CWE-134— Use of Externally-Controlled Format String
354 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-134page 7 of 8
- CVE-2023-48221HIGHCVSS 7.3EG 7.32023-11-20
wire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of s…
- CVE-2023-48784MEDIUMCVSS 6.7EG 6.72024-04-09
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-…
- CVE-2023-53966CRITICALCVSS 9.8EG 9.82025-12-22
SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment varia…
- CVE-2023-5746CRITICALCVSS 9.8EG 9.82023-10-25
A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions…
- CVE-2023-6399MEDIUMCVSS 5.7EG 5.72024-02-20
A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, U…
- CVE-2023-6764HIGHCVSS 8.1EG 8.12024-02-20
A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series …
- CVE-2024-12805HIGHCVSS 7.2EG 9.82025-01-09
A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.
- CVE-2024-23113CRITICALCVSS 9.8EG 9.8⚠ KEV2024-02-15
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions…
- CVE-2024-23914MEDIUMCVSS 5.7EG 5.72024-05-03
Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows. When MC_Open_Association() function is used to open DICOM Association and gets DICOM Application Context Name with illegal characters, it mi…
- CVE-2024-31837HIGHCVSS 8.4EG 8.42024-04-30
DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string vulnerability, with a threat model similar to CVE-2017-7938.
- CVE-2024-35845CRITICALCVSS 9.1EG 9.12024-05-17
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we must ensure the string is terminated correctly before using it.
- CVE-2024-39529HIGHCVSS 7.5EG 7.52024-07-11
A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If DNS Do…
- CVE-2024-42330CRITICALCVSS 9.1EG 9.12024-11-27
The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded fo…
- CVE-2024-45324HIGHCVSS 7.2EG 7.22025-03-11
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0…
- CVE-2024-45330HIGHCVSS 7.2EG 7.22024-10-08
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.
- CVE-2024-4641MEDIUMCVSS 6.3EG 6.32024-06-25
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to caus…
- CVE-2024-50396HIGHCVSS 8.8EG 8.82024-11-22
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory. We have al…
- CVE-2024-50397HIGHCVSS 8.8EG 8.82024-11-22
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data o…
- CVE-2024-50398HIGHCVSS 7.2EG 7.22024-11-22
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secr…
- CVE-2024-50399HIGHCVSS 7.2EG 7.22024-11-22
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secr…
- CVE-2024-50400HIGHCVSS 7.2EG 7.22024-11-22
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secr…
- CVE-2024-50401HIGHCVSS 7.2EG 7.22024-11-22
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secr…
- CVE-2024-50402HIGHCVSS 7.2EG 7.22024-12-06
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secr…
- CVE-2024-50403HIGHCVSS 7.2EG 7.22024-12-06
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secr…
- CVE-2024-55156MEDIUMCVSS 5.5EG 5.52025-02-21
An XML External Entity (XXE) vulnerability in the deserializeArgs() method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted event message.
- CVE-2024-6145HIGHCVSS 8.8EG 8.82024-06-19
Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not requ…
- CVE-2024-9129CRITICALCVSS 9.3EG 0.02024-10-22
In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino
- CVE-2025-22482HIGHCVSS 8.1EG 8.12025-06-06
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have…
- CVE-2025-24359HIGHCVSS 8.4EG 8.42025-01-24
ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the `asteval` library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of…
- CVE-2025-30269HIGHCVSS 8.1EG 8.12026-02-11
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory. We have alrea…
- CVE-2025-36202HIGHCVSS 7.5EG 7.52025-09-22
IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external sou…
- CVE-2025-40600CRITICALCVSS 9.8EG 9.82025-07-29
Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.
- CVE-2025-46121CRITICALCVSS 9.8EG 7.22025-07-21
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the for…
- CVE-2025-46123HIGHCVSS 7.2EG 7.22025-07-21
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where the authenticated configuration endpoint `/admin/_conf.jsp` writes the Wi-Fi guest p…
- CVE-2025-48388MEDIUMCVSS 6.5EG 6.52025-05-29
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application performs insufficient validation of user-supplied data, which is used as arguments to string formatting functions. As a result, an atta…
- CVE-2025-48730MEDIUMCVSS 6.5EG 6.52025-10-03
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret da…
- CVE-2025-48826HIGHCVSS 8.8EG 8.82025-10-07
A format string vulnerability exists in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to memory corruption. An attacker can send a series of HTTP requests to trigger th…
- CVE-2025-52429MEDIUMCVSS 6.5EG 6.52025-10-03
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret da…
- CVE-2025-52666LOWCVSS 2.7EG 2.72025-11-20
Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.
- CVE-2025-53406MEDIUMCVSS 6.5EG 6.52025-10-03
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret da…
- CVE-2025-53407MEDIUMCVSS 6.5EG 6.52025-10-03
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret da…
- CVE-2025-53591MEDIUMCVSS 6.5EG 6.52026-01-02
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret da…
- CVE-2025-55298HIGHCVSS 7.5EG 7.52025-08-26
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user inpu…
- CVE-2025-64157MEDIUMCVSS 6.7EG 6.72026-02-10
A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized c…
- CVE-2025-68648HIGHCVSS 7.2EG 7.22026-03-10
A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.2, FortiAn…
- CVE-2025-68949MEDIUMCVSS 5.3EG 5.32026-01-13
n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accep…
- CVE-2026-21640LOWCVSS 2.7EG 2.72026-01-20
HackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fata…
- CVE-2026-22190HIGHCVSS 7.5EG 7.52026-01-07
The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for sprintf() with only a single…
- CVE-2026-3008MEDIUMCVSS 6.6EG 6.62026-04-27
Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application.
- CVE-2026-44407MEDIUMCVSS 4.7EG 4.72026-05-07
A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.
Map vulnerabilities like CWE-134 to your infrastructure
EchelonGraph correlates every CVE — across CWE-134 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →