Monthly
Format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows authenticated network attackers to cause low-severity availability disruption, with a secondary reporter-assessed potential for memory content disclosure. The root cause is CWE-134 (Use of Externally-Controlled Format String), a class known to enable stack and heap memory leakage via injected format specifiers - a risk flagged by securin's 'Information Disclosure' tag that is not fully reflected in the CVSS vector (C:N). No public exploit identified at time of analysis; vendor-released patch is available in version 4.5.0.
Format string vulnerability in PostgreSQL timeofday() function allows authenticated remote attackers to read arbitrary server memory by supplying crafted timezone values. Affects PostgreSQL versions 14.x before 14.23, 15.x before 15.18, 16.x before 16.14, 17.x before 17.10, and 18.x before 18.4. The vulnerability enables information disclosure of sensitive data stored in process memory without code execution or data modification capabilities.
Local denial-of-service vulnerability in ZTE Cloud PC client uSmartview allows authenticated local attackers to trigger memory corruption and crash the application through a use of externally-controlled format string (CWE-134). CVSS 4.7 with local attack vector and high complexity indicates limited real-world exploitability; no public exploit identified at time of analysis.
Format string injection in Notepad++ 8.9.3 Find Results panel handler allows local attackers to cause denial of service and disclose stack memory by distributing malicious nativeLang.xml language pack files that trigger unsafe format string interpretation during search operations. User interaction is required to load the poisoned language pack and perform a search. No active exploitation confirmed, but patch is available from vendor.
String injection in Notepad++ 8.9.3 leads to memory address disclosure or application crash when processing maliciously crafted input. Attackers can leverage this remotely without authentication (CVSS 4.0 score 10.0, AV:N/PR:N), though desktop application context suggests user interaction required despite UI:N in vector. Publicly available exploit code exists per GitHub repository llgsjsm/cve-2026-3008. Fixed in version 8.9.4 release candidate per community forum discussion. EPSS data not available for 2026 CVE.
Format string vulnerability in nano's statusline() function allows local users to trigger a segmentation fault via directory names containing printf specifiers, causing denial of service. Exploitation requires user interaction (opening a directory with the crafted name) on systems where nano is available to local users. No public exploit code identified at time of analysis.
A format string vulnerability exists in the Audit Log component of CODESYS Control runtime system that allows unauthenticated remote attackers to inject malicious format specifiers into log messages. This affects numerous CODESYS Control products across multiple platforms including Windows, Linux, embedded systems (BeagleBone, Raspberry Pi, PFC100/200), and industrial controllers (Beckhoff CX, WAGO Touch Panels). Exploitation can lead to denial-of-service conditions by crashing the runtime system, with a CVSS score of 7.5 indicating high availability impact.
A format string injection vulnerability exists in the Ruby JSON gem that can lead to denial of service attacks or information disclosure when parsing user-supplied documents with the non-default 'allow_duplicate_key: false' parsing option enabled. The vulnerability affects users of the pkg:rubygems/json package who have explicitly opted into using this specific parsing configuration. There is no evidence of active exploitation (not listed in CISA KEV), and no EPSS score is currently available for risk quantification.
A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, Fort...
SonicOS firewalls are vulnerable to a post-authentication format string vulnerability that permits authenticated remote attackers to trigger a denial of service condition and crash the affected device. The attack requires valid credentials but can be executed over the network without user interaction. No patch is currently available for this vulnerability.
Format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows authenticated network attackers to cause low-severity availability disruption, with a secondary reporter-assessed potential for memory content disclosure. The root cause is CWE-134 (Use of Externally-Controlled Format String), a class known to enable stack and heap memory leakage via injected format specifiers - a risk flagged by securin's 'Information Disclosure' tag that is not fully reflected in the CVSS vector (C:N). No public exploit identified at time of analysis; vendor-released patch is available in version 4.5.0.
Format string vulnerability in PostgreSQL timeofday() function allows authenticated remote attackers to read arbitrary server memory by supplying crafted timezone values. Affects PostgreSQL versions 14.x before 14.23, 15.x before 15.18, 16.x before 16.14, 17.x before 17.10, and 18.x before 18.4. The vulnerability enables information disclosure of sensitive data stored in process memory without code execution or data modification capabilities.
Local denial-of-service vulnerability in ZTE Cloud PC client uSmartview allows authenticated local attackers to trigger memory corruption and crash the application through a use of externally-controlled format string (CWE-134). CVSS 4.7 with local attack vector and high complexity indicates limited real-world exploitability; no public exploit identified at time of analysis.
Format string injection in Notepad++ 8.9.3 Find Results panel handler allows local attackers to cause denial of service and disclose stack memory by distributing malicious nativeLang.xml language pack files that trigger unsafe format string interpretation during search operations. User interaction is required to load the poisoned language pack and perform a search. No active exploitation confirmed, but patch is available from vendor.
String injection in Notepad++ 8.9.3 leads to memory address disclosure or application crash when processing maliciously crafted input. Attackers can leverage this remotely without authentication (CVSS 4.0 score 10.0, AV:N/PR:N), though desktop application context suggests user interaction required despite UI:N in vector. Publicly available exploit code exists per GitHub repository llgsjsm/cve-2026-3008. Fixed in version 8.9.4 release candidate per community forum discussion. EPSS data not available for 2026 CVE.
Format string vulnerability in nano's statusline() function allows local users to trigger a segmentation fault via directory names containing printf specifiers, causing denial of service. Exploitation requires user interaction (opening a directory with the crafted name) on systems where nano is available to local users. No public exploit code identified at time of analysis.
A format string vulnerability exists in the Audit Log component of CODESYS Control runtime system that allows unauthenticated remote attackers to inject malicious format specifiers into log messages. This affects numerous CODESYS Control products across multiple platforms including Windows, Linux, embedded systems (BeagleBone, Raspberry Pi, PFC100/200), and industrial controllers (Beckhoff CX, WAGO Touch Panels). Exploitation can lead to denial-of-service conditions by crashing the runtime system, with a CVSS score of 7.5 indicating high availability impact.
A format string injection vulnerability exists in the Ruby JSON gem that can lead to denial of service attacks or information disclosure when parsing user-supplied documents with the non-default 'allow_duplicate_key: false' parsing option enabled. The vulnerability affects users of the pkg:rubygems/json package who have explicitly opted into using this specific parsing configuration. There is no evidence of active exploitation (not listed in CISA KEV), and no EPSS score is currently available for risk quantification.
A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, Fort...
SonicOS firewalls are vulnerable to a post-authentication format string vulnerability that permits authenticated remote attackers to trigger a denial of service condition and crash the affected device. The attack requires valid credentials but can be executed over the network without user interaction. No patch is currently available for this vulnerability.