Lucene search
K

3203 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:38 a.m.8 views

CVE-2003-1170

Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 allows local users to cause a denial of service segmentation fault and possibly execute arbitrary code via format string specifiers in command line arguments...

7.2CVSS7.7AI score0.00553EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:35 a.m.6 views

CVE-2024-41592

DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs...

8CVSS7.5AI score0.01407EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:24 a.m.7 views

CVE-2023-40721

A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests...

6.7CVSS7.6AI score0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.4 views

CVE-2023-4856

A format string vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute arbitrary commands on a specific API endpoint...

8.8CVSS7.4AI score0.00665EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:40 a.m.10 views

CVE-2022-26941

A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the tedsapp...

9.6CVSS7.7AI score0.00327EPSS
Exploits0References1
OSV
OSV
added 2026/01/07 9:16 p.m.3 views

CVE-2026-22190

Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string vulnerability. The -gp glyph pattern command-line option is used directly as the format string for sprintf with only a single argument supplied. If an attacker provides additional format specifiers,...

7.5CVSS6.5AI score
Exploits0References4
Snyk
Snyk
added 2026/01/07 8:47 p.m.3 views

Use of Externally-Controlled Format String

Overview Panda3D is a Panda3D is a framework for 3D rendering and game development for Python and C++ programs. Affected versions of this package are vulnerable to Use of Externally-Controlled Format String via the egg-mkfont component. An attacker can access sensitive stack-resident memory and...

7.5CVSS6.8AI score0.00312EPSS
Exploits1References2
CVE
CVE
added 2026/01/07 8:25 p.m.16 views

CVE-2026-22190

Summary of CVE-2026-22190 (Panda3D) Affected: Panda3D up to and including 1.10.16, specifically the egg-mkfont utility. Vulnerability: Uncontrolled format string in the -gp (glyph pattern) option. The option is passed directly as the format string to sprintf() with only one argument. If an attack...

7.5CVSS5.7AI score0.00312EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:28 a.m.8 views

CVE-2019-12297

An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Externally Controlled Format String, reachable via TCP port 8010 or UDP port 8080...

9.8CVSS7.1AI score0.01656EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/01/05 2:0 a.m.8 views

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated thi...

8.3CVSS7.2AI score0.015EPSS
Exploits0References3
CVE
CVE
added 2026/01/02 2:55 p.m.14 views

CVE-2025-53591

CVE-2025-53591 affects QNAP QTS and QuTS hero due to a use of externally-controlled format string vulnerability. The issue could allow a remote attacker with an administrator account to obtain secret data or modify memory. Fixes are available in QTS 5.2.7.3256 build 20250913 and later, QuTS hero ...

6.5CVSS6.5AI score0.00285EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.7 views

PT-2026-1082

Name of the Vulnerable Software and Affected Versions QNAP versions prior to QTS 5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.2.7.3256 build 20250913 QNAP versions prior to QuTS hero h5.3.1.3250 build 20250912 Description A use of externally-controlled format string vulnerability...

6.5CVSS6.7AI score0.00285EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/23 12:30 a.m.4 views

EUVD-2023-60228

SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute...

9.8CVSS7.2AI score0.00617EPSS
Exploits2References5
NVD
NVD
added 2025/12/22 10:16 p.m.3 views

CVE-2023-53966

SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute...

9.8CVSS0.00617EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.6 views

PT-2025-52703

Name of the Vulnerable Software and Affected Versions SOUND4 LinkAndShare Transmitter version 1.1.2 Description SOUND4 LinkAndShare Transmitter version 1.1.2 contains a format string vulnerability. This allows attackers to trigger memory stack overflows through maliciously crafted environment...

9.8CVSS7.4AI score0.00617EPSS
Exploits2References9
OSV
OSV
added 2025/12/09 1:36 p.m.5 views

CLSA-2025-1765287413 python-jinja2: Fix of CVE-2024-56326

CVE-2024-56326: fix format string vulnerability impacting users of applications which execute untrusted template...

7.8CVSS7AI score0.005EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/12/07 11:26 p.m.126 views

crackme-project

Crackme - Binary Exploitation Challenge Projektbeschreibun...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/21 7:37 p.m.5 views

CVE-2025-52666

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...

2.7CVSS4.2AI score0.00366EPSS
Exploits1References1
Snyk
Snyk
added 2025/11/13 8:43 p.m.3 views

Cross-site Scripting (XSS)

Overview vega is a library that implements Vega visualization grammar. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by...

8.1CVSS5.5AI score0.00334EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/24 10:38 p.m.7 views

CVE-2025-62254

The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number or size of the files i...

7.5CVSS6.9AI score0.00508EPSS
Exploits0References1
Rows per page
Query Builder