Format String
CVSS 7.2
CVE-2024-50399 HIGH
QNAP QTS and QuTS hero - Use of Externally-Controlled Format String
CVSS 7.2
CVE-2024-50398 HIGH
QNAP QTS and QuTS hero - Use of Externally-Controlled Format String
CVSS 7.2
CVE-2024-50397 HIGH
QNAP QTS and QuTS hero - Use of Externally-Controlled Format String
CVSS 8.8
CVE-2024-50396 HIGH
QNAP QTS and QuTS hero - Use of Externally-Controlled Format String
CVSS 8.8
CVE-2024-9129 CRITICAL
Zend Server <9.2 - Format String Injection
CVE-2024-45330 HIGH
Fortinet FortiAnalyzer <7.4.3/<7.2.5 - Privilege Escalation
CVSS 7.2
CVE-2024-39529 HIGH
Juniper Junos OS DoS via DNS DGA Detection
CVSS 7.5
Details
Vulnerabilities 387
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits