Monthly
A format string vulnerability exists in the Audit Log component of CODESYS Control runtime system that allows unauthenticated remote attackers to inject malicious format specifiers into log messages. This affects numerous CODESYS Control products across multiple platforms including Windows, Linux, embedded systems (BeagleBone, Raspberry Pi, PFC100/200), and industrial controllers (Beckhoff CX, WAGO Touch Panels). Exploitation can lead to denial-of-service conditions by crashing the runtime system, with a CVSS score of 7.5 indicating high availability impact.
A format string injection vulnerability exists in the Ruby JSON gem that can lead to denial of service attacks or information disclosure when parsing user-supplied documents with the non-default 'allow_duplicate_key: false' parsing option enabled. The vulnerability affects users of the pkg:rubygems/json package who have explicitly opted into using this specific parsing configuration. There is no evidence of active exploitation (not listed in CISA KEV), and no EPSS score is currently available for risk quantification.
A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, Fort...
SonicOS firewalls are vulnerable to a post-authentication format string vulnerability that permits authenticated remote attackers to trigger a denial of service condition and crash the affected device. The attack requires valid credentials but can be executed over the network without user interaction. No patch is currently available for this vulnerability.
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory. [CVSS 8.1 HIGH]
A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration. [CVSS 6.7 MEDIUM]
HackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error. [CVSS 2.7 LOW]
n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. [CVSS 5.3 MEDIUM]
Panda3D egg-mkfont up to version 1.10.16 contains a format string vulnerability in the -gp command-line option that allows attackers to read arbitrary stack memory and leak pointer values by injecting format specifiers into generated .egg and .png files. Public exploit code exists for this vulnerability, and no patch is currently available. This affects all users of the egg-mkfont utility who process untrusted input.
Quts Hero versions up to h5.2.0.2737 is affected by use of externally-controlled format string (CVSS 6.5).
A format string vulnerability exists in the Audit Log component of CODESYS Control runtime system that allows unauthenticated remote attackers to inject malicious format specifiers into log messages. This affects numerous CODESYS Control products across multiple platforms including Windows, Linux, embedded systems (BeagleBone, Raspberry Pi, PFC100/200), and industrial controllers (Beckhoff CX, WAGO Touch Panels). Exploitation can lead to denial-of-service conditions by crashing the runtime system, with a CVSS score of 7.5 indicating high availability impact.
A format string injection vulnerability exists in the Ruby JSON gem that can lead to denial of service attacks or information disclosure when parsing user-supplied documents with the non-default 'allow_duplicate_key: false' parsing option enabled. The vulnerability affects users of the pkg:rubygems/json package who have explicitly opted into using this specific parsing configuration. There is no evidence of active exploitation (not listed in CISA KEV), and no EPSS score is currently available for risk quantification.
A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, Fort...
SonicOS firewalls are vulnerable to a post-authentication format string vulnerability that permits authenticated remote attackers to trigger a denial of service condition and crash the affected device. The attack requires valid credentials but can be executed over the network without user interaction. No patch is currently available for this vulnerability.
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory. [CVSS 8.1 HIGH]
A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration. [CVSS 6.7 MEDIUM]
HackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error. [CVSS 2.7 LOW]
n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. [CVSS 5.3 MEDIUM]
Panda3D egg-mkfont up to version 1.10.16 contains a format string vulnerability in the -gp command-line option that allows attackers to read arbitrary stack memory and leak pointer values by injecting format specifiers into generated .egg and .png files. Public exploit code exists for this vulnerability, and no patch is currently available. This affects all users of the egg-mkfont utility who process untrusted input.
Quts Hero versions up to h5.2.0.2737 is affected by use of externally-controlled format string (CVSS 6.5).