CVE-2025-53014

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processi...

CVE-2025-53014

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processi...

CVE-2019-7230

The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...

The vulnerability of the server of the Zabbix universal monitoring system allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Zabbix universal monitoring system relates to the use of uncontrolled format strings in processing HttpRequest objects. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

GHSA-3WWR-3G9F-9GC7 ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape

Summary If an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. Details The vulnerability is rooted in how asteval performs handling of FormattedValue AST nodes. In...

ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape

Summary If an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. Details The vulnerability is rooted in how asteval performs handling of FormattedValue AST nodes. In...

CVE-2025-24359 ASTEVAL Vulnerable to Maliciously Crafted Format Strings Leading to Sandbox Escape

ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is...

CVE-2025-24359

CVE-2025-24359 affects the Python package asteval prior to 1.0.6. The root cause is in the handling of FormattedValue AST nodes in on_formattedvalue, which uses the dangerous Str.format path (fmt.format(fstring =val)). This can allow an attacker who controls input to bypass restrictions and execu...

The vulnerability of the Packet Forwarding Engine (PFE) module in Juniper Networks’ Junos OS on SRX Series devices allows a hacker to cause a service failure.

The vulnerability of the Packet Forwarding Engine PFE module in Juniper Networks’ Junos OS on SRX Series devices is related to the use of uncontrolled format strings. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the HTTP-server of the microprogrammed Wi-Fi range extension software from Actiontec, the WCB6200Q, allows a hacker to execute arbitrary code.

The vulnerability of the HTTP-server of the microprogrammed Wi-Fi range extension software Actiontec WCB6200Q is related to the use of uncontrolled format strings in processing HTTP request headers. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the microprogrammed software in the industrial cellular LTE modem OnCell G3470A-LTE arises from the use of uncontrolled format strings when processing binary files. This allows a hacker to trigger a service failure.

The vulnerability of the microprogrammed software in the industrial cellular LTE modem OnCell G3470A-LTE is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

PT-2024-4557 · Moxa · Oncell G3470A-Lte Series

Name of the Vulnerable Software and Affected Versions: OnCell G3470A-LTE Series firmware versions v1.7.7 and prior Description: The issue is related to the use of uncontrolled format strings, which can be exploited by a remote attacker to cause a denial of service. An attacker could modify an...

CVE-2024-29510

A flaw in Ghostscript has been identified where the uniprint device allows users to pass various string fragments as device options. These strings, particularly upWriteComponentCommands and upYMoveCommand, are treated as format strings for gpfprintf and gssnprintf. This lack of restriction permit...

PT-2024-3560 · Fortinet · Fortiproxy +3

Name of the Vulnerable Software and Affected Versions: FortiProxy versions 1.1.0 through 1.2.13 FortiProxy versions 2.0.0 through 2.0.13 FortiProxy versions 7.0.0 through 7.2.5 FortiPAM versions 1.0.0 through 1.1.0 FortiOS versions 6.2.0 through 7.4.0 FortiSwitchManager versions 7.0.0 through 7.2...

The vulnerability of the Device Insight function in microprogrammed software for ZyXEL network devices, such as USG FLEX, USG FLEX 50(W)/USG20(W)-VPN, USG FLEX H, and ATP, allows a intruder to cause service interruptions.

The vulnerability of the Device Insight function in the microprogramming software for ZyXEL network devices, such as USG FLEX, USG FLEX 50W/USG20W-VPN, USG FLEX H, and ATP, is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a malicious actor to cause...

FreeBSD : p5-Spreadsheet-ParseExcel -- Remote Code Execution Vulnerability (cb22a9a6-c907-11ee-8d1c-40b034429ecf)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cb22a9a6-c907-11ee-8d1c-40b034429ecf advisory. - Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files...

The vulnerability of the fgfmd daemon in the FortiOS operating system allows a hacker to execute arbitrary code.

The vulnerability of the fgfmd daemon in the FortiOS operating system is related to the use of uncontrolled format strings when processing binary files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted requests remotely...

Amazon Linux AMI : perl-Spreadsheet-ParseExcel (ALAS-2024-1905)

The version of perl-Spreadsheet-ParseExcel installed on the remote host is prior to 0.5900-5.3. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1905 advisory. Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel i...

Spreadsheet::ParseExcel Remote Code Execution Vulnerability

Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic...

p5-Spreadsheet-ParseExcel -- Remote Code Execution Vulnerability

Spreadsheet-ParseExcel reports: Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type eval "eval". Specifically, the...