TP-Link Tapo C110 格式化字符串错误漏洞

The TP-Link Tapo C110 is an indoor network camera produced by TP-Link Corporation. The TP-Link Tapo C110 v2 has a vulnerability related to formatted string handling. This vulnerability stems from improper processing of user control inputs in the ONVIF service. It is possible for authenticated...

Netatalk 格式化字符串错误漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.0.3 to 4.4.2 of Netatalk contain a vulnerability related to formatted string errors. This vulnerability arises from...

ZTE Cloud PC client uSmartView 格式化字符串错误漏洞

The ZTE Cloud PC client uSmartView is a cloud desktop remote access client software developed by ZTE Corporation. The ZTE Cloud PC client uSmartView has a vulnerability related to formatted strings. This vulnerability may lead to memory corruption and remote denial of service attacks...

Notepad++ 格式化字符串错误漏洞

Notepad++ is an open-source plain-text editor developed by Don Ho of Taiwan, China. Notepad++ has a vulnerability related to formatted string handling, which stems from string injection issues. This vulnerability may allow attackers to obtain memory address information or cause the application to...

CVE-2026-40087

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

Fortinet多款产品 格式化字符串错误漏洞

Fortinet FortiManager is a product of the American company Fortinet. Fortinet FortiManager is a centralized network security management platform. Fortinet FortiAnalyzer is a centralized network security reporting solution. Fortinet FortiManager Cloud is a cloud-based network management software...

EUVD-2021-2103

Malware in sbrugna...

Planet WGR-500 安全漏洞

The Planet WGR-500 is a WiFi router from Planet Corporation of Taiwan, China. A security vulnerability exists in the Planet WGR-500 v1.3411b190912 version, which stems from a formatted string vulnerability in the formPingCmd function, which could lead to memory corruption...

CVE-2021-36161

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13...

The vulnerability of the Jinja HTML templating engine’s compiler allows attackers to bypass the sandbox’s security mechanisms, execute arbitrary code or cause a service failure.

The vulnerability of the Jinja HTML templating engine compiler is related to its failure to properly handle special control elements during f-string processing. Exploiting this vulnerability allows an attacker to bypass the sandbox’s security mechanisms, execute arbitrary code, or cause service...

kernel: of: module: prevent NULL pointer dereference in vsnprintf()

A null pointer dereference vulnerability was found in vsnprintf when str and len parameters are passed to vsnprintf, which only allows passing a NULL ptr when the length is 0. This issue can result in a crash and damage to availability...

多款Fortinet产品 格式化字符串错误漏洞

Fortinet FortiOS and others are products of Fortinet, Inc.Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform.Fortinet FortiProxy is a Fortinet FortiPAM is a platform for privilege access control . Fortinet FortiProxy, FortiPAM, and FortiOS have a...

BIT-MLFLOW-2023-6568 Reflected XSS via Content-Type Header in mlflow/mlflow

A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...

Cross-site Scripting (XSS) in MLflow

A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...

CVE-2023-6568

A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that originates from a formatted string vulnerability in the distributed file system. An attacker coul...

Fortinet FortiWeb Formatting String Error Vulnerability

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A formatted string error vulnerability exist...

sslh 格式化字符串错误漏洞

sslh is an application protocol multiplexer by the individual developer Yves Rutschle. sslh suffers from a Formatted String Error vulnerability that stems from the manipulation of the parameter msginfo of the hexdump function of its Packet Dumping Handler component resulting in a formatted string...

Trendnet多种产品格式化字符串错误漏洞

The Trendnet TRENDnet TEW-755AP and others are a router from Trendnet. The TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 are vulnerable to a formatted string error vulnerability, which arises from a failure to strictly filter the type, number,...

Adiscon rsyslog zmq3 input and output module string vulnerability

Adiscon rsyslog is a multithreaded enhancement of syslogd from Adiscon Germany, which is mainly used to collect system logs. zmq3 input and output modules is one of the input and output modules. A security vulnerability exists in the zmq3 input and output module in versions of Adiscon rsyslog pri...