CWE-134

High likelihood

Use of Externally-Controlled Format String

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

379 vulnerabilities with CWE-134
CVE-2025-48388 MEDIUM
FreeScout <1.8.178 - Code Injection
CVSS 6.5
CVE-2025-24359 HIGH
ASTEVAL <1.0.6 - Code Injection
CVSS 8.4
CVE-2024-45324 HIGH
FortiOS <6.4.15 - Memory Corruption
CVSS 7.2
CVE-2024-55156 MEDIUM
Java SDK for CloudEvents <4.0.1 - XSS
CVSS 5.5
CVE-2024-12805 HIGH
SonicOS - Memory Corruption
CVSS 7.2
CVE-2024-50403 HIGH
Qnap Qts - Format String Vulnerability
CVSS 7.2
CVE-2024-50402 HIGH
Qnap Qts - Format String Vulnerability
CVSS 7.2
CVE-2024-42330 CRITICAL
Zabbix < 5.4.6 - Format String Vulnerability
CVSS 9.1
CVE-2024-50401 HIGH
Qnap Qts - Format String Vulnerability
CVSS 7.2
CVE-2024-50400 HIGH
Qnap Qts - Format String Vulnerability
CVSS 7.2
CVE-2024-50399 HIGH
Qnap Qts - Format String Vulnerability
CVSS 7.2
CVE-2024-50398 HIGH
Qnap Qts - Format String Vulnerability
CVSS 7.2
CVE-2024-50397 HIGH
Qnap Qts - Format String Vulnerability
CVSS 8.8
CVE-2024-50396 HIGH
Qnap Qts - Format String Vulnerability
CVSS 8.8
CVE-2024-9129 CRITICAL
Zend Server <9.2 - Format String Injection
CVE-2024-45330 HIGH
Fortinet FortiAnalyzer <7.4.3/<7.2.5 - Privilege Escalation
CVSS 7.2
CVE-2024-39529 HIGH
Juniper Junos < 21.4 - Format String Vulnerability
CVSS 7.5
CVE-2024-4641 MEDIUM
Moxa Oncell G3470a-lte-us-t Firmware - Format String Vulnerability
CVSS 6.3
CVE-2024-6145 HIGH
Actiontec WCB6200Q - RCE
CVSS 8.8
CVE-2024-35845 CRITICAL
Linux Kernel < 5.10.214 - Format String Vulnerability
CVSS 9.1
CVE-2024-23914 MEDIUM
Merge DICOM Toolkit - Buffer Overflow
CVSS 5.7
CVE-2024-31837 HIGH
DMitry 1.3a - Format String
CVSS 8.4
CVE-2024-23113 CRITICAL KEV
Fortinet Fortiproxy < 7.0.14 - Format String Vulnerability
CVSS 9.8
CVE-2023-53966 CRITICAL
SOUND4 LinkAndShare Transmitter 1.1.2 - Memory Corruption
CVSS 9.8
CVE-2023-40721 MEDIUM
Fortinet - Code Injection
CVSS 6.7
Details
Vulnerabilities 379
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits