Siemens APE1808 Use of Externally-Controlled Format String (CVE-2024-45324)

A use of externally-controlled format string vulnerability in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through...

Siemens APE1808 Use of Externally-Controlled Format String (CVE-2025-64157)

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration. Th...

binary-exploitation

binary-exploitation A collection of binary exploitation...

EUVD-2025-208498

A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7,...

CVE-2025-68648

A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution (CVE-2025-13465, CVE-2025-61140) and denial of service (CVE-2025-15284)

Summary Node.js modules lodash, qs and jsonpath are used by IBM App Connect Enterprise Certified Container. All IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution CVE-2025-13465, CVE-2025-61140 and denial of service CVE-2025-15284. This bulletin...

SSTI-Exploit-Lab

Server-Side Template Injection SSTI to RCE Lab 🎯 Executi...

CVE-2026-0400

A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall...

CVE-2026-0400

The CVE-2026-0400 entry concerns SonicOS and is a post-authentication Format String vulnerability that can cause a firewall to crash. Affected software is SonicOS (no version details provided). Root cause: improper handling of format strings in the affected component, leading to denial of service...

CVE-2026-0400

A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall...

SonicWALL SonicOS 安全漏洞

SonicWALL SonicOS is an operating system developed by the American company SonicWALL, specifically for use with SonicWall firewall devices. There is a security vulnerability in SonicWALL SonicOS, which stems from a format string vulnerability, potentially causing the firewall to crash...

CVE-2025-30269

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync...

CVE-2025-64157

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration...

CVE-2025-30269

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync...

CVE-2025-30269

Qsync Central is affected by a use of externally-controlled format string vulnerability. The issue allows a remote attacker who gains a user account to potentially obtain secret data or modify memory. Root cause: externally-controlled format strings in the affected component. A fixed version is a...

QNAP Qsync Central 格式化字符串错误漏洞

QNAP Qsync Central is a cloud-based file synchronization service for NAS devices provided by QNAP Technology Co., Ltd. Versions of QNAP Qsync Central prior to 5.0.0.4 contained a vulnerability related to formatted strings. This vulnerability stemmed from the use of externally controlled formatted...

PT-2026-7532

Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.4 Description A use of externally-controlled format string issue exists in Qsync Central. A remote attacker who obtains a user account may be able to obtain secret data or modify memory. The issue involves...

CVE-2025-64157

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration...

CVE-2025-64157

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration...

CVE-2025-64157

CVE-2025-64157 affects Fortinet FortiOS versions 7.0–7.6.4 (and 7.4.x, 7.2.x, 7.6.x ranges as listed) where an authenticated administrator can trigger unauthorized code execution via specifically crafted configuration due to an externally-controlled format string. Multiple connected sources (Fort...