Netatalk 格式化字符串错误漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.0.3 to 4.4.2 of Netatalk contain a vulnerability related to formatted string errors. This vulnerability arises from...

ZTE Cloud PC client uSmartView 格式化字符串错误漏洞

The ZTE Cloud PC client uSmartView is a cloud desktop remote access client software developed by ZTE Corporation. The ZTE Cloud PC client uSmartView has a vulnerability related to formatted strings. This vulnerability may lead to memory corruption and remote denial of service attacks...

Notepad++ 格式化字符串错误漏洞

Notepad++ is an open-source plain-text editor developed by Don Ho of Taiwan, China. Notepad++ has a vulnerability related to formatted string handling, which stems from string injection issues. This vulnerability may allow attackers to obtain memory address information or cause the application to...

CVE-2026-40087

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

Fortinet多款产品 格式化字符串错误漏洞

Fortinet FortiManager is a product of the American company Fortinet. Fortinet FortiManager is a centralized network security management platform. Fortinet FortiAnalyzer is a centralized network security reporting solution. Fortinet FortiManager Cloud is a cloud-based network management software...

EUVD-2021-2103

Malware in sbrugna...

Planet WGR-500 安全漏洞

The Planet WGR-500 is a WiFi router from Planet Corporation of Taiwan, China. A security vulnerability exists in the Planet WGR-500 v1.3411b190912 version, which stems from a formatted string vulnerability in the formPingCmd function, which could lead to memory corruption...

CVE-2021-36161

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13...

kernel: of: module: prevent NULL pointer dereference in vsnprintf()

A null pointer dereference vulnerability was found in vsnprintf when str and len parameters are passed to vsnprintf, which only allows passing a NULL ptr when the length is 0. This issue can result in a crash and damage to availability...

多款Fortinet产品 格式化字符串错误漏洞

Fortinet FortiOS and others are products of Fortinet, Inc.Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform.Fortinet FortiProxy is a Fortinet FortiPAM is a platform for privilege access control . Fortinet FortiProxy, FortiPAM, and FortiOS have a...

BIT-MLFLOW-2023-6568 Reflected XSS via Content-Type Header in mlflow/mlflow

A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...

Cross-site Scripting (XSS) in MLflow

A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...

CVE-2023-6568

A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that originates from a formatted string vulnerability in the distributed file system. An attacker coul...

Fortinet FortiWeb Formatting String Error Vulnerability

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A formatted string error vulnerability exist...

sslh 格式化字符串错误漏洞

sslh is an application protocol multiplexer by the individual developer Yves Rutschle. sslh suffers from a Formatted String Error vulnerability that stems from the manipulation of the parameter msginfo of the hexdump function of its Packet Dumping Handler component resulting in a formatted string...

Trendnet多种产品格式化字符串错误漏洞

The Trendnet TRENDnet TEW-755AP and others are a router from Trendnet. The TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 are vulnerable to a formatted string error vulnerability, which arises from a failure to strictly filter the type, number,...

Adiscon rsyslog zmq3 input and output module string vulnerability

Adiscon rsyslog is a multithreaded enhancement of syslogd from Adiscon Germany, which is mainly used to collect system logs. zmq3 input and output modules is one of the input and output modules. A security vulnerability exists in the zmq3 input and output module in versions of Adiscon rsyslog pri...

Red Hat Ceph Locally Formatted String Vulnerability

Red Hat Ceph is a distributed object storage and file system from Red Hat. A locally formatted string vulnerability exists in Red Hat Ceph. A local attacker could exploit this vulnerability to cause a denial of service application crash, potentially executing arbitrary code in the context of the...

GNU a2ps Formatted String Denial of Service Vulnerability

GNU a2ps is a package developed by the GNU Project that supports the conversion of any type of file into a PostScript file. The GNU a2ps formatted-printing function fails to adequately filter user input that is used as a formatting descriptor, allowing an attacker to exploit the vulnerability to...